From 66f69498be06c748ae2b1bedc6e89e6b9b084c09 Mon Sep 17 00:00:00 2001 From: Jesper Kristensen Date: Wed, 4 Dec 2024 12:15:12 +0100 Subject: [PATCH 1/4] ITKDevOps: Added deployments setup --- .github/workflows/build_release.yml | 54 +++++++++++++++++++++++++++++ .woodpecker/deployment.yml | 32 +++++++++++++++++ CHANGELOG.md | 4 +++ docker-compose.server.override.yml | 10 +++--- 4 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/build_release.yml create mode 100644 .woodpecker/deployment.yml diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml new file mode 100644 index 00000000..137e7760 --- /dev/null +++ b/.github/workflows/build_release.yml @@ -0,0 +1,54 @@ +on: + push: + tags: + - '*.*.*' + +name: Create Github Release + +permissions: + contents: write + +jobs: + create-release: + runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 + APP_ENV: prod + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Composer install + run: | + docker network create frontend + docker compose run --rm --user=root phpfpm composer install --no-dev -o --classmap-authoritative + docker compose run --rm --user=root phpfpm composer clear-cache + + - name: Building assets for the frontend + run: | + docker compose run --rm node yarn --cwd /app/web/themes/custom/hoeringsportal install + docker compose run --rm node yarn --cwd /app/web/themes/custom/hoeringsportal build + + - name: Clean up + run: | + sudo chown -R runner:runner ./ + rm -rf web/themes/custom/hoeringsportal/node_modules + + - name: Make assets dir + run: | + mkdir -p ../assets + + - name: Create archive + run: | + tar --exclude='.git' -zcf ../assets/${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz ./ + + - name: Create checksum + run: | + cd ../assets + sha256sum ${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz > ../assets/checksum.txt + + - name: Create a release in GitHub and uploads assets + run: gh release create ${{ github.ref_name }} --verify-tag --generate-notes ../assets/*.* + env: + GITHUB_TOKEN: ${{ github.TOKEN }} + shell: bash diff --git a/.woodpecker/deployment.yml b/.woodpecker/deployment.yml new file mode 100644 index 00000000..49fa935c --- /dev/null +++ b/.woodpecker/deployment.yml @@ -0,0 +1,32 @@ +when: + - event: release + +skip_clone: true + +steps: + - name: Ansible playbook + image: itkdev/ansible-plugin:1 + pull: true + settings: + id: + from_secret: id + secret: + from_secret: secret + host: + from_secret: host + path: + from_secret: path + user: + from_secret: user + playbook: 'release' + pre_up: + - itkdev-docker-compose-server run --rm phpfpm vendor/bin/drush --yes cache:rebuild + - itkdev-docker-compose-server run --rm phpfpm vendor/bin/drush --yes deploy + cron: + cron: + minute: '0' + hour: '*' + day: '*' + month: '*' + weekday: '*' + job: 'itkdev-docker-compose-server exec phpfpm vendor/bin/drush core:cron' diff --git a/CHANGELOG.md b/CHANGELOG.md index 142507d7..f2d5ce28 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +## [4.6.1] - 2024-12-04 + +- Added automatic deployment + ## [4.6.0] - 2024-11-11 * [PR-422](https://github.com/itk-dev/hoeringsportal/pull/422) diff --git a/docker-compose.server.override.yml b/docker-compose.server.override.yml index a0a6cc79..30faa2fc 100644 --- a/docker-compose.server.override.yml +++ b/docker-compose.server.override.yml @@ -5,12 +5,17 @@ services: - PHP_POST_MAX_SIZE=90M - PHP_UPLOAD_MAX_FILESIZE=80M - PHP_OPCACHE_VALIDATE_TIMESTAMPS=0 - - PHP_MEMORY_LIMIT=528M + - PHP_MEMORY_LIMIT=512M + volumes: + - ../../shared/settings.local.php:/app/web/sites/default/settings.local.php + - ../../shared/files:/app/web/sites/default/files nginx: environment: # Match PHP_UPLOAD_MAX_FILESIZE (plus a little more) NGINX_MAX_BODY_SIZE: 90M + volumes: + - ../../shared/files:/app/web/sites/default/files node: image: node:18 @@ -21,6 +26,3 @@ services: image: clamav/clamav:1.2 networks: - app - ports: - - '3310' - - '7357' From e17f26afe4825aea3034c01cc632b215c814f748 Mon Sep 17 00:00:00 2001 From: Jesper Kristensen Date: Wed, 4 Dec 2024 12:16:34 +0100 Subject: [PATCH 2/4] ITKDevOps: Updated nginx config --- .docker/nginx.conf | 2 +- .docker/templates/default.conf.template | 4 ++ .docker/vhost.conf | 94 ------------------------- 3 files changed, 5 insertions(+), 95 deletions(-) delete mode 100644 .docker/vhost.conf diff --git a/.docker/nginx.conf b/.docker/nginx.conf index d0a557b1..d6f5e64f 100644 --- a/.docker/nginx.conf +++ b/.docker/nginx.conf @@ -18,7 +18,7 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - set_real_ip_from 172.16.0.0/8; + set_real_ip_from 172.16.0.0/16; real_ip_recursive on; real_ip_header X-Forwarded-For; diff --git a/.docker/templates/default.conf.template b/.docker/templates/default.conf.template index 2da35cc2..aa570d27 100644 --- a/.docker/templates/default.conf.template +++ b/.docker/templates/default.conf.template @@ -6,6 +6,10 @@ server { client_max_body_size ${NGINX_MAX_BODY_SIZE}; + set_real_ip_from 172.16.0.0/16; + real_ip_recursive on; + real_ip_header X-Forwarded-For; + location = /favicon.ico { log_not_found off; access_log off; diff --git a/.docker/vhost.conf b/.docker/vhost.conf deleted file mode 100644 index 884b8a9c..00000000 --- a/.docker/vhost.conf +++ /dev/null @@ -1,94 +0,0 @@ -server { - listen 8080; - server_name localhost; - - client_max_body_size 90M; - - root /app/web; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to scripts in site files directory - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri /index.php?$query_string; - } - - location @rewrite { - rewrite ^ /index.php; - } - - # Don't allow direct access to PHP files in the vendor directory. - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - # Protect files and directories from prying eyes. - location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { - deny all; - return 404; - } - - location ~ '\.php$|^/update.php' { - include fastcgi_params; - - fastcgi_buffers 16 32k; - fastcgi_buffer_size 64k; - fastcgi_busy_buffers_size 64k; - - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - - # Ensure the php file exists. Mitigates CVE-2019-11043 - try_files $fastcgi_script_name =404; - - fastcgi_param HTTP_PROXY ""; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $query_string; - - fastcgi_intercept_errors on; - fastcgi_pass phpfpm:9000; - } - - # Enforce clean URLs - # - # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page - # Could be done with 301 for permanent or other redirect codes. - if ($request_uri ~* "^(.*/)index\.php/(.*)") { - return 307 $1$2; - } - - error_log /dev/stderr; - access_log /dev/stdout main; -} From 0a0c66169046ed282806dc73f63836aebb683094 Mon Sep 17 00:00:00 2001 From: Jesper Kristensen Date: Wed, 4 Dec 2024 12:18:29 +0100 Subject: [PATCH 3/4] ITKDevOps: Added PR template --- .github/PULL_REQUEST_TEMPLATE.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..dc5b4aec --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,25 @@ +#### Link to ticket + +Please add a link to the ticket being addressed by this change. + +#### Description + +Please include a short description of the suggested change and the reasoning behind the approach you have chosen. + +#### Screenshot of the result + +If your change affects the user interface you should include a screenshot of the result with the pull request. + +#### Checklist + +- [ ] My code is covered by test cases. +- [ ] My code passes our test (all our tests). +- [ ] My code passes our static analysis suite. +- [ ] My code passes our continuous integration process. + +If your code does not pass all the requirements on the checklist you have to add a comment explaining why this change +should be exempt from the list. + +#### Additional comments or questions + +If you have any further comments or questions for the reviewer please add them here. From 88988be1c47f1971d06944d16d11d96ef2964436 Mon Sep 17 00:00:00 2001 From: Jesper Kristensen Date: Wed, 4 Dec 2024 12:20:40 +0100 Subject: [PATCH 4/4] ITKDevOps: Updated PR action --- .github/workflows/pr.yaml | 9 +-------- CHANGELOG.md | 3 ++- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index d8070006..b323469b 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,11 +1,4 @@ -on: - pull_request: - types: - - opened - - labeled - - unlabeled - - synchronize - - reopened +on: pull_request name: PR Review jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index f2d5ce28..71cf4eb0 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ Versioning](https://semver.org/spec/v2.0.0.html). ## [4.6.1] - 2024-12-04 -- Added automatic deployment +* Added automatic deployment ## [4.6.0] - 2024-11-11 @@ -260,6 +260,7 @@ Updated drupal core 8.6.16 Initial release [Unreleased]: https://github.com/itk-dev/hoeringsportal/compare/4.6.0...HEAD +[4.6.1]: https://github.com/itk-dev/hoeringsportal/compare/4.6.0...4.6.1 [4.6.0]: https://github.com/itk-dev/hoeringsportal/compare/4.5.1...4.6.0 [4.5.1]: https://github.com/itk-dev/hoeringsportal/compare/4.5.0...4.5.1 [4.5.0]: https://github.com/itk-dev/hoeringsportal/compare/4.4.1...4.5.0