* correctly pass secrets to workspace-containers

* update README * helper-scripts with create symlinks helper and get composer auth github token helper
3 years ago · ff0b62ed49
11 changed files with 177 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -1,8 +1,89 @@
-## Run docker build
+## First
+Create alias for `docker-compose` command.

-First. You need export environment variable
-`export DOCKER_BUILDKIT=1` (more info https://github.com/edrevo/dockerfile-plus)
+`echo 'alias dc="docker-compose"' >> ~/.bash_aliases`
+
+Also, you have might be needed include `~/.bash_aliases` in your `~/.bashrc` file.
+
+Build all
+
+`dc build`
+
+## Second
+
+Create usefully symlinks
+
+`./create-symlinks.sh`
+
+## Get composer auth token
+
+If you do not have composer github auth.json file in `~/.composer` dir. You will need launch the helper-script:
+
+`./get-composer-auth.sh`
+
+## Before use and launch
+
+You need copy `vhosts.conf.example` and edit this file - remove unused roots (or change to existing dirs).
+Setup correctly nginx config.
+
+You ready for up containers.
+
+`dc up -d`

 ## Database dumps

-Database dumps must be serve on `./hostfiles` directory.
+Database dumps must be placement on `./hostfiles` directory.
+
+## Bash scripts
+
+After execute created symlinks, you have some enter-points for vulnerable popular tasks.
+
+### Xdebug
+For start debugging in php-fpm, also in workspace
+
+`./start-xdebug.sh [74|73]` - `74` by default
+
+For start debugging in php-fpm, also in workspace
+
+`./stop-xdebug.sh` or `./stop-xdebug.sh 73` if you launch start with php-version 73
+
+### Mysql
+
+For import dumps from `hostfiles` directory you might be enter to mysql console:
+
+`./mysql.sh`
+
+Change you needed database and source to the `*.sql` dump.
+
+`use mydatabase`
+
+`source /hostfiles/mydatabase.sql`
+
+Dump must be extracted before source in mysql-cli
+
+### Workspace
+
+For execute composer update|install or nodejs operations, also yarn, npm and all node-builds.
+You might use `workspace`-container
+
+For the enter to workspace container with php 7.4 you need launch usefully helper script in your home directory:
+
+`./enter-to-workspace.sh`
+
+For enter to `workspace` with php7.3 you need pass `73` container name suffix
+
+`./enter-to-workspace.sh 73`
+
+### Nginx
+
+For restart `nginx` after some changes in nginx configuration, you might:
+
+`./restart-nginx.sh`
+
+## Src build need DOCKER_BUILDKIT
+
+If you want build own workspace image. You need export environment variable
+
+`export DOCKER_BUILDKIT=1`
+
+more info https://github.com/edrevo/dockerfile-plus
--- a/bash/enter-to-workspace.sh
+++ b/bash/enter-to-workspace.sh
@ -1,3 +1,16 @@
 #!/bin/bash
-cd $HOME/structure
-docker-compose exec workspace su laradock
+DIR="$(realpath $(dirname "$(readlink -f "$0")")/..)"
+
+PHP_VERSION=$1 # Without dot
+
+if [[ -z "${PHP_VERSION}" ]]; then PHP_VERSION=74; fi
+
+# Grab full name of php-fpm container
+WORKSPACE_CONTAINER=$(docker ps | grep workspace${PHP_VERSION} | awk '{print $1}')
+
+if [[ -z "${WORKSPACE_CONTAINER}" ]]; then
+  echo "Unable to find workspace container: workspace${PHP_VERSION}"
+  exit 1
+fi
+
+docker exec -ti ${WORKSPACE_CONTAINER} su laradock
--- a/bash/quit-xdebug.sh
+++ b/bash/quit-xdebug.sh
@ -1,3 +1,9 @@
 #!/bin/bash
-cd $HOME/structure
-./dockerfiles/php$1-fpm/xdebug.sh stop && cd
+DIR="$(realpath $(dirname "$(readlink -f "$0")")/..)"
+
+PHP_VERSION=$1 # Without dot
+
+if [[ -z "${PHP_VERSION}" ]]; then PHP_VERSION=74; fi
+
+${DIR}/dockerfiles/php-fpm/xdebug.sh stop ${PHP_VERSION}
+${DIR}/dockerfiles/workspace/xdebug.sh stop ${PHP_VERSION}
--- a/bash/start-xdebug.sh
+++ b/bash/start-xdebug.sh
@ -1,3 +1,9 @@
 #!/bin/bash
-cd $HOME/structure
-./dockerfiles/php$1-fpm/xdebug.sh start && cd
+DIR="$(realpath $(dirname "$(readlink -f "$0")")/..)"
+
+PHP_VERSION=$1 # Without dot
+
+if [[ -z "${PHP_VERSION}" ]]; then PHP_VERSION=74; fi
+
+${DIR}/dockerfiles/php-fpm/xdebug.sh start ${PHP_VERSION}
+${DIR}/dockerfiles/workspace/xdebug.sh start ${PHP_VERSION}
--- a/config/nginx/conf.d/vhosts.conf.example
+++ b/config/nginx/conf.d/vhosts.conf.example
@ -1,9 +1,9 @@
-upstream php-fpm73 {
-    server php-fpm73:9000;
+upstream php73 {
+    server php73:9000;
 }

-upstream php-fpm74 {
-    server php-fpm74:9000;
+upstream php74 {
+    server php74:9000;
 }

 map $http_host $root {
@ -20,7 +20,7 @@ server {
    include includes.d/octobercms.conf;
    include includes.d/staticfiles.conf;
    location ~ ^/index.php {
-        fastcgi_pass php-fpm74;
+        fastcgi_pass php74;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
@ -49,7 +49,7 @@ server {
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;

-        fastcgi_pass   php-fpm73;
+        fastcgi_pass   php73;
        fastcgi_index  index.php;
    }
 }
--- a/create-symlinks.sh
+++ b/create-symlinks.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+DIR="$(realpath $(dirname "$(readlink -f "$0")"))"
+
+ln -s ${DIR}/bash/start-xdebug.sh ${HOME}/
+ln -s ${DIR}/bash/quit-xdebug.sh ${HOME}/
+ln -s ${DIR}/bash/restart-nginx.sh ${HOME}/
+ln -s ${DIR}/bash/mysql.sh ${HOME}/
+ln -s ${DIR}/bash/enter-to-workspace.sh ${HOME}/
--- a/docker-compose.base.yml
+++ b/docker-compose.base.yml
@ -44,6 +44,10 @@ services:
      - ${PROJECTS_DIR}:/var/www
    extra_hosts:
      - "dockerhost:${DOCKER_HOST_IP}"
+    secrets:
+      - user_ssh_key
+      - user_known_hosts
+      - composer_auth
  db:
    image: mariadb
    restart: always
@ -70,3 +74,11 @@ services:
 # Must be copied into main docker-compose yml-file
 volumes:
  database:
+
+secrets:
+  user_ssh_key:
+    file: ~/.ssh/id_rsa
+  user_known_hosts:
+    file: ~/.ssh/known_hosts
+  composer_auth:
+    file: ~/.composer/auth.json
--- a/dockerfiles/php-fpm/xdebug.sh
+++ b/dockerfiles/php-fpm/xdebug.sh
@ -2,11 +2,15 @@

 # NOTE: At the moment, this has only been confirmed to work with PHP 7

-PHP_VERSION=$1 # Without dot
+PHP_VERSION=$2 # Without dot

 # Grab full name of php-fpm container
 PHP_FPM_CONTAINER=$(docker ps | grep php${PHP_VERSION} | awk '{print $1}')

+if [[ -z "${PHP_FPM_CONTAINER}" ]]; then
+  echo "Unable to find php fpm container: php${PHP_VERSION}"
+  exit 1
+fi

 # Grab OS type
 if [[ "$(uname)" == "Darwin" ]]; then
@ -81,7 +85,7 @@ xdebug_stop ()
 }


-case $@ in
+case $1 in
    stop|STOP)
        xdebug_stop
        ;;
@ -95,7 +99,7 @@ case $@ in
        echo "xDebug [Stop | Start | Status] in the ${PHP_FPM_CONTAINER} container."
        echo "xDebug must have already been installed."
        echo "Usage:"
-        echo "  .php-fpm/xdebug stop|start|status"
+        echo "  .php-fpm/xdebug.sh 73|74 stop|start|status"

 esac

--- a/dockerfiles/workspace/xdebug.sh
+++ b/dockerfiles/workspace/xdebug.sh
@ -2,11 +2,15 @@

 # NOTE: At the moment, this has only been confirmed to work with PHP 7

-PHP_VERSION=$1 # Without dot
+PHP_VERSION=$2 # Without dot

 # Grab full name of workspace container
 WORKSPACE_CONTAINER=$(docker ps | grep workspace${PHP_VERSION} | awk '{print $1}')

+if [[ -z "${WORKSPACE_CONTAINER}" ]]; then
+  echo "Unable to find workspace container: workspace${PHP_VERSION}"
+  exit 1
+fi

 # Grab OS type
 if [[ "$(uname)" == "Darwin" ]]; then
@ -81,7 +85,7 @@ xdebug_stop ()
 }


-case $@ in
+case $1 in
    stop|STOP)
        xdebug_stop
        ;;
--- a/get-composer-auth.sh
+++ b/get-composer-auth.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+FILE=${HOME}/.composer/auth.json
+
+if [[ -f "${FILE}" ]]; then
+  if [[ ! -z "$(cat $FILE | grep github)" ]]; then
+    exit 0
+  fi
+fi
+
+echo "Get token: https://github.com/settings/tokens/new?scopes=repo&description=Composer"
+
+# user="USER INPUT"
+read -p "Enter token: " TOKEN
+
+composer config -g github-oauth.github.com ${TOKEN}
--- a/uncreate-symlinks.sh
+++ b/uncreate-symlinks.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+rm ${HOME}/start-xdebug.sh
+rm ${HOME}/quit-xdebug.sh
+rm ${HOME}/restart-nginx.sh
+rm ${HOME}/mysql.sh
+rm ${HOME}/enter-to-workspace.sh