Utilisation des symfony-containers, et publication sur reg.cadoles #25
|
@ -0,0 +1,14 @@
|
||||||
|
.env.local
|
||||||
|
.env.local.php
|
||||||
|
.env.*.local
|
||||||
|
config/secrets/prod/prod.decrypt.private.php
|
||||||
|
public/bundles/
|
||||||
|
var/
|
||||||
|
vendor/
|
||||||
|
supervisord.log
|
||||||
|
supervisord.pid
|
||||||
|
.composer/
|
||||||
|
.vscode
|
||||||
|
composer.phar
|
||||||
|
/tools
|
||||||
|
/.trivy
|
|
@ -18,3 +18,5 @@ composer.phar
|
||||||
/.npm
|
/.npm
|
||||||
/.local
|
/.local
|
||||||
/.bash_history
|
/.bash_history
|
||||||
|
/tools
|
||||||
|
/.trivy
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
vulnerabilities:
|
||||||
|
- id: CVE-2023-39325
|
||||||
|
paths:
|
||||||
|
- usr/local/bin/gomplate
|
||||||
|
statement: Not concerned
|
||||||
|
- id: CVE-2023-3978
|
||||||
|
paths:
|
||||||
|
- usr/local/bin/gomplate
|
||||||
|
statement: Not concerned
|
||||||
|
- id: CVE-2023-44487
|
||||||
|
paths:
|
||||||
|
- usr/local/bin/gomplate
|
||||||
|
statement: Not concerned
|
||||||
|
- id: GHSA-m425-mq94-257g
|
||||||
|
paths:
|
||||||
|
- usr/local/bin/gomplate
|
||||||
|
statement: Not concerned
|
|
@ -4,4 +4,25 @@
|
||||||
// Utilisation du pipeline partagé pour les applications Symfony de Cadoles
|
// Utilisation du pipeline partagé pour les applications Symfony de Cadoles
|
||||||
// Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test
|
// Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test
|
||||||
// de votre application Symfony
|
// de votre application Symfony
|
||||||
symfonyAppPipeline("ubuntu:22.04")
|
symfonyAppPipeline('ubuntu:22.04', [
|
||||||
|
'hooks': [
|
||||||
|
// Run docker image build, verification and publication stages
|
||||||
|
'postSymfonyAppPipeline': {
|
||||||
|
boolean isRelease = ["develop", "staging", "master"].contains(env.BRANCH_NAME)
|
||||||
|
stage('Build and publish hydra-sql standalone image') {
|
||||||
|
container.buildAndPublishImage([
|
||||||
|
'imageName': 'reg.cadoles.com/cadoles/hydra-sql-standalone',
|
||||||
|
'dockerfile': './misc/images/hydra-sql-standalone/Dockerfile',
|
||||||
|
'dryRun': !isRelease
|
||||||
|
])
|
||||||
|
}
|
||||||
|
stage('Build and publish hydra-sql base image') {
|
||||||
|
container.buildAndPublishImage([
|
||||||
|
'imageName': 'reg.cadoles.com/cadoles/hydra-sql-base',
|
||||||
|
'dockerfile': './misc/images/hydra-sql-base/Dockerfile',
|
||||||
|
'dryRun': !isRelease
|
||||||
|
])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
])
|
||||||
|
|
74
Makefile
74
Makefile
|
@ -1,46 +1,40 @@
|
||||||
CI_COMPOSE=FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose -f docker-compose.yml
|
|
||||||
HYDRA_SQL_SHELL_USER ?= www-data:
|
|
||||||
DOCKER_CMD ?=
|
|
||||||
DOCKER_IMAGE_NAME ?= login-app-sql_hydra-sql
|
|
||||||
up:
|
|
||||||
FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose up --build
|
|
||||||
|
|
||||||
down:
|
IMAGE_REPO ?= reg.cadoles.com/cadoles
|
||||||
docker-compose down -v
|
IMAGES_DIR := misc/images
|
||||||
|
IMAGES := $(foreach file, $(wildcard $(IMAGES_DIR)/*), $(basename $(notdir $(file))))
|
||||||
|
|
||||||
purge:
|
TRIVY_ARGS ?=
|
||||||
docker-compose down -v --remove-orphans --rmi local
|
|
||||||
|
|
||||||
hydra-sql-shell:
|
build-image: $(foreach image, $(IMAGES), build-image-$(image))
|
||||||
$(CI_COMPOSE) exec \
|
|
||||||
-u "$(HYDRA_SQL_SHELL_USER)" \
|
|
||||||
hydra-sql \
|
|
||||||
/bin/bash
|
|
||||||
|
|
||||||
|
build-image-%:
|
||||||
|
docker build \
|
||||||
|
-t "${IMAGE_REPO}/$*:latest" \
|
||||||
|
-f ${IMAGES_DIR}/$*/Dockerfile \
|
||||||
|
.
|
||||||
|
|
||||||
APP_LOCALES ?= fr,en
|
scan-image: $(foreach image, $(IMAGES), scan-image-$(image))
|
||||||
HYDRA_ADMIN_BASE_URL ?= http://hydra:4445
|
|
||||||
TRUSTED_PROXIES ?= 127.0.0.1,REMOTE_ADDR,localhost
|
|
||||||
ISSUER_URL ?= http://localhost:8000
|
|
||||||
BASE_URL ?= http://localhost:8080
|
|
||||||
DB_USER ?= lasql
|
|
||||||
DB_PASSWORD ?= lasql
|
|
||||||
DEFAULT_LOCALE ?= fr
|
|
||||||
BDD ?= postgres
|
|
||||||
DSN_REMOTE_DATABASE=mysql:host=mariadb;port=3306;dbname=lasql
|
|
||||||
|
|
||||||
up-mysql:
|
scan-image-%: tools/trivy/bin/trivy
|
||||||
docker run \
|
mkdir -p .trivy/.cache
|
||||||
-it --rm \
|
tools/trivy/bin/trivy --cache-dir .trivy/.cache --ignorefile .trivyignore.yaml image $(TRIVY_ARGS) $(IMAGE_REPO)/$*:latest
|
||||||
-p 8080:80 \
|
|
||||||
-e APP_LOCALES=$(APP_LOCALES) \
|
release-image: $(foreach image, $(IMAGES), release-image-$(image))
|
||||||
-e HYDRA_ADMIN_BASE_URL=$(HYDRA_ADMIN_BASE_URL) \
|
|
||||||
-e TRUSTED_PROXIES=$(TRUSTED_PROXIES) \
|
release-image-%: .mktools
|
||||||
-e ISSUER_URL=$(ISSUER_URL) \
|
@[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 )
|
||||||
-e BASE_URL=$(BASE_URL) \
|
docker tag "${IMAGE_REPO}/$*:latest" "${IMAGE_REPO}/$*:$(MKT_PROJECT_VERSION)"
|
||||||
-e DB_USER=$(DB_USER) \
|
docker tag "${IMAGE_REPO}/$*:latest" "${IMAGE_REPO}/$*:$(MKT_PROJECT_SHORT_VERSION)"
|
||||||
-e DB_PASSWORD=$(DB_PASSWORD) \
|
docker push "${IMAGE_REPO}/$*:$(MKT_PROJECT_VERSION)"
|
||||||
-e DEFAULT_LOCALE=$(DEFAULT_LOCALE) \
|
docker push "${IMAGE_REPO}/$*:$(MKT_PROJECT_SHORT_VERSION)"
|
||||||
-e DSN_REMOTE_DATABASE=$(DSN_REMOTE_DATABASE) \
|
docker push "${IMAGE_REPO}/$*:latest"
|
||||||
$(DOCKER_IMAGE_NAME):latest \
|
|
||||||
$(DOCKER_CMD)
|
tools/trivy/bin/trivy:
|
||||||
|
mkdir -p tools/trivy/bin
|
||||||
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0
|
||||||
|
|
||||||
|
.mktools:
|
||||||
|
rm -rf .mktools
|
||||||
|
curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | TASKS="version" $(SHELL)
|
||||||
|
|
||||||
|
-include .mktools/*.mk
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
ARG NODE_OPTIONS="--openssl-legacy-provider"
|
||||||
|
ARG PHP_PKG_VERSION="8.1.22-r0"
|
||||||
|
ARG ADDITIONAL_PACKAGES="bash=5.2.15-r0 \
|
||||||
|
build-base=0.5-r3 \
|
||||||
|
php81-gd=${PHP_PKG_VERSION} \
|
||||||
|
php81-xsl=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo=${PHP_PKG_VERSION} \
|
||||||
|
php81-pgsql=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo_pgsql=${PHP_PKG_VERSION} \
|
||||||
|
php81-soap=${PHP_PKG_VERSION} \
|
||||||
|
php81-ldap=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo_mysql=${PHP_PKG_VERSION} \
|
||||||
|
php81-bcmath=${PHP_PKG_VERSION}"
|
||||||
|
|
||||||
|
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone-2023.11.16-stable.1541.eec311d
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
ARG NODE_OPTIONS="--openssl-legacy-provider"
|
||||||
|
ARG PHP_PKG_VERSION="8.1.22-r0"
|
||||||
|
ARG ADDITIONAL_PACKAGES="bash=5.2.15-r0 \
|
||||||
|
build-base=0.5-r3 \
|
||||||
|
php81-gd=${PHP_PKG_VERSION} \
|
||||||
|
php81-xsl=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo=${PHP_PKG_VERSION} \
|
||||||
|
php81-pgsql=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo_pgsql=${PHP_PKG_VERSION} \
|
||||||
|
php81-soap=${PHP_PKG_VERSION} \
|
||||||
|
php81-ldap=${PHP_PKG_VERSION} \
|
||||||
|
php81-pdo_mysql=${PHP_PKG_VERSION} \
|
||||||
|
php81-bcmath=${PHP_PKG_VERSION}"
|
||||||
|
|
||||||
|
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone-2023.11.16-stable.1541.eec311d
|
||||||
|
|
Loading…
Reference in New Issue