Change everything for releases

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-02-01 14:57:58 +01:00
parent 1c3f607eb5
commit 496debd6f3
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
13 changed files with 143 additions and 52 deletions

View file

@ -17,3 +17,4 @@ SECURITY.md
ssh_match_hostname ssh_match_hostname
support support
.js/package-lock.json .js/package-lock.json
js/node_modules

1
.gitignore vendored
View file

@ -14,7 +14,6 @@ erl_crash.dump
# secrets files as long as you replace their contents by environment # secrets files as long as you replace their contents by environment
# variables. # variables.
/config/*.secret.exs /config/*.secret.exs
/config/releases.exs
/setup_db.psql /setup_db.psql

View file

@ -183,7 +183,7 @@ pages:
- mkdir -p /kaniko/.docker - mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > /kaniko/.docker/config.json - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > /kaniko/.docker/config.json
script: script:
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG
build-docker-master: build-docker-master:
<<: *docker <<: *docker
@ -210,7 +210,6 @@ package-app:
script: script:
- mix local.hex --force - mix local.hex --force
- mix local.rebar --force - mix local.rebar --force
- cp docker/production/releases.exs ./config/
- mix deps.get - mix deps.get
- mix phx.digest - mix phx.digest
- mix release - mix release

View file

@ -8,7 +8,7 @@ import Config
# General application configuration # General application configuration
config :mobilizon, config :mobilizon,
ecto_repos: [Mobilizon.Storage.Repo], ecto_repos: [Mobilizon.Storage.Repo],
env: Mix.env() env: config_env()
config :mobilizon, Mobilizon.Storage.Repo, types: Mobilizon.Storage.PostgresTypes config :mobilizon, Mobilizon.Storage.Repo, types: Mobilizon.Storage.PostgresTypes
@ -142,24 +142,6 @@ config :ueberauth,
config :mobilizon, :auth, oauth_consumer_strategies: [] config :mobilizon, :auth, oauth_consumer_strategies: []
config :mobilizon, :ldap,
enabled: System.get_env("LDAP_ENABLED") == "true",
host: System.get_env("LDAP_HOST") || "localhost",
port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
ssl: System.get_env("LDAP_SSL") == "true",
sslopts: [],
tls: System.get_env("LDAP_TLS") == "true",
tlsopts: [],
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
uid: System.get_env("LDAP_UID") || "cn",
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
# The full CN to filter by `memberOf`, or `false` if disabled
group: false,
# Either the admin UID matching the field in `uid`,
# Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local}
bind_uid: System.get_env("LDAP_BIND_UID"),
bind_password: System.get_env("LDAP_BIND_PASSWORD")
config :geolix, config :geolix,
databases: [ databases: [
%{ %{
@ -313,4 +295,4 @@ config :mobilizon, :external_resource_providers, %{
# Import environment specific config. This must remain at the bottom # Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above. # of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs" import_config "#{config_env()}.exs"

View file

@ -3,10 +3,10 @@
import Config import Config
config :mobilizon, Mobilizon.Web.Endpoint, config :mobilizon, Mobilizon.Web.Endpoint,
server: true, server: true,
url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")], url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")],
http: [port: System.get_env("MOBILIZON_INSTANCE_PORT", "4000")], http: [port: System.get_env("MOBILIZON_INSTANCE_PORT", "4000")],
secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "changethis") secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "changethis")
config :mobilizon, Mobilizon.Web.Auth.Guardian, config :mobilizon, Mobilizon.Web.Auth.Guardian,
secret_key: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY", "changethis") secret_key: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY", "changethis")
@ -22,11 +22,9 @@ config :mobilizon, :instance,
email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"), email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"),
email_reply_to: System.get_env("MOBILIZON_REPLY_EMAIL", "noreply@mobilizon.lan") email_reply_to: System.get_env("MOBILIZON_REPLY_EMAIL", "noreply@mobilizon.lan")
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, config :mobilizon, Mobilizon.Web.Upload.Uploader.Local,
uploads: System.get_env("MOBILIZON_UPLOADS", "/app/uploads") uploads: System.get_env("MOBILIZON_UPLOADS", "/app/uploads")
config :mobilizon, Mobilizon.Storage.Repo, config :mobilizon, Mobilizon.Storage.Repo,
adapter: Ecto.Adapters.Postgres, adapter: Ecto.Adapters.Postgres,
username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"), username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"),
@ -49,3 +47,14 @@ config :mobilizon, Mobilizon.Web.Email.Mailer,
retries: 1, retries: 1,
no_mx_lookups: false, no_mx_lookups: false,
auth: :if_available auth: :if_available
config :geolix,
databases: [
%{
id: :city,
adapter: Geolix.Adapter.MMDB2,
source: "/var/lib/mobilizon/geo_db/GeoLite2-City.mmdb"
}
]
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: "/var/lib/mobilizon/uploads"

View file

@ -36,6 +36,24 @@ config :mobilizon, Mobilizon.Storage.Repo,
port: System.get_env("MOBILIZON_DATABASE_PORT") || "5432", port: System.get_env("MOBILIZON_DATABASE_PORT") || "5432",
pool: Ecto.Adapters.SQL.Sandbox pool: Ecto.Adapters.SQL.Sandbox
config :mobilizon, :ldap,
enabled: System.get_env("LDAP_ENABLED") == "true",
host: System.get_env("LDAP_HOST") || "localhost",
port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
ssl: System.get_env("LDAP_SSL") == "true",
sslopts: [],
tls: System.get_env("LDAP_TLS") == "true",
tlsopts: [],
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
uid: System.get_env("LDAP_UID") || "cn",
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
# The full CN to filter by `memberOf`, or `false` if disabled
group: false,
# Either the admin UID matching the field in `uid`,
# Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local}
bind_uid: System.get_env("LDAP_BIND_UID"),
bind_password: System.get_env("LDAP_BIND_PASSWORD")
config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.TestAdapter config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.TestAdapter
config :mobilizon, Mobilizon.Web.Upload, filters: [], link_name: false config :mobilizon, Mobilizon.Web.Upload, filters: [], link_name: false

View file

@ -20,9 +20,8 @@ RUN mix local.hex --force \
COPY lib ./lib COPY lib ./lib
COPY priv ./priv COPY priv ./priv
COPY config ./config COPY config/config.exs config/prod.exs config/releases.exs ./config/
COPY rel ./rel COPY rel ./rel
COPY docker/production/releases.exs ./config/
COPY --from=assets ./priv/static ./priv/static COPY --from=assets ./priv/static ./priv/static
RUN mix phx.digest \ RUN mix phx.digest \
@ -31,13 +30,30 @@ RUN mix phx.digest \
# Finally setup the app # Finally setup the app
FROM alpine FROM alpine
ARG BUILD_DATE
ARG VCS_REF
ARG CI_COMMIT_TAG
ARG MOBILIZON_VERSION=${CI_COMMIT_TAG}
LABEL org.opencontainers.image.title="mobilizon" \
org.opencontainers.image.description="Mobilizon for Docker" \
org.opencontainers.image.vendor="joinmobilizon.org" \
org.opencontainers.image.documentation="https://docs.joinmobilizon.org" \
org.opencontainers.image.licenses="AGPL-3.0" \
org.opencontainers.image.url="https://joinmobilizon.org" \
org.opencontainers.image.revision=$VCS_REF \
org.opencontainers.image.created=$BUILD_DATE
RUN apk add --no-cache openssl ncurses-libs file postgresql-client RUN apk add --no-cache openssl ncurses-libs file postgresql-client
RUN mkdir -p /app/uploads && chown nobody:nobody /app/uploads RUN mkdir -p /app/uploads && chown nobody:nobody /app/uploads
RUN mkdir -p /etc/mobilizon && chown nobody:nobody /etc/mobilizon
USER nobody USER nobody
EXPOSE 4000 EXPOSE 4000
ENV MOBILIZON_DOCKER=true
COPY --from=builder --chown=nobody:nobody _build/prod/rel/mobilizon ./ COPY --from=builder --chown=nobody:nobody _build/prod/rel/mobilizon ./
COPY docker/production/docker-entrypoint.sh ./ COPY docker/production/docker-entrypoint.sh ./

View file

@ -1,7 +1,7 @@
FROM elixir:latest FROM elixir:latest
LABEL maintainer="Thomas Citharel <tcit@tcit.fr>" LABEL maintainer="Thomas Citharel <tcit@tcit.fr>"
ENV REFRESHED_AT=2020-10-22 ENV REFRESHED_AT=2021-02-01
RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool
RUN curl -sL https://deb.nodesource.com/setup_12.x | bash && apt-get install nodejs -yq RUN curl -sL https://deb.nodesource.com/setup_12.x | bash && apt-get install nodejs -yq
RUN npm install -g yarn wait-on RUN npm install -g yarn wait-on

34
lib/config_provider.ex Normal file
View file

@ -0,0 +1,34 @@
defmodule Mobilizon.ConfigProvider do
@moduledoc """
Module to provide configuration from a custom file
"""
@behaviour Config.Provider
def init(path) when is_binary(path), do: path
def load(config, path) do
config_path = System.get_env("MOBILIZON_CONFIG_PATH") || path
cond do
File.exists?(config_path) ->
runtime_config = Config.Reader.read!(config_path)
Config.Reader.merge(config, runtime_config)
is_nil(System.get_env("MOBILIZON_DOCKER")) ->
warning = [
IO.ANSI.red(),
IO.ANSI.bright(),
"!!! #{config_path} not found! Please ensure it exists and that MOBILIZON_CONFIG_PATH is unset or points to an existing file",
IO.ANSI.reset()
]
IO.puts(warning)
config
true ->
IO.puts("No runtime config file found, but using environment variables for Docker")
config
end
end
end

View file

@ -61,7 +61,7 @@ defmodule Mix.Tasks.Mobilizon.Instance do
paths = paths =
[config_path, psql_path] = [ [config_path, psql_path] = [
Keyword.get(options, :output, "config/prod.secret.exs"), Keyword.get(options, :output, "config/runtime.exs"),
Keyword.get(options, :output_psql, "setup_db.psql") Keyword.get(options, :output_psql, "setup_db.psql")
] ]
@ -146,7 +146,6 @@ defmodule Mix.Tasks.Mobilizon.Instance do
database_port: Keyword.get(options, :dbport, 5432), database_port: Keyword.get(options, :dbport, 5432),
database_username: dbuser, database_username: dbuser,
database_password: dbpass, database_password: dbpass,
version: Mobilizon.Mixfile.project() |> Keyword.get(:version),
instance_secret: instance_secret, instance_secret: instance_secret,
auth_secret: auth_secret, auth_secret: auth_secret,
listen_port: listen_port listen_port: listen_port
@ -160,22 +159,22 @@ defmodule Mix.Tasks.Mobilizon.Instance do
database_password: dbpass database_password: dbpass
) )
shell_info("Writing config to #{config_path}.") with :ok <- write_config(config_path, result_config),
:ok <- write_psql(psql_path, result_psql) do
File.write(config_path, result_config) shell_info(
shell_info("Writing #{psql_path}.") "\n" <>
File.write(psql_path, result_psql) """
To get started:
shell_info( 1. Check the contents of the generated files.
"\n" <> 2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)} && rm #{
""" escape_sh_path(psql_path)
To get started: }`.
1. Check the contents of the generated files. """
2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)} && rm #{ )
escape_sh_path(psql_path) else
}`. {:error, err} -> exit(err)
""" _ -> exit(:unknown_error)
) end
else else
shell_error( shell_error(
"The task would have overwritten the following files:\n" <> "The task would have overwritten the following files:\n" <>
@ -184,4 +183,36 @@ defmodule Mix.Tasks.Mobilizon.Instance do
) )
end end
end end
defp write_config(config_path, result_config) do
shell_info("Writing config to #{config_path}.")
case File.write(config_path, result_config) do
:ok ->
:ok
{:error, err} ->
shell_error(
"\nERROR: Unable to write config file to #{config_path}. Make sure you have permissions on the destination.\n"
)
{:error, err}
end
end
defp write_psql(psql_path, result_psql) do
shell_info("Writing #{psql_path}.")
case File.write(psql_path, result_psql) do
:ok ->
:ok
{:error, err} ->
shell_error(
"\nERROR: Unable to write psql file to #{psql_path}. Make sure you have permissions on the destination.\n"
)
{:error, err}
end
end
end end

View file

@ -11,6 +11,6 @@ defmodule Mobilizon.Storage.Repo do
Dynamically loads the repository url from the DATABASE_URL environment variable. Dynamically loads the repository url from the DATABASE_URL environment variable.
""" """
def init(_, opts) do def init(_, opts) do
{:ok, Keyword.put(opts, :url, System.get_env("DATABASE_URL"))} {:ok, opts}
end end
end end

View file

@ -31,7 +31,8 @@ defmodule Mobilizon.Mixfile do
docs: docs(), docs: docs(),
releases: [ releases: [
mobilizon: [ mobilizon: [
applications: [eldap: :transient] applications: [eldap: :transient],
config_providers: [{Mobilizon.ConfigProvider, "/etc/mobilizon/config.exs"}]
] ]
] ]
] ]

View file

@ -3,6 +3,7 @@
import Config import Config
config :mobilizon, Mobilizon.Web.Endpoint, config :mobilizon, Mobilizon.Web.Endpoint,
server: true,
url: [host: "<%= instance_domain %>"], url: [host: "<%= instance_domain %>"],
http: [port: <%= listen_port %>], http: [port: <%= listen_port %>],
secret_key_base: "<%= instance_secret %>" secret_key_base: "<%= instance_secret %>"