Change everything for releases
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
1c3f607eb5
commit
496debd6f3
|
@ -17,3 +17,4 @@ SECURITY.md
|
||||||
ssh_match_hostname
|
ssh_match_hostname
|
||||||
support
|
support
|
||||||
.js/package-lock.json
|
.js/package-lock.json
|
||||||
|
js/node_modules
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -14,7 +14,6 @@ erl_crash.dump
|
||||||
# secrets files as long as you replace their contents by environment
|
# secrets files as long as you replace their contents by environment
|
||||||
# variables.
|
# variables.
|
||||||
/config/*.secret.exs
|
/config/*.secret.exs
|
||||||
/config/releases.exs
|
|
||||||
|
|
||||||
/setup_db.psql
|
/setup_db.psql
|
||||||
|
|
||||||
|
|
|
@ -183,7 +183,7 @@ pages:
|
||||||
- mkdir -p /kaniko/.docker
|
- mkdir -p /kaniko/.docker
|
||||||
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > /kaniko/.docker/config.json
|
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > /kaniko/.docker/config.json
|
||||||
script:
|
script:
|
||||||
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME
|
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG
|
||||||
|
|
||||||
build-docker-master:
|
build-docker-master:
|
||||||
<<: *docker
|
<<: *docker
|
||||||
|
@ -210,7 +210,6 @@ package-app:
|
||||||
script:
|
script:
|
||||||
- mix local.hex --force
|
- mix local.hex --force
|
||||||
- mix local.rebar --force
|
- mix local.rebar --force
|
||||||
- cp docker/production/releases.exs ./config/
|
|
||||||
- mix deps.get
|
- mix deps.get
|
||||||
- mix phx.digest
|
- mix phx.digest
|
||||||
- mix release
|
- mix release
|
||||||
|
|
|
@ -8,7 +8,7 @@ import Config
|
||||||
# General application configuration
|
# General application configuration
|
||||||
config :mobilizon,
|
config :mobilizon,
|
||||||
ecto_repos: [Mobilizon.Storage.Repo],
|
ecto_repos: [Mobilizon.Storage.Repo],
|
||||||
env: Mix.env()
|
env: config_env()
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Storage.Repo, types: Mobilizon.Storage.PostgresTypes
|
config :mobilizon, Mobilizon.Storage.Repo, types: Mobilizon.Storage.PostgresTypes
|
||||||
|
|
||||||
|
@ -142,24 +142,6 @@ config :ueberauth,
|
||||||
|
|
||||||
config :mobilizon, :auth, oauth_consumer_strategies: []
|
config :mobilizon, :auth, oauth_consumer_strategies: []
|
||||||
|
|
||||||
config :mobilizon, :ldap,
|
|
||||||
enabled: System.get_env("LDAP_ENABLED") == "true",
|
|
||||||
host: System.get_env("LDAP_HOST") || "localhost",
|
|
||||||
port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
|
|
||||||
ssl: System.get_env("LDAP_SSL") == "true",
|
|
||||||
sslopts: [],
|
|
||||||
tls: System.get_env("LDAP_TLS") == "true",
|
|
||||||
tlsopts: [],
|
|
||||||
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
|
|
||||||
uid: System.get_env("LDAP_UID") || "cn",
|
|
||||||
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
|
|
||||||
# The full CN to filter by `memberOf`, or `false` if disabled
|
|
||||||
group: false,
|
|
||||||
# Either the admin UID matching the field in `uid`,
|
|
||||||
# Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local}
|
|
||||||
bind_uid: System.get_env("LDAP_BIND_UID"),
|
|
||||||
bind_password: System.get_env("LDAP_BIND_PASSWORD")
|
|
||||||
|
|
||||||
config :geolix,
|
config :geolix,
|
||||||
databases: [
|
databases: [
|
||||||
%{
|
%{
|
||||||
|
@ -313,4 +295,4 @@ config :mobilizon, :external_resource_providers, %{
|
||||||
|
|
||||||
# Import environment specific config. This must remain at the bottom
|
# Import environment specific config. This must remain at the bottom
|
||||||
# of this file so it overrides the configuration defined above.
|
# of this file so it overrides the configuration defined above.
|
||||||
import_config "#{Mix.env()}.exs"
|
import_config "#{config_env()}.exs"
|
||||||
|
|
|
@ -3,10 +3,10 @@
|
||||||
import Config
|
import Config
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Web.Endpoint,
|
config :mobilizon, Mobilizon.Web.Endpoint,
|
||||||
server: true,
|
server: true,
|
||||||
url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")],
|
url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")],
|
||||||
http: [port: System.get_env("MOBILIZON_INSTANCE_PORT", "4000")],
|
http: [port: System.get_env("MOBILIZON_INSTANCE_PORT", "4000")],
|
||||||
secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "changethis")
|
secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "changethis")
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Web.Auth.Guardian,
|
config :mobilizon, Mobilizon.Web.Auth.Guardian,
|
||||||
secret_key: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY", "changethis")
|
secret_key: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY", "changethis")
|
||||||
|
@ -22,11 +22,9 @@ config :mobilizon, :instance,
|
||||||
email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"),
|
email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"),
|
||||||
email_reply_to: System.get_env("MOBILIZON_REPLY_EMAIL", "noreply@mobilizon.lan")
|
email_reply_to: System.get_env("MOBILIZON_REPLY_EMAIL", "noreply@mobilizon.lan")
|
||||||
|
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local,
|
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local,
|
||||||
uploads: System.get_env("MOBILIZON_UPLOADS", "/app/uploads")
|
uploads: System.get_env("MOBILIZON_UPLOADS", "/app/uploads")
|
||||||
|
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Storage.Repo,
|
config :mobilizon, Mobilizon.Storage.Repo,
|
||||||
adapter: Ecto.Adapters.Postgres,
|
adapter: Ecto.Adapters.Postgres,
|
||||||
username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"),
|
username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"),
|
||||||
|
@ -49,3 +47,14 @@ config :mobilizon, Mobilizon.Web.Email.Mailer,
|
||||||
retries: 1,
|
retries: 1,
|
||||||
no_mx_lookups: false,
|
no_mx_lookups: false,
|
||||||
auth: :if_available
|
auth: :if_available
|
||||||
|
|
||||||
|
config :geolix,
|
||||||
|
databases: [
|
||||||
|
%{
|
||||||
|
id: :city,
|
||||||
|
adapter: Geolix.Adapter.MMDB2,
|
||||||
|
source: "/var/lib/mobilizon/geo_db/GeoLite2-City.mmdb"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: "/var/lib/mobilizon/uploads"
|
|
@ -36,6 +36,24 @@ config :mobilizon, Mobilizon.Storage.Repo,
|
||||||
port: System.get_env("MOBILIZON_DATABASE_PORT") || "5432",
|
port: System.get_env("MOBILIZON_DATABASE_PORT") || "5432",
|
||||||
pool: Ecto.Adapters.SQL.Sandbox
|
pool: Ecto.Adapters.SQL.Sandbox
|
||||||
|
|
||||||
|
config :mobilizon, :ldap,
|
||||||
|
enabled: System.get_env("LDAP_ENABLED") == "true",
|
||||||
|
host: System.get_env("LDAP_HOST") || "localhost",
|
||||||
|
port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
|
||||||
|
ssl: System.get_env("LDAP_SSL") == "true",
|
||||||
|
sslopts: [],
|
||||||
|
tls: System.get_env("LDAP_TLS") == "true",
|
||||||
|
tlsopts: [],
|
||||||
|
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
|
||||||
|
uid: System.get_env("LDAP_UID") || "cn",
|
||||||
|
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
|
||||||
|
# The full CN to filter by `memberOf`, or `false` if disabled
|
||||||
|
group: false,
|
||||||
|
# Either the admin UID matching the field in `uid`,
|
||||||
|
# Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local}
|
||||||
|
bind_uid: System.get_env("LDAP_BIND_UID"),
|
||||||
|
bind_password: System.get_env("LDAP_BIND_PASSWORD")
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.TestAdapter
|
config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.TestAdapter
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Web.Upload, filters: [], link_name: false
|
config :mobilizon, Mobilizon.Web.Upload, filters: [], link_name: false
|
||||||
|
|
|
@ -20,9 +20,8 @@ RUN mix local.hex --force \
|
||||||
|
|
||||||
COPY lib ./lib
|
COPY lib ./lib
|
||||||
COPY priv ./priv
|
COPY priv ./priv
|
||||||
COPY config ./config
|
COPY config/config.exs config/prod.exs config/releases.exs ./config/
|
||||||
COPY rel ./rel
|
COPY rel ./rel
|
||||||
COPY docker/production/releases.exs ./config/
|
|
||||||
COPY --from=assets ./priv/static ./priv/static
|
COPY --from=assets ./priv/static ./priv/static
|
||||||
|
|
||||||
RUN mix phx.digest \
|
RUN mix phx.digest \
|
||||||
|
@ -31,13 +30,30 @@ RUN mix phx.digest \
|
||||||
# Finally setup the app
|
# Finally setup the app
|
||||||
FROM alpine
|
FROM alpine
|
||||||
|
|
||||||
|
ARG BUILD_DATE
|
||||||
|
ARG VCS_REF
|
||||||
|
ARG CI_COMMIT_TAG
|
||||||
|
ARG MOBILIZON_VERSION=${CI_COMMIT_TAG}
|
||||||
|
|
||||||
|
LABEL org.opencontainers.image.title="mobilizon" \
|
||||||
|
org.opencontainers.image.description="Mobilizon for Docker" \
|
||||||
|
org.opencontainers.image.vendor="joinmobilizon.org" \
|
||||||
|
org.opencontainers.image.documentation="https://docs.joinmobilizon.org" \
|
||||||
|
org.opencontainers.image.licenses="AGPL-3.0" \
|
||||||
|
org.opencontainers.image.url="https://joinmobilizon.org" \
|
||||||
|
org.opencontainers.image.revision=$VCS_REF \
|
||||||
|
org.opencontainers.image.created=$BUILD_DATE
|
||||||
|
|
||||||
RUN apk add --no-cache openssl ncurses-libs file postgresql-client
|
RUN apk add --no-cache openssl ncurses-libs file postgresql-client
|
||||||
|
|
||||||
RUN mkdir -p /app/uploads && chown nobody:nobody /app/uploads
|
RUN mkdir -p /app/uploads && chown nobody:nobody /app/uploads
|
||||||
|
RUN mkdir -p /etc/mobilizon && chown nobody:nobody /etc/mobilizon
|
||||||
|
|
||||||
USER nobody
|
USER nobody
|
||||||
EXPOSE 4000
|
EXPOSE 4000
|
||||||
|
|
||||||
|
ENV MOBILIZON_DOCKER=true
|
||||||
|
|
||||||
COPY --from=builder --chown=nobody:nobody _build/prod/rel/mobilizon ./
|
COPY --from=builder --chown=nobody:nobody _build/prod/rel/mobilizon ./
|
||||||
COPY docker/production/docker-entrypoint.sh ./
|
COPY docker/production/docker-entrypoint.sh ./
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
FROM elixir:latest
|
FROM elixir:latest
|
||||||
LABEL maintainer="Thomas Citharel <tcit@tcit.fr>"
|
LABEL maintainer="Thomas Citharel <tcit@tcit.fr>"
|
||||||
|
|
||||||
ENV REFRESHED_AT=2020-10-22
|
ENV REFRESHED_AT=2021-02-01
|
||||||
RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool
|
RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool
|
||||||
RUN curl -sL https://deb.nodesource.com/setup_12.x | bash && apt-get install nodejs -yq
|
RUN curl -sL https://deb.nodesource.com/setup_12.x | bash && apt-get install nodejs -yq
|
||||||
RUN npm install -g yarn wait-on
|
RUN npm install -g yarn wait-on
|
||||||
|
|
34
lib/config_provider.ex
Normal file
34
lib/config_provider.ex
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
defmodule Mobilizon.ConfigProvider do
|
||||||
|
@moduledoc """
|
||||||
|
Module to provide configuration from a custom file
|
||||||
|
"""
|
||||||
|
@behaviour Config.Provider
|
||||||
|
|
||||||
|
def init(path) when is_binary(path), do: path
|
||||||
|
|
||||||
|
def load(config, path) do
|
||||||
|
config_path = System.get_env("MOBILIZON_CONFIG_PATH") || path
|
||||||
|
|
||||||
|
cond do
|
||||||
|
File.exists?(config_path) ->
|
||||||
|
runtime_config = Config.Reader.read!(config_path)
|
||||||
|
|
||||||
|
Config.Reader.merge(config, runtime_config)
|
||||||
|
|
||||||
|
is_nil(System.get_env("MOBILIZON_DOCKER")) ->
|
||||||
|
warning = [
|
||||||
|
IO.ANSI.red(),
|
||||||
|
IO.ANSI.bright(),
|
||||||
|
"!!! #{config_path} not found! Please ensure it exists and that MOBILIZON_CONFIG_PATH is unset or points to an existing file",
|
||||||
|
IO.ANSI.reset()
|
||||||
|
]
|
||||||
|
|
||||||
|
IO.puts(warning)
|
||||||
|
config
|
||||||
|
|
||||||
|
true ->
|
||||||
|
IO.puts("No runtime config file found, but using environment variables for Docker")
|
||||||
|
config
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -61,7 +61,7 @@ defmodule Mix.Tasks.Mobilizon.Instance do
|
||||||
|
|
||||||
paths =
|
paths =
|
||||||
[config_path, psql_path] = [
|
[config_path, psql_path] = [
|
||||||
Keyword.get(options, :output, "config/prod.secret.exs"),
|
Keyword.get(options, :output, "config/runtime.exs"),
|
||||||
Keyword.get(options, :output_psql, "setup_db.psql")
|
Keyword.get(options, :output_psql, "setup_db.psql")
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -146,7 +146,6 @@ defmodule Mix.Tasks.Mobilizon.Instance do
|
||||||
database_port: Keyword.get(options, :dbport, 5432),
|
database_port: Keyword.get(options, :dbport, 5432),
|
||||||
database_username: dbuser,
|
database_username: dbuser,
|
||||||
database_password: dbpass,
|
database_password: dbpass,
|
||||||
version: Mobilizon.Mixfile.project() |> Keyword.get(:version),
|
|
||||||
instance_secret: instance_secret,
|
instance_secret: instance_secret,
|
||||||
auth_secret: auth_secret,
|
auth_secret: auth_secret,
|
||||||
listen_port: listen_port
|
listen_port: listen_port
|
||||||
|
@ -160,22 +159,22 @@ defmodule Mix.Tasks.Mobilizon.Instance do
|
||||||
database_password: dbpass
|
database_password: dbpass
|
||||||
)
|
)
|
||||||
|
|
||||||
shell_info("Writing config to #{config_path}.")
|
with :ok <- write_config(config_path, result_config),
|
||||||
|
:ok <- write_psql(psql_path, result_psql) do
|
||||||
File.write(config_path, result_config)
|
shell_info(
|
||||||
shell_info("Writing #{psql_path}.")
|
"\n" <>
|
||||||
File.write(psql_path, result_psql)
|
"""
|
||||||
|
To get started:
|
||||||
shell_info(
|
1. Check the contents of the generated files.
|
||||||
"\n" <>
|
2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)} && rm #{
|
||||||
"""
|
escape_sh_path(psql_path)
|
||||||
To get started:
|
}`.
|
||||||
1. Check the contents of the generated files.
|
"""
|
||||||
2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)} && rm #{
|
)
|
||||||
escape_sh_path(psql_path)
|
else
|
||||||
}`.
|
{:error, err} -> exit(err)
|
||||||
"""
|
_ -> exit(:unknown_error)
|
||||||
)
|
end
|
||||||
else
|
else
|
||||||
shell_error(
|
shell_error(
|
||||||
"The task would have overwritten the following files:\n" <>
|
"The task would have overwritten the following files:\n" <>
|
||||||
|
@ -184,4 +183,36 @@ defmodule Mix.Tasks.Mobilizon.Instance do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp write_config(config_path, result_config) do
|
||||||
|
shell_info("Writing config to #{config_path}.")
|
||||||
|
|
||||||
|
case File.write(config_path, result_config) do
|
||||||
|
:ok ->
|
||||||
|
:ok
|
||||||
|
|
||||||
|
{:error, err} ->
|
||||||
|
shell_error(
|
||||||
|
"\nERROR: Unable to write config file to #{config_path}. Make sure you have permissions on the destination.\n"
|
||||||
|
)
|
||||||
|
|
||||||
|
{:error, err}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp write_psql(psql_path, result_psql) do
|
||||||
|
shell_info("Writing #{psql_path}.")
|
||||||
|
|
||||||
|
case File.write(psql_path, result_psql) do
|
||||||
|
:ok ->
|
||||||
|
:ok
|
||||||
|
|
||||||
|
{:error, err} ->
|
||||||
|
shell_error(
|
||||||
|
"\nERROR: Unable to write psql file to #{psql_path}. Make sure you have permissions on the destination.\n"
|
||||||
|
)
|
||||||
|
|
||||||
|
{:error, err}
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,6 +11,6 @@ defmodule Mobilizon.Storage.Repo do
|
||||||
Dynamically loads the repository url from the DATABASE_URL environment variable.
|
Dynamically loads the repository url from the DATABASE_URL environment variable.
|
||||||
"""
|
"""
|
||||||
def init(_, opts) do
|
def init(_, opts) do
|
||||||
{:ok, Keyword.put(opts, :url, System.get_env("DATABASE_URL"))}
|
{:ok, opts}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
3
mix.exs
3
mix.exs
|
@ -31,7 +31,8 @@ defmodule Mobilizon.Mixfile do
|
||||||
docs: docs(),
|
docs: docs(),
|
||||||
releases: [
|
releases: [
|
||||||
mobilizon: [
|
mobilizon: [
|
||||||
applications: [eldap: :transient]
|
applications: [eldap: :transient],
|
||||||
|
config_providers: [{Mobilizon.ConfigProvider, "/etc/mobilizon/config.exs"}]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
import Config
|
import Config
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Web.Endpoint,
|
config :mobilizon, Mobilizon.Web.Endpoint,
|
||||||
|
server: true,
|
||||||
url: [host: "<%= instance_domain %>"],
|
url: [host: "<%= instance_domain %>"],
|
||||||
http: [port: <%= listen_port %>],
|
http: [port: <%= listen_port %>],
|
||||||
secret_key_base: "<%= instance_secret %>"
|
secret_key_base: "<%= instance_secret %>"
|
||||||
|
|
Loading…
Reference in a new issue