Updating alpine to the latest

- Updated PHP to 8.1
- Updated Code Server to 4.8.3
- Updated Matomo to 4.12.3
- Removed the demo image as it is unmaintained and doesn't support php 8.1
- Created test image for testing changes to isle-buildkit (includes sample content)
- Added Automated integration tests for a full site

.env

@@ -0,0 +1,37 @@
+# Provide environment variables for configuring docker-compose, *not* the
+# containers themselves.
+#
+# Note that this is simple string assignment, quotes should *not* be used.
+# Multiple lines or commands, or bash syntax will not work.
+#
+# References:
+# - https://docs.docker.com/compose/env-file/
+# - https://docs.docker.com/compose/reference/envvars/
+COMPOSE_PROJECT_NAME=isle-buildkit
+
+# Use buildkit when building images.
+COMPOSE_DOCKER_CLI_BUILD=1
+DOCKER_BUILDKIT=1
+
+# Required for traefik on OSX (inconsistent behavior).
+DOCKER_CLIENT_TIMEOUT=120
+COMPOSE_HTTP_TIMEOUT=120
+
+# The consistency requirements for bind mounts; one of:
+#
+# - consistent: Full consistency. The container runtime and the host maintain an identical view of the mount at all times.
+# - cached:     The host's view of the mount is authoritative. There may be delays before updates made on the host are visible within a container.
+# - delegated:  The container runtime's view of the mount is authoritative. There may be delays before updates made in a container are visible on the host.
+#
+# Note that using 'consistent' can be very slow.
+CONSISTENCY=delegated
+
+# The Docker image repository, to use for isle-buildkit images.
+#
+# "local" is produced by building isle-buildkit manually
+# "islandora" is pulled from DockerHub.
+#
+REPOSITORY=local
+
+# The version of the isle-buildkit images to use.
+TAG=latest

.gitignore

@@ -3,5 +3,4 @@
 /build
 scratch
 scratch.md
-volumes
-/docker-compose.yml
+volumes

.vscode/settings.json

@@ -14,25 +14,37 @@
         "composer": "shellscript"
     },
     "cSpell.words": [
+        "autoconfigure",
+        "autowire",
         "binarystorage",
+        "Blazegraph",
         "CAROOT",
         "catchable",
         "classpath",
         "Confd",
         "crond",
         "elif",
         "fastcgi",
+        "FCREPO",
         "filesize",
         "getenv",
+        "homarus",
         "islandora",
+        "JNA",
+        "jsonld",
         "KEEPALIVE",
+        "Matomo",
         "mkcert",
         "MODESHAPE",
         "nativeplatform",
         "nocopy",
+        "oneshot",
         "POSTGRESQL",
         "proxied",
+        "rootfs",
         "SIGTERM",
+        "tmpl",
+        "traefik",
         "xdebug"
     ]
 }

README.md

@@ -9,6 +9,7 @@
   - [Build All Images](#build-all-images)
   - [Build Specific Image](#build-specific-image)
   - [Building Continuously](#building-continuously)
+- [Testing](#testing)
 - [Running](#running)
 - [Docker Images](#docker-images)
 - [Design Considerations](#design-considerations)
@@ -29,7 +30,7 @@ consumed by [isle-dc] and can be used by other Docker orchestration tools such
 as Swarm / Kubernetes.
 
 It is **not** meant as a starting point for new users or those unfamiliar with
-Docker, or basic server adminstration.
+Docker, or basic server administration.
 
 If you are looking to use islandora please read the
 [official documentation](https://islandora.github.io/documentation/) and use
@@ -149,6 +150,57 @@ When this is combined with the use of ``watchtower`` and
 ``restart: unless-stopped`` in a ``docker-compose.yml`` file. Images will be
 redeployed with the latest changes while you develop automatically.
 
+## Testing
+
+There are a number of automated tests that are included in this repository which
+can be found in the `tests` folders of each docker image project.
+
+To run these tests use the following command:
+
+```bash
+./gradlew test
+```
+
+To manually test changes in a functioning environment use the command:
+
+```bash
+./gradlew up
+```
+
+This will bring up the environment based on
+<https://github.com/Islandora/islandora-starter-site>. When completed a message
+will print like so:
+
+```
+For all services the credentials are:
+
+Username: admin
+Password: password
+
+The following services can be reached at the given URLs:
+
+ActiveMQ: https://activemq.islandora.dev/
+Blazegraph: https://blazegraph.islandora.dev/bigdata/
+Drupal: https://islandora.dev/
+Fedora: https://fcrepo.islandora.dev/fcrepo/rest/
+Matomo: https://islandora.dev/matomo/index.php
+Solr: https://solr.islandora.dev/solr/#/
+Traefik: https://traefik.islandora.dev/dashboard/#/
+```
+
+To destroy this environment use the following command:
+
+```bash
+./gradlew down
+```
+
+The two commands can be used at once to ensure you are starting from a clean
+environment:
+
+```bash
+./gradlew down up
+```
+
 ## Running
 
 There is no method for running the containers in `isle-buildkit`, instead please
@@ -166,7 +218,6 @@ The following docker images are provided:
 - [cantaloupe](./cantaloupe/README.md)
 - [crayfish](./crayfish/README.md)
 - [crayfits](./crayfits/README.md)
-- [demo](./demo/README.md)
 - [drupal](./drupal/README.md)
 - [fcrepo](./fcrepo/README.md)
 - [fits](./fits/README.md)
@@ -184,6 +235,7 @@ The following docker images are provided:
 - [postgresql](./postgresql/README.md)
 - [recast](./recast/README.md)
 - [solr](./solr/README.md)
+- [test](./test/README.md)
 - [tomcat](./tomcat/README.md)
 
 Many are intermediate images used to build other images in the list, for example
@@ -266,7 +318,7 @@ The logic which enforces these rules is performed in
 > templates.
 
 By either using the command ``with-contenv`` or starting a script with
-``#!/usr/bin/with-contenv bash`` the environment defined will follow the order
+``#!/command/with-contenv bash`` the environment defined will follow the order
 of precedence above. Additionally Within ``confd`` templates it is **required**
 to use `getenv` function for fetching data.
 
@@ -300,7 +352,7 @@ The ``run`` script is responsible for starting the service in the
 stopping the service, but in general it is used to kill the container, like so:
 
 ```bash
-s6-svscanctl -t /var/run/s6/services
+/run/s6/basedir/bin/halt
 ```
 
 There are only a few Service scripts:
@@ -347,7 +399,7 @@ are arranged in a hierarchy, that roughly follows below:
         │   └── recast
         ├── crayfits
         ├── drupal
-        │   └── demo
+        │   └── test
         └── matomo
 ```
 
@@ -405,29 +457,17 @@ successfully start without any other container present. Additionally it ensure
 that the order of precedence for configuration settings.
 
 This does not completely remove dependencies between containers, for example,
-when the [demo](../docker/demo/README.md) starts it requires a running
-[fcrepo](../docker/fcrepo/README.md) to be able to ingest nodes created by
-``islandora_default`` features. In these cases an initialization script can
-block until another container is available or a timeout has been reached. For
-example:
+when the [fcrepo6](./fcrepo6/README.md) starts it requires a running database
+like [mariadb](./mariadb/README.md) to be able to start. In these cases an
+initialization script can block until another container is available or a
+timeout has been reached. For example:
 
 ```bash
-local fcrepo_url=
-
-# Indexing fails if port 80 is given explicitly.
-if [[ "${DRUPAL_DEFAULT_FCREPO_PORT}" == "80" ]]; then
-    fcrepo_url="http://${DRUPAL_DEFAULT_FCREPO_HOST}/fcrepo/rest/"
-else
-    fcrepo_url="http://${DRUPAL_DEFAULT_FCREPO_HOST}:${DRUPAL_DEFAULT_FCREPO_PORT}/fcrepo/rest/"
-fi
-
-#...
-
-# Need access to Solr before we can actually import the right config.
-if timeout 300 wait-for-open-port.sh "${DRUPAL_DEFAULT_FCREPO_HOST}" "${DRUPAL_DEFAULT_FCREPO_PORT}" ; then
-    echo "Fcrepo Found"
+# Need access to database to start wait up to 5 minutes (i.e 300 seconds).
+if timeout 300 wait-for-open-port.sh "${DB_HOST}" "${DB_PORT}" ; then
+    echo "Database Found"
 else
-    echo "Could not connect to Fcrepo"
+    echo "Could not connect to Database"
     exit 1
 fi
 ```

abuild/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1.2.1
 ARG repository=local
 ARG tag=latest
-ARG alpine=3.15.0
+ARG alpine=3.16.2
 FROM ${repository}/download:${tag} AS download
 FROM alpine:${alpine} AS cache
 FROM alpine:${alpine}

activemq/rootfs/etc/cont-init.d/02-activemq-setup.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 set -e
 
 # When bind mounting we need to ensure that we

base/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1.2.1
 ARG repository=local
 ARG tag=latest
-ARG alpine=3.15.0
+ARG alpine=3.16.2
 FROM ${repository}/download:${tag} AS download
 FROM alpine:${alpine} AS cache
 FROM alpine:${alpine}
@@ -31,23 +31,35 @@ ARG TARGETARCH
 
 COPY --from=download /usr/local/bin/*.sh /usr/local/bin
 
-ARG S6_VERSION="2.2.0.3"
-ARG S6_AMD64_SHA256="a7076cf205b331e9f8479bbb09d9df77dbb5cd8f7d12e9b74920902e0c16dd98"
-ARG S6_ARM64_SHA256="84f585a100b610124bb80e441ef2dc2d68ac2c345fd393d75a6293e0951ccfc5"
+ARG S6_VERSION="3.1.2.1"
+ARG S6_OVERLAY_AMD64_SHA256="6019b6b06cfdbb1d1cd572d46b9b158a4904fd19ca59d374de4ddaaa6a3727d5"
+ARG S6_OVERLAY_ARM64_SHA256="e73f9a021b64f88278830742149c14ef8a52331102881ba025bf32a66a0e7c78"
+ARG S6_OVERLAY_NOARCH_SHA256="cee89d3eeabdfe15239b2c5c3581d9352d2197d4fd23bba3f1e64bf916ccf496"
+ARG S6_OVERLAY_SYMLINKS_ARCH_SHA256="1b75ac96ddc953f6b7b10be4f579c3e4f6cdf85270116a539930e03e74066f2f"
+ARG S6_OVERLAY_SYMLINKS_NOARCH_SHA256="1e36efb936084fddffe6c55dae8f478e7b2d70f77db2caaceb78c7425b9a7956"
 
 # Install s6
 RUN --mount=type=cache,id=base-downloads,sharing=locked,from=download,target=/opt/downloads \
+    S6_BASE_URL="https://github.com/just-containers/s6-overlay/releases/download/v${S6_VERSION}" && \
+    S6_OVERLAY_NOARCH=s6-overlay-noarch.tar.xz && \
+    download.sh --url "${S6_BASE_URL}/${S6_OVERLAY_NOARCH}" --sha256 "${S6_OVERLAY_NOARCH_SHA256}" "${DOWNLOAD_CACHE_DIRECTORY}" && \
+    tar -xf "${DOWNLOAD_CACHE_DIRECTORY}/${S6_OVERLAY_NOARCH}" -C /  && \
+    S6_OVERLAY_SYMLINKS_ARCH=s6-overlay-symlinks-arch.tar.xz && \
+    download.sh --url "${S6_BASE_URL}/${S6_OVERLAY_SYMLINKS_ARCH}" --sha256 "${S6_OVERLAY_SYMLINKS_ARCH_SHA256}" "${DOWNLOAD_CACHE_DIRECTORY}" && \
+    tar -xf "${DOWNLOAD_CACHE_DIRECTORY}/${S6_OVERLAY_SYMLINKS_ARCH}" -C /  && \
+    S6_OVERLAY_SYMLINKS_NOARCH=s6-overlay-symlinks-noarch.tar.xz && \
+    download.sh --url "${S6_BASE_URL}/${S6_OVERLAY_SYMLINKS_NOARCH}" --sha256 "${S6_OVERLAY_SYMLINKS_NOARCH_SHA256}" "${DOWNLOAD_CACHE_DIRECTORY}" && \
+    tar -xf "${DOWNLOAD_CACHE_DIRECTORY}/${S6_OVERLAY_SYMLINKS_NOARCH}" -C /  && \
     if [ "${TARGETARCH}" = "arm64" ]; then \
-        S6_FILE="s6-overlay-aarch64.tar.gz"; \
-        S6_SHA256="${S6_ARM64_SHA256}"; \
+        S6_FILE="s6-overlay-aarch64.tar.xz"; \
+        S6_SHA256="${S6_OVERLAY_ARM64_SHA256}"; \
     fi; \
     if [ "${TARGETARCH}" = "amd64" ]; then \
-        S6_FILE="s6-overlay-amd64.tar.gz"; \
-        S6_SHA256="${S6_AMD64_SHA256}"; \
+        S6_FILE="s6-overlay-x86_64.tar.xz"; \
+        S6_SHA256="${S6_OVERLAY_AMD64_SHA256}"; \
     fi; \
-    S6_URL="https://github.com/just-containers/s6-overlay/releases/download/v${S6_VERSION}/${S6_FILE}" && \
-    download.sh --url "${S6_URL}" --sha256 "${S6_SHA256}" "${DOWNLOAD_CACHE_DIRECTORY}" && \
-    tar -xzf "${DOWNLOAD_CACHE_DIRECTORY}/${S6_FILE}" -C /  && \
+    download.sh --url "${S6_BASE_URL}/${S6_FILE}" --sha256 "${S6_SHA256}" "${DOWNLOAD_CACHE_DIRECTORY}" && \
+    tar -xf "${DOWNLOAD_CACHE_DIRECTORY}/${S6_FILE}" -C /  && \
     echo '' > /root/.ash_history
 
 # Install confd

base/rootfs/etc/s6-overlay/s6-rc.d/cacert-import/type

@@ -0,0 +1 @@
+oneshot

base/rootfs/etc/s6-overlay/s6-rc.d/cacert-import/up

@@ -0,0 +1 @@
+/etc/s6-overlay/scripts/cacert-import.sh

base/rootfs/etc/s6-overlay/s6-rc.d/confd/finish

@@ -0,0 +1,6 @@
+#!/command/with-contenv bash
+set -e
+
+if [[ "${CONFD_ENABLE_SERVICE}" == "true" ]]; then
+  source /usr/local/share/s6/finish
+fi

base/rootfs/etc/services.d/confd/run → base/rootfs/etc/s6-overlay/s6-rc.d/confd/run

@@ -1,7 +1,9 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 set -e
 
-# Only run the service if explicitly told to do so.
 if [[ "${CONFD_ENABLE_SERVICE}" == "true" ]]; then
   exec confd-render-templates.sh -- -interval ${CONFD_POLLING_INTERVAL}
+else
+  # Renders confd templates once.
+  confd-render-templates.sh -- -onetime -sync-only
 fi

base/rootfs/etc/s6-overlay/s6-rc.d/confd/type

@@ -0,0 +1 @@
+longrun

base/rootfs/etc/s6-overlay/s6-rc.d/container-environment/type

@@ -0,0 +1 @@
+oneshot

base/rootfs/etc/s6-overlay/s6-rc.d/container-environment/up

@@ -0,0 +1 @@
+/etc/s6-overlay/scripts/container-environment.sh

base/rootfs/etc/s6-overlay/s6-rc.d/database-defaults/type

@@ -0,0 +1 @@
+oneshot

base/rootfs/etc/s6-overlay/s6-rc.d/database-defaults/up

@@ -0,0 +1 @@
+/etc/s6-overlay/scripts/container-environment.sh

base/rootfs/etc/s6-overlay/s6-rc.d/tty/type

@@ -0,0 +1 @@
+oneshot

base/rootfs/etc/cont-init.d/00-tty.sh → base/rootfs/etc/s6-overlay/s6-rc.d/tty/up

@@ -1,6 +1,3 @@
-#!/usr/bin/env bash
-set -e
-
 # If the container is started without allocating a tty, i.e. without `-t`.
 # It can cause issues for non-root processes that want to write directly to
 # standard out.
@@ -14,4 +11,4 @@ set -e
 #
 # To permit the containers to be started without `tty` we allow all users
 # to read/write to the stdout,stderr,stdin pipes.
-chmod o+rw /dev/std{in,out,err}
+chmod o+rw /dev/stdin /dev/stdout /dev/stderr

base/rootfs/etc/cont-init.d/02-cacert-import.sh → base/rootfs/etc/s6-overlay/scripts/cacert-import.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 set -e
 
@@ -10,7 +10,7 @@ fi
 # Import into the java certificate store if java is installed.
 # And the CA pem file exists.
 if [[ -s "/usr/local/share/ca-certificates/rootCA.pem" ]]; then
-  if hash keytool; then
+  if hash keytool &>/dev/null; then
     keytool \
       -importcert \
       -noprompt \