Merge branch 'release/v2.8.1'

Author: dlen

.dockerignore

@@ -8,5 +8,4 @@ Gemfile.lock
 Rakefile
 *.md
 *.yml
-scripts
 env

CHANGELOG.md

@@ -2,7 +2,18 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.7.1...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.1...HEAD)
+
+## [2.8.1](https://github.com/passbolt/passbolt_docker/compare/v2.7.1...v2.8.1) - 2019-04-01
+
+### Added
+
+- Documentation for new env variable APP_BASE to use passbolt in a subfolder
+- Added wait-for.sh to the docker image as part of [#123](https://github.com/passbolt/passbolt_docker/pull/123)
+
+### Fixed
+
+- Now passbolt checks for the mysql status outside of the docker image [#97](https://github.com/passbolt/passbolt_docker/issues/97)
 
 ## [2.7.1](https://github.com/passbolt/passbolt_docker/compare/v2.7.0...v2.7.1) - 2019-02-13
 

Dockerfile

@@ -2,7 +2,7 @@ FROM php:7.2-fpm
 
 LABEL maintainer="[email protected]"
 
-ARG PASSBOLT_VERSION="2.7.1"
+ARG PASSBOLT_VERSION="2.8.1"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
 ARG PHP_EXTENSIONS="gd \
@@ -78,6 +78,7 @@ RUN apt-get update \
 COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
 COPY conf/supervisor/*.conf /etc/supervisor/conf.d/
 COPY bin/docker-entrypoint.sh /docker-entrypoint.sh
+COPY scripts/wait-for.sh /usr/bin/wait-for.sh
 
 EXPOSE 80 443
 

README.md

@@ -76,6 +76,7 @@ Passbolt docker image provides several environment variables to configure differ
 
 | Variable name                       | Description                      | Default value       |
 | ----------------------------------- | -------------------------------- | ------------------- |
+| APP_BASE                            | it allows people to specify the base subdir the application is running in | null |
 | APP_FULL_BASE_URL                   | Passbolt base url                | false |
 | DATASOURCES_DEFAULT_HOST            | Database hostname                | localhost |
 | DATASOURCES_DEFAULT_PORT            | Database port                    | 3306 |

bin/docker-entrypoint.sh

@@ -70,29 +70,18 @@ gen_ssl_cert() {
 }
 
 install() {
-  tables=$(mysql \
-    -u "${DATASOURCES_DEFAULT_USERNAME:-passbolt}" \
-    -h "${DATASOURCES_DEFAULT_HOST:-localhost}" \
-    -P "${DATASOURCES_DEFAULT_PORT:-3306}" \
-    -BN -e "SHOW TABLES FROM ${DATASOURCES_DEFAULT_DATABASE:-passbolt}" \
-    -p"${DATASOURCES_DEFAULT_PASSWORD:-P4ssb0lt}" |wc -l)
-  app_config="/var/www/passbolt/config/app.php"
+  local app_config="/var/www/passbolt/config/app.php"
 
   if [ ! -f "$app_config" ]; then
     su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/bash www-data
   fi
 
-  if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ]; then
+  if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f  '/var/www/passbolt/config/passbolt.php' ]; then
     gpg_auto_fingerprint="$(su -c "gpg --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
     export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
   fi
 
-  if [ "$tables" -eq 0 ]; then
-    su -c '/var/www/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data
-  else
-    su -c '/var/www/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data
-    echo "Enjoy! ☮"
-  fi
+  su -c '/var/www/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data || su -c '/var/www/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data && echo "Enjoy! ☮"
 }
 
 email_cron_job() {

docker-compose-dev.yml

@@ -21,7 +21,6 @@ services:
     volumes:
       - gpg_volume:/var/www/passbolt/config/gpg
       - images_volume:/var/www/passbolt/webroot/img/public/images
-      - ./scripts/wait-for.sh:/usr/bin/wait-for.sh
     command: ["/usr/bin/wait-for.sh", "db:3306", "--", "/docker-entrypoint.sh"]
     ports:
       - 80:80

docker-compose-pro.yml

@@ -10,7 +10,7 @@ services:
       - "127.0.0.1:3306:3306"
 
   passbolt:
-    image: passbolt/passbolt:2.7.1-pro-debian
+    image: passbolt/passbolt:2.8.1-pro-debian
     tty: true
     depends_on:
       - db
@@ -20,7 +20,6 @@ services:
       - gpg_volume:/var/www/passbolt/config/gpg
       - images_volume:/var/www/passbolt/webroot/img/public
       - ./license:/var/www/passbolt/config/license
-      - ./scripts/wait-for.sh:/usr/bin/wait-for.sh
     tmpfs:
       - /run
     command: ["/usr/bin/wait-for.sh", "db:3306", "--", "/docker-entrypoint.sh"]

docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - "127.0.0.1:3306:3306"
 
   passbolt:
-    image: passbolt/passbolt:2.7.1-debian
+    image: passbolt/passbolt:2.8.1-debian
     tty: true
     depends_on:
       - db
@@ -19,7 +19,6 @@ services:
     volumes:
       - gpg_volume:/var/www/passbolt/config/gpg
       - images_volume:/var/www/passbolt/webroot/img/public
-      - ./scripts/wait-for.sh:/usr/bin/wait-for.sh
     tmpfs:
       - /run
     command: ["/usr/bin/wait-for.sh", "db:3306", "--", "/docker-entrypoint.sh"]

spec/docker_image/image_spec.rb

@@ -34,6 +34,7 @@
     'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar',
     'posix', 'xml', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
     ] }
+  let(:wait_for) { '/usr/bin/wait-for.sh' }
 
   describe 'passbolt required php extensions' do
     it 'has php extensions installed' do
@@ -61,6 +62,12 @@
     end
   end
 
+  describe 'wait-for' do
+    it 'is installed' do
+      expect(file(wait_for)).to exist and be_executable
+    end
+  end
+
   describe 'passbolt directory structure' do
     it 'must exist and be directories' do
       expect(file(passbolt_home)).to be_a_directory

spec/docker_runtime_no_envs/runtime_no_envs_spec.rb

@@ -0,0 +1,126 @@
+require 'spec_helper'
+
+describe 'passbolt_api service' do
+
+  before(:all) do
+    @mysql_image = Docker::Image.create('fromImage' => 'mariadb:latest')
+    @mysql = Docker::Container.create(
+      'Env' => [
+        'MYSQL_ROOT_PASSWORD=test',
+        'MYSQL_DATABASE=passbolt',
+        'MYSQL_USER=passbolt',
+        'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
+      ],
+      "Healthcheck" => {
+        "Test": [
+          "CMD-SHELL",
+          "mysqladmin ping --silent"
+        ]
+      },
+      'Image' => @mysql_image.id)
+    @mysql.start
+
+    while @mysql.json['State']['Health']['Status'] != 'healthy'
+      sleep 1
+    end
+
+    @image     = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
+
+    @container = Docker::Container.create(
+      'Env' => [
+        "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
+      ],
+      'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ],
+      'Image' => @image.id)
+
+    @container.start
+    @container.logs(stdout: true)
+
+    set :docker_container, @container.id
+    sleep 17
+  end
+
+  after(:all) do
+    @mysql.kill
+    @container.kill
+  end
+
+  let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
+  let(:uri)               { "/healthcheck/status.json" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+
+  describe 'php service' do
+    it 'is running supervised' do
+      expect(service('php-fpm')).to be_running.under('supervisor')
+    end
+
+    it 'has its port open' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
+    end
+  end
+
+  describe 'email cron' do
+    it 'is running supervised' do
+      expect(service('cron')).to be_running.under('supervisor')
+    end
+  end
+
+  describe 'web service' do
+    it 'is running supervised' do
+      expect(service('nginx')).to be_running.under('supervisor')
+    end
+
+    it 'is listening on port 80' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+    end
+
+    it 'is listening on port 443' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+    end
+  end
+
+  describe 'passbolt status' do
+    it 'returns 200' do
+      expect(command(curl).stdout).to eq '200'
+    end
+  end
+
+  describe 'passbolt serverkey unaccessible' do
+    let(:uri) { '/config/gpg/serverkey.asc' }
+    it "returns 404" do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    let(:uri) { '/config/gpg/serverkey_private.asc' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf unaccessible' do
+    let(:uri) { '/config/app.php' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+  describe 'passbolt tmp folder is unaccessible' do
+    let(:uri) { '/tmp/cache/database/empty' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'hide information' do
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    it 'hides php version' do
+      expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
+    end
+
+    it 'hides nginx version' do
+      expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/)
+    end
+  end
+
+end