From 64689c09e6238a9780746587268c72816ef912e7 Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Thu, 6 Jun 2024 08:44:38 -0400 Subject: [PATCH] Support reverse proxies + CI integration test (#43) --- .env | 15 ++++++++- .github/workflows/integration-test.yml | 45 ++++++++++++++++++++++++++ docker-compose.yml | 6 ++++ setup.sh | 2 +- tests/init-template-starter.sh | 25 ++++++++++++++ tests/ping.sh | 18 +++++++++++ 6 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/integration-test.yml create mode 100755 tests/init-template-starter.sh create mode 100755 tests/ping.sh diff --git a/.env b/.env index cd60033..4a7971f 100644 --- a/.env +++ b/.env @@ -30,7 +30,7 @@ CONSISTENCY=delegated ISLANDORA_REPOSITORY=islandora # The version of the isle-buildkit images to use. -ISLANDORA_TAG=3.2.4 +ISLANDORA_TAG=3.2.5 # The Docker image repository, to push/pull custom images from. # islandora.io redirects to localhost. @@ -42,6 +42,19 @@ TAG=local # The domain at which your production site is hosted. DOMAIN=islandora.dev +# Set to "on" if your ISLE docker deployment is behind a reverse proxy +REVERSE_PROXY=off + +# This list should be all the IPs in front of your Drupal docker container +# this is used to pass the original client IP to the drupal container so +# drupal/php is aware of who sent the original request +# if you're not behind a reverse proxy, you probably do not need to edit these IPs +# if you are behind a reverse proxy, most likely you can just replace FRONTEND_IP_1 +# with the IP address used on your front end // reverse proxy domain +FRONTEND_IP_1=127.0.0.1/32 +FRONTEND_IP_2=172.0.0.0/8 +FRONTEND_IP_3=192.168.0.0/16 + # The email to use for admin users and Lets Encrypt. EMAIL=postmaster@example.com diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml new file mode 100644 index 0000000..6cb1b9d --- /dev/null +++ b/.github/workflows/integration-test.yml @@ -0,0 +1,45 @@ +name: Run tests +on: + pull_request: + workflow_dispatch: + inputs: + buildkit-tag: + description: "The isle-buildkit tag to pull for the fleet of docker containers" + required: true + type: string + default: 'main' + starter-site-ref: + description: "The islandora-starter-site ref to checkout (heads/BRANCH-NAME or tags/TAG-NAME)" + required: true + type: string + default: 'heads/main' + schedule: + - cron: '15 11 * * *' +jobs: + build: + runs-on: ubuntu-latest + env: + ISLANDORA_TAG: "${{ github.event.inputs.buildkit-tag }}" + ISLANDORA_STARTER_REF: "${{ github.event.inputs.starter-site-ref }}" + steps: + - uses: actions/checkout@v4 + + - run: shellcheck tests/*.sh + + - name: install mkcert + run: |- + curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" + chmod +x mkcert-v*-linux-amd64 + sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert + + - name: start islandora-starter-site + run: ./tests/init-template-starter.sh + + - name: Notify Slack on nightly test failure + if: failure() && github.event_name == 'schedule' + run: |- + curl -s -o /dev/null -XPOST $SLACK_WEBHOOK_URL -d '{ + "text": "🚨 Scheduled job failed! Click to view the run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", + }' + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/docker-compose.yml b/docker-compose.yml index 2813933..b9209c9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -353,6 +353,10 @@ services: DRUPAL_DEFAULT_FCREPO_URL: "https://fcrepo.${DOMAIN}/fcrepo/rest/" DRUPAL_DEFAULT_SITE_URL: "${DOMAIN}" DRUPAL_DRUSH_URI: "https://${DOMAIN}" + NGINX_REAL_IP_RECURSIVE: ${REVERSE_PROXY} + NGINX_SET_REAL_IP_FROM: ${FRONTEND_IP_1} + NGINX_SET_REAL_IP_FROM2: ${FRONTEND_IP_2} + NGINX_SET_REAL_IP_FROM3: ${FRONTEND_IP_3} labels: <<: [*traefik-enable, *traefik-https-redirect-middleware, *traefik-drupal-labels] traefik.http.routers.drupal_http.rule: &traefik-host-drupal-prod Host(`${DOMAIN}`) @@ -615,6 +619,8 @@ services: --api.debug=false --entryPoints.http.address=:80 --entryPoints.https.address=:443 + --entryPoints.http.forwardedHeaders.trustedIPs=${FRONTEND_IP_1},${FRONTEND_IP_2},${FRONTEND_IP_3} + --entryPoints.https.forwardedHeaders.trustedIPs=${FRONTEND_IP_1},${FRONTEND_IP_2},${FRONTEND_IP_3} --entrypoints.https.http.tls.certResolver=resolver --providers.file.filename=/etc/traefik/tls.yml --providers.docker diff --git a/setup.sh b/setup.sh index 9683b81..3cb28ff 100755 --- a/setup.sh +++ b/setup.sh @@ -102,7 +102,7 @@ function initialize_from_site_template { echo "Initializing from site template..." ref=$(choose_ref "${repo}") curl -L "${repo}/archive/${ref}.tar.gz" | tar -xz --strip-components=1 - rm -fr .github setup.sh + rm -fr .github setup.sh tests git add . git commit -am "First commit, added isle-site-template." } diff --git a/tests/init-template-starter.sh b/tests/init-template-starter.sh new file mode 100755 index 0000000..72dc2d7 --- /dev/null +++ b/tests/init-template-starter.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +set -eou pipefail + +if [ ! -v ISLANDORA_STARTER_REF ] || [ "$ISLANDORA_STARTER_REF" = "" ]; then + ISLANDORA_STARTER_REF=heads/main +fi + +if [ ! -v ISLANDORA_TAG ] || [ "$ISLANDORA_TAG" = "" ]; then + ISLANDORA_TAG=main +fi + +mv drupal/rootfs/var/www/drupal/assets/patches/default_settings.txt . + +curl -L "https://github.com/Islandora-Devops/islandora-starter-site/archive/refs/${ISLANDORA_STARTER_REF}.tar.gz" \ + | tar --strip-components=1 -C drupal/rootfs/var/www/drupal -xz + +mv default_settings.txt drupal/rootfs/var/www/drupal/assets/patches/default_settings.txt + +./generate-certs.sh +./generate-secrets.sh + +docker compose --profile dev up -d + +./tests/ping.sh diff --git a/tests/ping.sh b/tests/ping.sh new file mode 100755 index 0000000..07d91af --- /dev/null +++ b/tests/ping.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +COUNTER=0 +while true; do + HTTP_STATUS=$(curl -w '%{http_code}' -o /dev/null -s https://islandora.dev/) + echo "Ping returned http status ${HTTP_STATUS}, exit code $?" + if [ "${HTTP_STATUS}" -eq 200 ]; then + echo "We're live 🚀" + exit 0 + fi + + ((COUNTER++)) + if [ "${COUNTER}" -eq 50 ]; then + echo "Failed to come online after 4m" + exit 1 + fi + sleep 5; +done