Merge branch 'development'

.env

@@ -26,14 +26,34 @@ APP_DESCRIPTION='This component provides a products and services catalogue that
 
 # The urls on wich this api is available
 TRUSTED_PROXIES=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-TRUSTED_HOSTS=^(.+\.)?conduction\.nl$|^(.+\.)?huwelijksplanner\.online$|^(.+\.)?larping\.eu$|^(.+\.)?common-ground\.nl$|^(.+\.)?trouwplanner\.online$|^(.+\.)?zaakonline\.nl$|localhost
+TRUSTED_HOSTS=^(.+\.)?conduction\.nl$|^(.+\.)?vng\.cloud$|^(.+\.)?huwelijksplanner\.online$|^(.+\.)?larping\.eu$|^(.+\.)?common-ground\.dev$|^(.+\.)?trouwplanner\.online$|^(.+\.)?zaakonline\.nl$|localhost
+
+##################################################
+# Orgization details
+##################################################
+
+# The following details describe your organisations and are used for both certificate creation, nlx (if active) and common-ground.dev
+
+ORGANIZATION_NAME=Conduction
+ORGANIZATION_EMAIL_ADDRESS=[email protected]
+ORGANIZATION_COUNTRY_NAME=Netherlands
+ORGANIZATION_STATE=Noord-Holland
+ORGANIZATION_LOCALITY=Amsterdam
+ORGANIZATION_UNIT_NAME=Common-Ground
 
 ##################################################
 # Documentation settings
 ##################################################
 
+# The primary domain for this API @depracticed
 APP_DOMAIN=conduction.nl
+APP_DOMAINS=["conduction.nl","huwelijksplanner.online"]
+# he domains on wich you want to provide this component, the first wil be used as primary (or common in cert-manger terms)
+# If set to true wil provide the component on an {APP_NAME}.{APP_DOMAIN} basis for production enviroment, and  {APP_NAME}.{APP_ENV}.{APP_DOMAIN} basis for other enviroments. Wil skipp the {APP_NAME}. on both if set to false 
+APP_USE_NAME_AS_SUBDOMAIN=true
+# The demo enviroment for this component @depracticed
 APP_DEMO=pdc.zaakonline.nl
+# he Repository for this component
 APP_REPRO=https://github.com/ConductionNL/productenendienstencatalogus
 
 ##################################################
@@ -42,14 +62,15 @@ APP_REPRO=https://github.com/ConductionNL/productenendienstencatalogus
 
 CONTAINER_REGISTRY_BASE=docker.io/conduction
 CONTAINER_PROJECT_NAME=pdc
+# The repository for the primary (php) container of this project
 CONTAINER_REPRO=https://hub.docker.com/repository/docker/conduction/pdc-php
 
 ##################################################
 # Notifcation settings
 ##################################################
 
 NOTIFICATION_ENABLED=falsedxfddxf
-NOTIFICATION_PROVIDER=sasd
+NOTIFICATION_PROVIDER=sasdasd
 NOTIFICATION_ENABLED_AUTHORIZATION=sasd
 
 ##################################################

.github/workflows/dockerimage.yml

@@ -63,6 +63,10 @@ jobs:
         run: docker-compose logs
       - name: Security Checks
         run: docker-compose exec -T php composer req sensiolabs/security-checker
+      - name: Database Update
+        run: docker-compose exec -T php bin/console doctrine:schema:update --force
+      - name: Database Check
+        run: docker-compose exec -T php bin/console doctrine:schema:validate
       - name: Chores
         run: docker-compose down
       - name: Login to DockerHub Registry
@@ -94,7 +98,7 @@ jobs:
         if: (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true'
         run: helm upgrade $APP_NAME-$APP_ENV ./api/helm  --kubeconfig="kubeconfig.yaml" --namespace=$APP_ENV  --set settings.env=$APP_ENV,settings.debug=1
       - name: Install through helm
-        if: failure()
+        if: failure() && (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true'
         run: helm install --name $APP_NAME-$APP_ENV ./api/helm  --kubeconfig="kubeconfig.yaml" --namespace=$APP_ENV  --set settings.env=$APP_ENV,settings.debug=1 
       - name: Rollout new containers
         if: (contains( github.ref, 'master' ) || contains( github.ref, 'staging' ) || contains( github.ref, 'development' )) && steps.kubeconfig.outputs.success == 'true' && success()

INSTALLATION.md

@@ -35,10 +35,19 @@ Now that we've installed both Helm components, we're ready to use helm to instal
 ## Setting up ingress
 We need at least one nginx controller per kubernetes kluster, doh optionally we could set on up on a per namebase basis
 
-helm install stable/nginx-ingress --name loadbalancer --kubeconfig="kubeconfig.yaml"
+```CLI
+$ helm install stable/nginx-ingress --name loadbalancer --kubeconfig="kubeconfig.yaml"
+```
+
+We can check that out with 
+
+```CLI
+$ kubectl describe ingress pc-dev-ingress -n=kube-system --kubeconfig="kubeconfig.yaml"
+```
 
 ## Setting up Kubernetes Dashboard
 After we installed helm and tiller we can easily use both to install kubernetes dashboard
+
 ```CLI
 $ helm install stable/kubernetes-dashboard --name dashboard --kubeconfig="kubeconfig.yaml" --namespace="kube-system"
 ```
@@ -57,29 +66,52 @@ $ kubectl -n kube-system describe secrets tiller-token-xxxxx  --kubeconfig="kube
 This should return the token, copy it to somewhere save (just the token not the other returned information) and start up a dashboard connection
 
 ```CLI
-$kubectl proxy --kubeconfig="kubeconfig.yaml"
+$ kubectl proxy --kubeconfig="kubeconfig.yaml"
 ```
 
 This should proxy our dashboard to helm making it available trough our favorite browser and a simple link
 ```CLI
 http://localhost:8001/api/v1/namespaces/kube-system/services/https:dashboard-kubernetes-dashboard:https/proxy/#!/login
 ```
 
+
+## Cert Manager
+https://cert-manager.io/docs/installation/kubernetes/
+
+```CLI
+$ kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml --kubeconfig="kubeconfig.yaml"
+$ kubectl create namespace cert-manager --kubeconfig="kubeconfig.yaml"
+```
+
+ The we need tp deploy the cert manager to our cluster
+
+```CLI
+$ helm repo add jetstack https://charts.jetstack.io
+$ helm install --name cert-manager --namespace cert-manager --version v0.12.0 \ jetstack/cert-manager --kubeconfig="kubeconfig.yaml"
+```
+
+lets check if everything is working
+
+```CLI
+$ kubectl get pods --namespace cert-manager --kubeconfig="kubeconfig.yaml"
+$ kubectl describe certificate -n dev --kubeconfig="kubeconfig.yaml"
+```
+
 ## Deploying trough helm
 First we always need to update our dependencies
 ```CLI
 $ helm dependency update ./api/helm
 ```
 If you want to create a new instance
 ```CLI
-$ helm install --name pdc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1,settings.loadbalancerEnabled=true
+$ helm install --name pdc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1
 $ helm install --name pdc-stag ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=stag --set settings.env=stag,settings.debug=0
 $ helm install --name pdc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=prod --set settings.env=prod,settings.debug=0 
 ```
 
 Or update if you want to update an existing one
 ```CLI
-$ helm upgrade pdc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1,settings.loadbalancerEnabled=true
+$ helm upgrade pdc-dev ./api/helm  --kubeconfig="api/helm/kubeconfig.yaml" --namespace=dev  --set settings.env=dev,settings.debug=1
 $ helm upgrade pdc-stag ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=stag --set settings.env=stag,settings.debug=0 
 $ helm upgrade pdc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --namespace=prod --set settings.env=prod,settings.debug=0 
 ```

README.md

@@ -8,6 +8,9 @@ Het "orders" component is ontwikkeld voor de gemeente Utrecht en heeft als doel
 - [contributing](https://github.com/ConductionNL/orderscomponent/blob/master/CONTRIBUTING.md) for tips tricks and general rules concerning contributing to this component.
 - [codebase](https://github.com/ConductionNL/orderscomponent) on github.
 - [codebase](https://github.com/ConductionNL/orderscomponent/archive/master.zip) as a download.
+- [Design considerations](DESIGN-PDC.md)
+- [Data model](api/public/schema/datamodel.pdf)
+- [Postman tests](api/public/schema/pdc.postman_collection.json)
 
 Getting started
 -------

api/Dockerfile

@@ -29,6 +29,7 @@ RUN set -eux; \
 		$PHPIZE_DEPS \
 		icu-dev \
 		libzip-dev \
+		libpng-dev \
 		postgresql-dev \
 		zlib-dev \
 	; \
@@ -40,6 +41,8 @@ RUN set -eux; \
 		zip \
 		mysqli \ 
 		pdo_mysql \
+		pcntl \ 
+		gd \
 	; \
 	pecl install \
 		apcu-${APCU_VERSION} \
@@ -103,6 +106,9 @@ RUN set -eux; \
 	chmod +x bin/console; sync
 VOLUME /srv/api/var
 
+# Now that we have our own composer lets update
+RUN composer update --no-interaction
+
 COPY docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
 RUN chmod +x /usr/local/bin/docker-entrypoint
 

api/composer.json

@@ -13,6 +13,7 @@
 		"phpdocumentor/reflection-docblock": "^4.3",
 		"ramsey/uuid": "^3.8",
 		"ramsey/uuid-doctrine": "^1.5",
+		"sensio/framework-extra-bundle": "^5.5",
 		"sensiolabs/security-checker": "^6.0",
 		"stof/doctrine-extensions-bundle": "^1.3",
 		"symfony/console": "4.3.*",

api/config/bundles.php

@@ -2,6 +2,7 @@
 
 return [
     Symfony\Bundle\FrameworkBundle\FrameworkBundle::class                    => ['all' => true],
+    Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class     => ['all' => true],
     Symfony\Bundle\SecurityBundle\SecurityBundle::class                      => ['all' => true],
     Symfony\Bundle\MercureBundle\MercureBundle::class                        => ['all' => true],
     Symfony\Bundle\TwigBundle\TwigBundle::class                              => ['all' => true],

api/config/packages/api_platform.yaml

@@ -34,7 +34,7 @@ api_platform:
         - Version: %env(APP_VERSION)%
         - Repository: [online](%env(APP_REPRO)%) / [zip](%env(APP_REPRO)%/archive/master.zip)
         - Docker Image: [online](%env(CONTAINER_REPRO)%) 
-        - Datamodel: [postman](/schema/openapi.postman_collection) / [oas](/schema/openapi.yaml) / [pdf](/schema/datamodel.pdf) / [mwb](/schema/datamodel.mwb) 
+        - Datamodel: [postman](/schema/%env(APP_NAME)%.postman_collection.json) / [oas](/schema/openapi.yaml) / [pdf](/schema/datamodel.pdf) / [mwb](/schema/datamodel.mwb) 
         
         %env(APP_DESCRIPTION)%         
     

api/config/packages/sensio_framework_extra.yaml

@@ -0,0 +1,3 @@
+sensio_framework_extra:
+    router:
+        annotations: false

api/config/packages/twig.yaml

@@ -1,3 +1,13 @@
+parameters:
+    env(APP_DOMAINS): '[]'
+    # Organisation stuff
+    env(ORGANIZATION_NAME): ''
+    env(ORGANIZATION_EMAIL_ADDRESS): ''
+    env(ORGANIZATION_COUNTRY_NAME): ''
+    env(ORGANIZATION_STATE): ''
+    env(ORGANIZATION_LOCALITY): ''
+    env(ORGANIZATION_UNIT_NAME): ''    
+
 twig:
     default_path: '%kernel.project_dir%/templates'
     debug: '%kernel.debug%'
@@ -8,13 +18,21 @@ twig:
 
         container_registry_base: '%env(CONTAINER_REGISTRY_BASE)%'   
         container_project_name: '%env(CONTAINER_PROJECT_NAME)%'
+
+        organization_name: '%env(ORGANIZATION_NAME)%'
+        organization_email: '%env(ORGANIZATION_EMAIL_ADDRESS)%'
+        organization_country: '%env(ORGANIZATION_COUNTRY_NAME)%'
+        organization_state: '%env(ORGANIZATION_STATE)%'
+        organization_locality: '%env(ORGANIZATION_LOCALITY)%'
+        organization_unit: '%env(ORGANIZATION_UNIT_NAME)%'
 
         app_name: '%env(APP_NAME)%'
         app_title: '%env(APP_TITLE)%'
         app_version: '%env(APP_VERSION)%'
         app_env: '%env(APP_ENV)%'
         app_debug: '%env(APP_DEBUG)%'
         app_domain: '%env(APP_DOMAIN)%'
+        app_domains: '%env(json:APP_DOMAINS)%'
         app_demo: '%env(APP_DEMO)%'
         app_repro: '%env(APP_REPRO)%'
         app_description: '%env(APP_DESCRIPTION)%'

api/docker/php/docker-entrypoint.sh

@@ -31,9 +31,10 @@ if [ "$1" = 'php-fpm' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
 		#fi
 	#fi
 
-	if [ "$APP_ENV" != 'prod' ]; then
+	#wierd bug fix...
+	#if [ "$APP_ENV" != 'prod' ]; then
 		composer install --prefer-dist --no-progress --no-suggest --no-interaction
-	fi
+	#fi
 
 	# Lets setup an nlx certificate if needed
 	#if [ "$APP_ENV" != 'prod' ]; then

api/helm/templates/api-deployment.yaml

@@ -21,7 +21,7 @@ spec:
     spec:
       containers:
         - name: {{ include "name" . }}-nginx
-          image: "{{ .Values.settings.registryBase }}/pdc-nginx:{{ .Values.settings.env }}"
+          image: "{{ .Values.settings.registryBase }}/{{ .Values.settings.projectName }}-nginx:{{ .Values.settings.env }}"
           imagePullPolicy: {{ .Values.settings.pullPolicy }}
           ports:
             - containerPort: 80

api/helm/templates/cert-issuer.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: {{ include "name" . }}-{{ .Values.settings.env }}-letsencrypt
+spec:
+  acme:
+    email: {{ .Values.settings.email }}
+    http01: {}
+    privateKeySecretRef:
+      name: letsencrypt-private-key
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: nginx