Skip to content

Commit

Permalink
Refactor Docker setup
Browse files Browse the repository at this point in the history
Re-add ability to use Docker for development post-switch
to Cloud VPS. Support for Trove has been added, along with
a few tweaks (like moving execution to a non-root user,
as required by Symfony).

Also moved off of Toolforge images and onto global `php`
images, since CopyPatrol isn't expected to run on Toolforge
anymore.
  • Loading branch information
ChlodAlejandro committed Aug 15, 2024
1 parent 6a9361d commit a5c866e
Show file tree
Hide file tree
Showing 5 changed files with 249 additions and 151 deletions.
127 changes: 56 additions & 71 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
name: Build and test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
Expand All @@ -29,74 +29,59 @@ jobs:
./bin/console lint:yaml ./config
./vendor/bin/minus-x check .
./bin/phpunit --exclude-group=integration
build_image:
name: Build Docker image
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3

- name: Build image
id: docker_build
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
target: production
tags: wikimedia/copypatrol:latest
outputs: type=docker,dest=/tmp/copypatrol-production.image.tar
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

- name: Upload Docker image to artifacts
uses: actions/upload-artifact@v4
with:
name: image-production
path: /tmp/copypatrol-production.image.tar
analysis:
name: Analyze Docker images
runs-on: ubuntu-latest
needs: build_image

steps:
- name: Download Docker image from artifacts
uses: actions/download-artifact@v4
with:
name: image-production
path: /tmp

# build_image:
# name: Build Docker image
# runs-on: ubuntu-latest
# needs: build
# strategy:
# matrix:
# targets:
# - name: production
# tag: wikimedia/copypatrol
# - name: development
# tag: wikimedia/copypatrol-development
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v2
#
# - name: Set up Docker Buildx
# id: buildx
# uses: docker/setup-buildx-action@v2
#
# - name: Build image
# id: docker_build
# uses: docker/build-push-action@v4
# with:
# context: .
# file: docker/Dockerfile
# target: ${{ matrix.targets.name }}
# tags: ${{ matrix.targets.tag }}:latest
# outputs: type=docker,dest=/tmp/copypatrol-${{ matrix.targets.name }}.image.tar
# cache-from: type=gha
# cache-to: type=gha,mode=max
#
# - name: Image digest
# run: echo ${{ steps.docker_build.outputs.digest }}
#
# - name: Upload Docker image to artifacts
# uses: actions/upload-artifact@v2
# with:
# name: image-${{ matrix.targets.name }}
# path: /tmp/copypatrol-${{ matrix.targets.name }}.image.tar
# analysis:
# name: Analyze Docker images
# runs-on: ubuntu-latest
# needs: build_image
# strategy:
# matrix:
# targets:
# - name: production
# tag: wikimedia/copypatrol
# - name: development
# tag: wikimedia/copypatrol-development
#
# steps:
# - name: Download Docker image from artifacts
# uses: actions/download-artifact@v2
# with:
# name: image-${{ matrix.targets.name }}
# path: /tmp
#
# - name: Load image
# run: |
# docker load --input /tmp/copypatrol-${{ matrix.targets.name }}.image.tar
# docker image ls -a
# - name: Dive
# uses: yuichielectric/[email protected]
# with:
# image: ${{ matrix.targets.tag }}:latest
# github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Load image
run: |
docker load --input /tmp/copypatrol-production.image.tar
docker image ls -a
- name: Dive
uses: MaxymVlasov/[email protected]
with:
image: wikimedia/copypatrol:latest
github-token: ${{ secrets.GITHUB_TOKEN }}
76 changes: 74 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,80 @@ Assets are compiled using Webpack Encore. The compiled assets **must** be commit

## Installing using Docker

_A new Docker image needs to be created following the move to Wikimedia VPS._
_You can use the manual installation instructions above in the meantime._
Development through Docker is suggested if you have a different version of PHP locally
installed, or if you wish to keep an isolated installation of PHP 8.2 for CopyPatrol.

1. Copy [.env](.env) to [.env.local](.env.local) and fill in the appropriate details.
1. Set `REPLICAS_HOST_*` and `TROVE_HOST` to `127.0.0.1`
2. Use the credentials in your `replica.my.cnf` file in the home directory of your
Toolforge account for `REPLICAS_USERNAME` and `REPLICAS_PASSWORD`.
3. Set the rest of the `TROVE_*` variables to that of the installation of the CopyPatrol
database (`COPYPATROL_DB_NAME`).
4. If you need to test OAuth, obtain tokens by registering a new consumer on Meta at
[Special:OAuthConsumerRegistration](https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration).
Alternatively, you can set `LOGGED_IN_USER` to any value to simulate being that user
after clicking on 'Login'.
5. If you need to test the "iThenticate report" functionality, set `TCA_DOMAIN` and `TCA_KEY`.
Reports older than `AppController::ITHENTICATE_V2_TIMESTAMP` need to connect to the older
iThenticate API, using the credentials set by `ITHENTICATE_USERNAME` and `ITHENTICATE_PASSWORD`.
2. Build the development image once and install Composer dependencies with the following
```bash
docker compose build
# On Windows, use `%CD%` instead of `$(pwd)`.
docker run --rm -ti -v $(pwd):/app wikimedia/copypatrol:development composer install
```
Run the second command again every time you change `composer.json`, or when `composer.json`
is changed in an upstream commit. This can take a while on Windows.
3. (*Windows only*) Set the `HOME` environment variable to your user profile directory.
```cmd
setx HOME %UserProfile%
set HOME=%UserProfile%
```
The first command sets `HOME` for future shells. The second command sets `HOME` for the current shell.
4. Open a new terminal and start the development container with
```bash
docker compose up
```
Starting the local development server will be delayed until the next
step is finished.
5. Open up an SSH tunnel to access the databases on Toolforge.
```bash
# Your SSH config at $HOME/.ssh will be mounted into the container.
# Your passphrase will be requested if your private key is protected.
# If your Toolforge shell name is different from the default, append
# your shell name after "ssh". (e.g. `... start ssh exampleuser`)
docker compose exec copypatrol start ssh
```
This terminal will stay open as long as SSH is connected. No successful
connection message is shown, but Symfony will start immediately once the
ports are open. This extra step is required for you to be able to enter
your SSH key password through a TTY.

Changes to this folder will automatically be applied to the running Docker container. This includes
changes to `src` files, `.env.local`, etc. XDebug is set up to connect to the host machine
(the computer running the Docker container) on port 9003 upon request ([more info](https://xdebug.org/docs/step_debug)).

If the Trove host changes, you must set the `TROVE_HOST` environment variable to the correct host.
Review [OpenStack browser](https://openstack-browser.toolforge.org/project/copypatrol/database/copypatrol-dev-db-01) for
the latest host.

An XDebug configuration is provided by default. To customize this config, mount a
`xdebug.ini` file to `/usr/local/etc/php/conf.d/xdebug.ini` in the container.

<details>
<summary>Production image</summary>

A production image can be built with the following command:
```bash
docker build -t wikimedia/copypatrol:latest -f docker/Dockerfile .
```
This image does not contain XDebug or OpenSSH, and does not have an SSH tunnel to Toolforge.
You can test it out by running the following command:
```bash
# On Windows, use `%CD%` instead of `$(pwd)`.
docker run -ti --rm -p 8000:8000 wikimedia/copypatrol:latest
```
</details>

## Adding new languages

Expand Down
17 changes: 14 additions & 3 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: '3.8'

# =========================================================
#
# This file allows anyone to start the CopyPatrol web interface
Expand All @@ -26,12 +24,17 @@ services:
command: serve
stdin_open: true
tty: true
environment:
- TROVE_HOST
extra_hosts:
- host.docker.internal:host-gateway
ports:
- "8000:8000"
volumes:
# This binds your SSH configuration into the container.
# If you don't want to do this, comment this entry out.
# TODO: Disable `copypatrol` user access to /ssh, when that becomes possible.
# https://github.com/docker/roadmap/issues/398
- type: bind
source: "$HOME/.ssh"
target: "/ssh"
Expand All @@ -40,4 +43,12 @@ services:
- type: bind
source: "."
target: "/app"
stop_signal: SIGINT
read_only: true
- type: bind
source: "./var"
target: "/app/var"
- type: bind
source: "./docker/docker-entrypoint.sh"
target: "/docker-entrypoint.sh"
read_only: true
stop_signal: SIGINT
Loading

0 comments on commit a5c866e

Please sign in to comment.