-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile-sitebuilder
136 lines (106 loc) · 5.63 KB
/
Dockerfile-sitebuilder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# This Dockerfile builds the *sitebuilder-base* image that deploys the CERN Drupal distribution
# and serves as a basis for all Drupal websites.
# This image will also be used to server PHP container in the deployment
ARG COMPOSER_BUILDER_TAG
FROM gitlab-registry.cern.ch/drupal/paas/cern-drupal-distribution/composer-builder:$COMPOSER_BUILDER_TAG
LABEL io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \
io.s2i.scripts-url="image:///usr/libexec/s2i" \
io.k8s.description="Drupal Site Builder s2i build & php-fpm infra" \
io.k8s.display-name="Drupal Site Builder + php-fpm" \
io.openshift.tags="builder,drupal,php,php-fpm" \
maintainer="Drupal Admins <[email protected]>"
# Nginx: finish setting up nginx (add config)
ENV DRUPAL_SHARED_VOLUME /drupal-data
### n.b.: https://www.redpill-linpro.com/sysadvent/2017/12/10/jekyll-openshift.html
RUN \
mkdir -p /etc/nginx/ /var/cache/nginx /var/lib/nginx /var/log/nginx /var/tmp/nginx/ && \
chgrp -R 0 /etc/nginx/ /var/cache/nginx /var/lib/nginx /var/log/nginx /var/tmp/nginx/ && \
chmod -R g=u /etc/nginx/ /var/cache/nginx /var/lib/nginx /var/log/nginx /var/tmp/nginx/ && \
sed -i -e '/^user/d' /etc/nginx/nginx.conf
# Nginx default configuration
COPY nginx/config/nginx-server-default.conf /etc/nginx/conf.d/server.conf
COPY nginx/config/nginx-global-default.conf /etc/nginx/global.conf
COPY nginx/config/nginx.conf /etc/nginx/nginx.conf
# Remove the default config, which is causing trouble by trying to listen on another port
RUN rm /etc/nginx/conf.d/default.conf
# ENTRYPOINT: nginx
COPY nginx/run-nginx.sh /
RUN chmod +x /run-nginx.sh
# ENTRYPOINT: php-fpm
COPY php-fpm/run-php-fpm.sh /
RUN chmod +x /run-php-fpm.sh
# RUN composer clearcache; composer require drush/drush ${DRUSH_VERSION}; composer install;
# ENV PATH=$PATH:/tmp/drush/vendor/bin
COPY ./s2i/bin/ /usr/libexec/s2i/
COPY ./php-fpm/fix-permissions /fix-permissions
RUN chmod -R +x /usr/libexec/s2i/; \
chmod +x /fix-permissions
# DRUPAL
# Path configuration
# Set up drupal site folder and drupal operations folder
RUN mkdir -p /app/web; \
mkdir -p /operations
ENV DRUPAL_APP_DIR /app
ENV DRUPAL_OPERATIONS_DIR /operations
# The following folders are copied from the CI environment during image build
COPY ../../cern-drupal-distribution ${DRUPAL_APP_DIR}
# Add scripts for Drupal operations
COPY drupal-operations-scripts ${DRUPAL_OPERATIONS_DIR}
RUN chmod +x ${DRUPAL_OPERATIONS_DIR}/*
# Add static well-known responses
COPY well-known/ $DRUPAL_APP_DIR/web/.well-known
WORKDIR ${DRUPAL_APP_DIR}
# Create necessary folders from composer
RUN rm -rf .git; \
mkdir ${DRUPAL_APP_DIR}/.composer; \
/fix-permissions ${DRUPAL_APP_DIR}/.composer
ENV COMPOSER_HOME=${DRUPAL_APP_DIR} COMPOSER_CACHE_DIR=${DRUPAL_APP_DIR}/.composer
# Do not run Composer as root/super user! See https://getcomposer.org/root for details
# Set up drupal minimum stack
ENV COMPOSER_MEMORY_LIMIT=-1
RUN composer install --optimize-autoloader -v
ENV PATH=$PATH:${DRUPAL_APP_DIR}/vendor/bin
# Clean-up composer installation
# Rename composer.json to composer.admins.json so that when user injects its composer,
# there is no conflict between then.
RUN cp ${DRUPAL_APP_DIR}/composer.json ${DRUPAL_APP_DIR}/composer.admins.json
# Put symlinks for profiles/themes/modules to a path where old Drupal sites expect to find them
RUN ln -s contrib/cern-install-profiles/cern ${DRUPAL_APP_DIR}/web/profiles/cern && \
ln -s contrib/cern-install-profiles/easystart ${DRUPAL_APP_DIR}/web/profiles/easystart && \
ln -s cern-theme ${DRUPAL_APP_DIR}/web/themes/custom/cernclean &&\
ln -s cern-base-theme ${DRUPAL_APP_DIR}/web/themes/custom/cernbase
# Add extra configurations
# At this point, composer has created the required settings.php through:
# post-update-cmd: DrupalProject\composer\ScriptHandler::createRequiredFiles
# Overwrite settings.php with ours.
# - settings.php
ADD ./settings-default.php ${DRUPAL_APP_DIR}/web/sites/default/settings.php
# Remove ${DRUPAL_APP_DIR}/web/sites/default/{files, private, modules, themes}, preparing it to be symbolic link;
RUN rm -rf ${DRUPAL_APP_DIR}/web/sites/default/files; \
rm -rf ${DRUPAL_APP_DIR}/web/sites/default/private; \
rm -rf ${DRUPAL_APP_DIR}/web/sites/default/modules; \
rm -rf ${DRUPAL_APP_DIR}/web/sites/default/themes
# Explicity create the site configuration dir as configured in settings-d8.php#L17 file
RUN mkdir -p config/sync; \
/fix-permissions ${DRUPAL_APP_DIR}
# Add extra configurations
# At this point, composer has created the required settings.php through post-update-cmd: DrupalProject\composer\ScriptHandler::createRequiredFiles
# Overwrite settings.php with ours.
# - php-fpm
ADD ./php-fpm/config/php-fpm/ /usr/local/etc/php-fpm.d/
# - opcache
ADD ./php-fpm/config/opcache/ /usr/local/etc/php/conf.d/
ADD ./php-fpm/config/healthcheck.ini /usr/local/etc/php/conf.d/
ENV DRUPAL_SHARED_VOLUME /drupal-data
RUN ln -s ${DRUPAL_SHARED_VOLUME}/files ${DRUPAL_APP_DIR}/web/sites/default/files && \
ln -s ${DRUPAL_SHARED_VOLUME}/private ${DRUPAL_APP_DIR}/web/sites/default/private && \
ln -s ${DRUPAL_SHARED_VOLUME}/libraries ${DRUPAL_APP_DIR}/web/sites/default/libraries && \
ln -s ${DRUPAL_SHARED_VOLUME}/modules ${DRUPAL_APP_DIR}/web/sites/default/modules && \
ln -s ${DRUPAL_SHARED_VOLUME}/themes ${DRUPAL_APP_DIR}/web/sites/default/themes
# The directory sites/default is not protected from modifications and poses a security risk.
# Change the directory's permissions to be non-writable is needed.
RUN chmod -R 555 ${DRUPAL_APP_DIR}/web/sites/default
RUN chmod 444 ${DRUPAL_APP_DIR}/web/sites/default/settings.php
RUN rm -rf /var/cache/apk/* && \
rm -rf /tmp/*
CMD ["/usr/libexec/s2i/usage"]