Skip to content
Snippets Groups Projects
Verified Commit 6c8d6dbe authored by Andrej Ramašeuski's avatar Andrej Ramašeuski
Browse files

Upgrade do 5.4

parent d259db58
Branches main test
No related tags found
No related merge requests found
Pipeline #10332 failed
Stage: build
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 5
3
View file @ 6c8d6dbe
......@@ -2,18 +2,20 @@ image: docker:20.10.9
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_VER: 3.27.22
BUILD_VERSION: p1
services:
- docker:20.10.9-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- SRC_VERSION=`grep FROM Dockerfile | cut -d ':' -f 2`
- VERSION="${SRC_VERSION}-${BUILD_VERSION}"
build:
stage: build
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$IMAGE_VER --tag $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:$IMAGE_VER
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$VERSION --tag $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:$VERSION
- docker push $CI_REGISTRY_IMAGE:latest
Dockerfile
+ 1
61
View file @ 6c8d6dbe
FROM php:7.3-apache
LABEL maintainer="markus@martialblog.de"
ARG version='3.27.22+211026'
ARG sha256_checksum='9fd31e38cf692370257b21821f791f0568f6f93bbff68995467fbcec0370ff34'
FROM martialblog/limesurvey:5.4.9-221101-apache
# Install OS dependencies
RUN set -ex; \
apt-get update && \
DEBIAN_FRONTEND=noninteractive \
apt-get install --no-install-recommends -y \
\
libapache2-mod-auth-mellon \
libldap2-dev \
libfreetype6-dev \
libjpeg-dev \
zlib1g-dev \
libc-client-dev \
libkrb5-dev \
libpng-dev \
libzip-dev \
libpq-dev \
netcat \
ssl-cert \
\
&& apt-get -y autoclean; apt-get -y autoremove; \
rm -rf /var/lib/apt/lists/*
# Link LDAP library for PHP ldap extension
RUN set -ex; \
ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/
# Install PHP Plugins and Configure PHP imap plugin
RUN set -ex; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
docker-php-ext-install -j5 \
gd \
imap \
ldap \
mbstring \
pdo \
pdo_mysql \
pdo_pgsql \
pgsql \
zip
ENV LIMESURVEY_VERSION=$version
# Apache configuration
RUN a2ensite default-ssl; a2enmod headers rewrite remoteip ssl; \
{\
echo RemoteIPHeader X-Real-IP ;\
echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
echo RemoteIPTrustedProxy 172.16.0.0/12 ;\
echo RemoteIPTrustedProxy 192.168.0.0/16 ;\
} > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip
# Use the default production configuration
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
# Download, unzip and chmod LimeSurvey from official GitHub repository
ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
RUN set -ex; \
echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \
\
tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
rm -f "/tmp/${version}.tar.gz" && \
chown -R www-data:www-data /var/www/html
COPY entrypoint.sh entrypoint.sh
ADD mod_auth_mellon.conf /etc/apache2/conf-enabled/mod_auth_mellon.conf
EXPOSE 443
ENTRYPOINT ["/var/www/html/entrypoint.sh"]
CMD ["apache2-foreground"]
entrypoint.sh
+ 110
37
View file @ 6c8d6dbe
#!/bin/bash
# Entrypoint for Docker Container
HOST=${HOST:-'dotazniky.pirati.cz'}
HOST=${HOST:-'ankety.pirati.cz'}
IDP_METADATA=${IDP_METADATA:-'https://auth.pirati.cz/auth/realms/pirati/protocol/saml/descriptor'}
DB_TYPE=${DB_TYPE:-'pgsql'}
DB_HOST=${DB_HOST:-'pgsql'}
DB_HOST=${DB_HOST:-'pg'}
DB_PORT=${DB_PORT:-'5432'}
DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
URL_FORMAT=${URL_FORMAT:-'path'}
SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
TABLE_SESSION=${TABLE_SESSION:-}
DEBUG=${DEBUG:-0}
DEBUG_SQL=${DEBUG_SQL:-0}
if [ ! -d /etc/apache2/saml2 ]; then
mkdir /etc/apache2/saml2
......@@ -32,7 +46,7 @@ fi
# Create mod_auth_mellon service provider config
if [ ! -f /etc/apache2/saml2/sp.xml ]; then
pushd /etc/apache2/saml2
echo -e "Generating new service provider certificate.\n\n"
echo -e "Generating new service provider certificate.\n\n"
/usr/sbin/mellon_create_metadata https://${HOST}/mellon/metadata https://${HOST}/mellon
mv http*.xml sp.xml
mv http*.key sp.key
......@@ -41,16 +55,33 @@ if [ ! -f /etc/apache2/saml2/sp.xml ]; then
popd
fi
LISTEN_PORT=${LISTEN_PORT:-"8080"}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
exit 1
fi
if [ "$LISTEN_PORT" != "80" ]; then
echo "Info: Customizing Apache Listen port to $LISTEN_PORT"
sed -i "s/Listen 80\$/Listen $LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf
fi
# Check if database is available
if [ -z "$DB_SOCK" ]; then
until nc -z -v -w30 $DB_HOST $DB_PORT
until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
do
echo "Info: Waiting for database connection..."
sleep 5
done
fi
# Check if already provisioned
# Check if config already provisioned
if [ -f application/config/config.php ]; then
echo 'Info: config.php already provisioned'
else
......@@ -59,64 +90,106 @@ else
if [ "$DB_TYPE" = 'mysql' ]; then
echo 'Info: Using MySQL configuration'
DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
cp application/config/config-sample-mysql.php application/config/config.php
fi
if [ "$DB_TYPE" = 'pgsql' ]; then
echo 'Info: Using PostgreSQL configuration'
DB_CHARSET=${DB_CHARSET:-'utf8'}
cp application/config/config-sample-pgsql.php application/config/config.php
fi
# Set Database config
if [ ! -z "$DB_SOCK" ]; then
if [ -n "$DB_SOCK" ]; then
echo 'Info: Using unix socket'
sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
DB_CONNECT='unix_socket'
else
echo 'Info: Using TCP connection'
sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
DB_CONNECT='host'
fi
sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
sed -i "s#\('showScriptName' => \).*,\$#\\1false,#g" application/config/config.php
# Set URL config
sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
# Set Public URL
if [ -z "$PUBLIC_URL" ]; then
echo 'Info: Setting PublicURL'
sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
fi
cat <<EOF > application/config/config.php
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
return array(
'components' => array(
'db' => array(
'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
'emulatePrepare' => true,
'username' => '$DB_USERNAME',
'password' => '$DB_PASSWORD',
'charset' => '$DB_CHARSET',
'tablePrefix' => '${DB_TABLE_PREFIX//[[:space:]]/}',
),
//'session' => array (
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
//),
'urlManager' => array(
'urlFormat' => '$URL_FORMAT',
'rules' => array(),
'showScriptName' => $SHOW_SCRIPT_NAME,
),
'request' => array(
'baseUrl' => '$BASE_URL',
),
),
'config'=>array(
'publicurl'=>'$PUBLIC_URL',
'debug'=>$DEBUG,
'debugsql'=>$DEBUG_SQL,
'mysqlEngine' => '$DB_MYSQL_ENGINE',
)
);
EOF
fi
# Enable Table Sessions if required
if [ -n "$TABLE_SESSION" ]; then
echo 'Info: Setting Table Session'
# Remove the comments in the config
sed -i "s/\/\///g" application/config/config.php
fi
# Check if security config already provisioned
if [ -f application/config/security.php ]; then
echo 'Info: security.php already provisioned'
else
echo 'Info: Creating security.php'
if [ -n "$ENCRYPT_KEYPAIR" ]; then
cat <<EOF > application/config/security.php
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
\$config = array();
\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
\$config['encryptionnonce'] = '$ENCRYPT_NONCE';
\$config['encryptionsecretboxkey'] = '$ENCRYPT_SECRET_BOX_KEY';
return \$config;
EOF
else
echo >&2 'Warning: No encryption keys were provided'
echo >&2 'Warning: A security.php config will be created by the application'
echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
fi
fi
# Check if LimeSurvey database is provisioned
echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
php application/commands/console.php updatedb
PHP_UPDATEDB_EXIT_CODE=$?
if [ $? -eq 0 ]; then
if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
echo 'Info: Database already provisioned'
else
# Check if DB_PASSWORD is set
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
exit 1
fi
# Check if DB_PASSWORD is set
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
exit 1
fi
echo ''
echo 'Running console.php install'
php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
fi
exec "$@"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Pirátský GitLab - Home of the CopyLeft