Upgrade do 5.4

.gitlab-ci.yml

@@ -2,18 +2,20 @@ image: docker:20.10.9
 
 variables:
   DOCKER_TLS_CERTDIR: "/certs"
-  IMAGE_VER: 3.27.22
+  BUILD_VERSION: p1
 
 services:
   - docker:20.10.9-dind
 
 before_script:
   - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  - SRC_VERSION=`grep FROM Dockerfile | cut -d ':' -f 2`
+  - VERSION="${SRC_VERSION}-${BUILD_VERSION}"
 
 build:
   stage: build
   script:
     - docker pull $CI_REGISTRY_IMAGE:latest || true
-    - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$IMAGE_VER --tag $CI_REGISTRY_IMAGE:latest .
-    - docker push $CI_REGISTRY_IMAGE:$IMAGE_VER
+    - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$VERSION --tag $CI_REGISTRY_IMAGE:latest .
+    - docker push $CI_REGISTRY_IMAGE:$VERSION
     - docker push $CI_REGISTRY_IMAGE:latest

Dockerfile

-FROM php:7.3-apache
-LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.22+211026'
-ARG sha256_checksum='9fd31e38cf692370257b21821f791f0568f6f93bbff68995467fbcec0370ff34'
+FROM martialblog/limesurvey:5.4.9-221101-apache
 
-# Install OS dependencies
 RUN set -ex; \
         apt-get update && \
         DEBIAN_FRONTEND=noninteractive \
         apt-get install --no-install-recommends -y \
         \
         libapache2-mod-auth-mellon \
-        libldap2-dev \
-        libfreetype6-dev \
-        libjpeg-dev \
-        zlib1g-dev \
-        libc-client-dev \
-        libkrb5-dev \
-        libpng-dev \
-        libzip-dev \
-        libpq-dev \
-        netcat \
         ssl-cert \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
         rm -rf /var/lib/apt/lists/*
 
-# Link LDAP library for PHP ldap extension
-RUN set -ex; \
-        ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/
-
-# Install PHP Plugins and Configure PHP imap plugin
-RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
-        docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
-        docker-php-ext-install -j5 \
-        gd \
-        imap \
-        ldap \
-        mbstring \
-        pdo \
-        pdo_mysql \
-        pdo_pgsql \
-        pgsql \
-        zip
-
-ENV LIMESURVEY_VERSION=$version
-
-# Apache configuration
-RUN a2ensite default-ssl; a2enmod headers rewrite remoteip ssl; \
-        {\
-        echo RemoteIPHeader X-Real-IP ;\
-        echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
-        echo RemoteIPTrustedProxy 172.16.0.0/12 ;\
-        echo RemoteIPTrustedProxy 192.168.0.0/16 ;\
-        } > /etc/apache2/conf-available/remoteip.conf;\
-        a2enconf remoteip
-
-# Use the default production configuration
-RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-
-# Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
-
-RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
-        \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
-        chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh
 ADD mod_auth_mellon.conf /etc/apache2/conf-enabled/mod_auth_mellon.conf
 
-EXPOSE 443
-ENTRYPOINT ["/var/www/html/entrypoint.sh"]
-CMD ["apache2-foreground"]

entrypoint.sh

 #!/bin/bash
 # Entrypoint for Docker Container
 
-HOST=${HOST:-'dotazniky.pirati.cz'}
+HOST=${HOST:-'ankety.pirati.cz'}
 IDP_METADATA=${IDP_METADATA:-'https://auth.pirati.cz/auth/realms/pirati/protocol/saml/descriptor'}
 
+
 DB_TYPE=${DB_TYPE:-'pgsql'}
-DB_HOST=${DB_HOST:-'pgsql'}
+DB_HOST=${DB_HOST:-'pg'}
 DB_PORT=${DB_PORT:-'5432'}
 DB_SOCK=${DB_SOCK:-}
 DB_NAME=${DB_NAME:-'limesurvey'}
 DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
+DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
+
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
+ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
 
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
+
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
 
 if [ ! -d /etc/apache2/saml2 ]; then
     mkdir /etc/apache2/saml2
@@ -32,7 +46,7 @@ fi
 # Create mod_auth_mellon service provider config
 if [ ! -f /etc/apache2/saml2/sp.xml ]; then
     pushd /etc/apache2/saml2
-     echo -e "Generating new service provider certificate.\n\n" 
+     echo -e "Generating new service provider certificate.\n\n"
      /usr/sbin/mellon_create_metadata https://${HOST}/mellon/metadata https://${HOST}/mellon
     mv http*.xml sp.xml
     mv http*.key sp.key
@@ -41,16 +55,33 @@ if [ ! -f /etc/apache2/saml2/sp.xml ]; then
     popd
 fi
 
+LISTEN_PORT=${LISTEN_PORT:-"8080"}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
+
+if [ "$LISTEN_PORT" != "80" ]; then
+    echo "Info: Customizing Apache Listen port to $LISTEN_PORT"
+    sed -i "s/Listen 80\$/Listen $LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf
+fi
+
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
     done
 fi
 
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -59,64 +90,106 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-    sed -i "s#\('showScriptName' => \).*,\$#\\1false,#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '${DB_TABLE_PREFIX//[[:space:]]/}',
+    ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => $SHOW_SCRIPT_NAME,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+    'mysqlEngine' => '$DB_MYSQL_ENGINE',
+  )
+);
+
+EOF
+
+fi
+
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+\$config['encryptionnonce'] = '$ENCRYPT_NONCE';
+\$config['encryptionsecretboxkey'] = '$ENCRYPT_SECRET_BOX_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
+PHP_UPDATEDB_EXIT_CODE=$?
 
-if [ $? -eq 0 ]; then
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"