Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor Docker setup #186

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ TOOLSDB_PORT=4720
TOOLSDB_USERNAME=
TOOLSDB_PASSWORD=
TROVE_HOST=127.0.0.1
TROVE_REMOTE_HOST=hxmnwriu2vm.svc.trove.eqiad1.wikimedia.cloud
TROVE_PORT=4721
TROVE_USERNAME=
TROVE_PASSWORD=
Expand Down
127 changes: 56 additions & 71 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
name: Build and test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
Expand All @@ -29,74 +29,59 @@ jobs:
./bin/console lint:yaml ./config
./vendor/bin/minus-x check .
./bin/phpunit --exclude-group=integration
build_image:
name: Build Docker image
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3

- name: Build image
id: docker_build
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
target: production
tags: wikimedia/copypatrol:latest
outputs: type=docker,dest=/tmp/copypatrol-production.image.tar
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

- name: Upload Docker image to artifacts
uses: actions/upload-artifact@v4
with:
name: image-production
path: /tmp/copypatrol-production.image.tar
analysis:
name: Analyze Docker images
runs-on: ubuntu-latest
needs: build_image

steps:
- name: Download Docker image from artifacts
uses: actions/download-artifact@v4
with:
name: image-production
path: /tmp

# build_image:
# name: Build Docker image
# runs-on: ubuntu-latest
# needs: build
# strategy:
# matrix:
# targets:
# - name: production
# tag: wikimedia/copypatrol
# - name: development
# tag: wikimedia/copypatrol-development
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v2
#
# - name: Set up Docker Buildx
# id: buildx
# uses: docker/setup-buildx-action@v2
#
# - name: Build image
# id: docker_build
# uses: docker/build-push-action@v4
# with:
# context: .
# file: docker/Dockerfile
# target: ${{ matrix.targets.name }}
# tags: ${{ matrix.targets.tag }}:latest
# outputs: type=docker,dest=/tmp/copypatrol-${{ matrix.targets.name }}.image.tar
# cache-from: type=gha
# cache-to: type=gha,mode=max
#
# - name: Image digest
# run: echo ${{ steps.docker_build.outputs.digest }}
#
# - name: Upload Docker image to artifacts
# uses: actions/upload-artifact@v2
# with:
# name: image-${{ matrix.targets.name }}
# path: /tmp/copypatrol-${{ matrix.targets.name }}.image.tar
# analysis:
# name: Analyze Docker images
# runs-on: ubuntu-latest
# needs: build_image
# strategy:
# matrix:
# targets:
# - name: production
# tag: wikimedia/copypatrol
# - name: development
# tag: wikimedia/copypatrol-development
#
# steps:
# - name: Download Docker image from artifacts
# uses: actions/download-artifact@v2
# with:
# name: image-${{ matrix.targets.name }}
# path: /tmp
#
# - name: Load image
# run: |
# docker load --input /tmp/copypatrol-${{ matrix.targets.name }}.image.tar
# docker image ls -a
# - name: Dive
# uses: yuichielectric/dive-action@0.0.4
# with:
# image: ${{ matrix.targets.tag }}:latest
# github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Load image
run: |
docker load --input /tmp/copypatrol-production.image.tar
docker image ls -a
- name: Dive
uses: MaxymVlasov/dive-action@v1.0.1
with:
image: wikimedia/copypatrol:latest
github-token: ${{ secrets.GITHUB_TOKEN }}
78 changes: 76 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,82 @@ Assets are compiled using Webpack Encore. The compiled assets **must** be commit

## Installing using Docker

_A new Docker image needs to be created following the move to Wikimedia VPS._
_You can use the manual installation instructions above in the meantime._
Development through Docker is suggested if you have a different version of PHP locally
installed, or if you wish to keep an isolated installation of PHP 8.2 for CopyPatrol.

1. Copy [.env](.env) to [.env.local](.env.local) and fill in the appropriate details.
1. Set `REPLICAS_HOST_*` and `TROVE_HOST` to `127.0.0.1`.
* To change the Trove host to be used, change the `TROVE_REMOTE_HOST` environmental variable.
2. Use the credentials in your `replica.my.cnf` file in the home directory of your
Toolforge account for `REPLICAS_USERNAME` and `REPLICAS_PASSWORD`.
3. Set the rest of the `TROVE_*` variables to that of the installation of the CopyPatrol
database (`COPYPATROL_DB_NAME`).
4. If you need to test OAuth, obtain tokens by registering a new consumer on Meta at
[Special:OAuthConsumerRegistration](https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration).
Alternatively, you can set `LOGGED_IN_USER` to any value to simulate being that user
after clicking on 'Login'.
5. If you need to test the "iThenticate report" functionality, set `TCA_DOMAIN` and `TCA_KEY`.
Reports older than `AppController::ITHENTICATE_V2_TIMESTAMP` need to connect to the older
iThenticate API, using the credentials set by `ITHENTICATE_USERNAME` and `ITHENTICATE_PASSWORD`.
2. Build the development image once and install Composer dependencies with the following
```bash
docker compose build
# On Windows, use `%CD%` instead of `$(pwd)`.
docker run --rm -ti -v $(pwd):/app wikimedia/copypatrol:development composer install
```
Run the second command again every time you change `composer.json`, or when `composer.json`
is changed in an upstream commit. This can take a while on Windows.
3. (*Windows only*) Set the `HOME` environment variable to your user profile directory.
```cmd
setx HOME %UserProfile%
set HOME=%UserProfile%
```
The first command sets `HOME` for future shells. The second command sets `HOME` for the current shell.
4. Open a new terminal and start the development container with
```bash
docker compose up
ChlodAlejandro marked this conversation as resolved.
Show resolved Hide resolved
```
Starting the local development server will be delayed until the next
step is finished.
5. Open up an SSH tunnel to access the databases on Toolforge.
```bash
# Your SSH config at $HOME/.ssh will be mounted into the container.
# Your passphrase will be requested if your private key is protected.
docker compose exec copypatrol start ssh
# OR if your Toolforge shell name is not in your SSH config with a
# `User <username>` line, you need to specify this manually.
docker compose exec copypatrol start ssh <username>
```
This terminal will stay open as long as SSH is connected. No successful
connection message is shown, but Symfony will start immediately once the
ports are open. This extra step is required for you to be able to enter
your SSH key password through a TTY.

Changes to this folder will automatically be applied to the running Docker container. This includes
changes to `src` files, `.env.local`, etc. XDebug is set up to connect to the host machine
(the computer running the Docker container) on port 9003 upon request ([more info](https://xdebug.org/docs/step_debug)).

If the Trove host changes, you must set the `TROVE_REMOTE_HOST` environment variable to the correct host.
Review [OpenStack browser](https://openstack-browser.toolforge.org/project/copypatrol/database/copypatrol-dev-db-01) for
the latest host.

An XDebug configuration is provided by default. To customize this config, mount a
`xdebug.ini` file to `/usr/local/etc/php/conf.d/xdebug.ini` in the container.

<details>
<summary>Production image</summary>

A production image can be built with the following command:
```bash
docker build -t wikimedia/copypatrol:latest -f docker/Dockerfile .
```
This image does not contain XDebug or OpenSSH, and does not have an SSH tunnel to Toolforge.
You can test it out by running the following command:
```bash
# On Windows, use `%CD%` instead of `$(pwd)`.
docker run -ti --rm -p 8000:8000 wikimedia/copypatrol:latest
```
</details>

## Adding new languages

Expand Down
13 changes: 10 additions & 3 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: '3.8'

# =========================================================
#
# This file allows anyone to start the CopyPatrol web interface
Expand All @@ -26,12 +24,17 @@ services:
command: serve
stdin_open: true
tty: true
environment:
- TROVE_REMOTE_HOST
extra_hosts:
- host.docker.internal:host-gateway
ports:
- "8000:8000"
volumes:
# This binds your SSH configuration into the container.
# If you don't want to do this, comment this entry out.
# TODO: Disable `copypatrol` user access to /ssh, when that becomes possible.
# https://github.com/docker/roadmap/issues/398
- type: bind
source: "$HOME/.ssh"
target: "/ssh"
Expand All @@ -40,4 +43,8 @@ services:
- type: bind
source: "."
target: "/app"
stop_signal: SIGINT
read_only: true
- type: bind
source: "./var"
target: "/app/var"
stop_signal: SIGINT
Loading