CI: docker compose env vars (#12)

* ci: created Docker env vars
  Following api-platform/api-platform#1965
* ci: adjusted deploy scripts
* feat: added required env vars into .bash_aliases
* docs: deployment with Docker
* ci(dockerfile): adjusting openssh-server
* no need for sshd_config
* added docs
* feat: simply sshtunnel ssh key config
* ci: use bind-mounted folder for database instead
* fix(env): set MESSENGER_TRANSPORT_DSN to a default
* fix: console bash scripts

.env.caddy.php-bluegreen.redis.database.prod

@@ -0,0 +1,18 @@
+# .env.caddy.php-bluegreen.redis.database.prod
+#
+# Runs docker with a production setup
+#
+# - 2 php services: php-blue and php-green
+# - redis for sessions
+# - node-build container for building JavaScript and CSS
+# - database running in docker
+#
+# @see https://github.com/api-platform/api-platform/pull/1965
+# @see https://docs.docker.com/compose/environment-variables/envvars/#compose_file
+#
+# Usage: copy to .env so docker composer can use it
+SERVER_NAME="localhost"
+CADDY_MERCURE_JWT_SECRET=${CADDY_MERCURE_JWT_SECRET:-ChangeMe}
+POSTGRES_HOST=database
+GIT_SHA=$GITHUB_SHA
+COMPOSE_FILE=docker-compose.bluegreen.yml:docker-compose.database.yml:docker-compose.bluegreen.database.yml

.env.caddy.php-bluegreen.redis.prod

@@ -0,0 +1,19 @@
+# .env.caddy.php-bluegreen.redis.prod
+#
+# Runs docker with a production setup (no database in docker)
+#
+# - 2 php services: php-blue and php-green
+# - redis for sessions
+# - node-build container for building JavaScript and CSS
+# - database running on host (local would be on Mac)
+#
+# @see https://github.com/api-platform/api-platform/pull/1965
+# @see https://docs.docker.com/compose/environment-variables/envvars/#compose_file
+#
+# Usage: copy to .env so docker composer can use it
+CADDY_MERCURE_JWT_SECRET=${CADDY_MERCURE_JWT_SECRET:-ChangeMe}
+POSTGRES_USER=${POSTGRES_USER:-app}
+POSTGRES_PASSWORD=''
+POSTGRES_HOST=host.docker.internal
+GIT_SHA=$GITHUB_SHA
+COMPOSE_FILE=docker-compose.bluegreen.yml

.env.caddy.php.database.dev

@@ -0,0 +1,14 @@
+# .env.caddy.php.database.dev
+#
+# Start caddy, php (from the dev base), and the database
+#
+# Also used in CI in order to be able to run tests
+#
+# @see https://github.com/api-platform/api-platform/pull/1965
+# @see https://docs.docker.com/compose/environment-variables/envvars/#compose_file
+#
+# Usage: copy to .env so docker composer can use it
+SERVER_NAME="localhost"
+POSTGRES_HOST=database
+GIT_SHA=$GITHUB_SHA
+COMPOSE_FILE=docker-compose.yml:docker-compose.override.yml:docker-compose.database.yml

DOCKER.MD

@@ -5,6 +5,60 @@ API Platform runs on Docker. It provides the following containers:
 * `caddy`, a web server proxy to PHP
 * `php`, which runs PHP FPM.
 
+## Quick start
+
+```sh
+cp .env.caddy.php.database.dev .env
+cp api/.env api/.env.local
+docker compose up --build
+console assets:install
+```
+
+This will start caddy, php (from the dev base), and the postgres database.
+
+## Quick production deployment
+
+Create an ssh key (`~/.ssh/id_rsa.pub`) to be able to ssh into the `sshtunnel` container:
+
+```sh
+ssh-keygen
+```
+
+```sh
+export SERVER_NAME='example.com'
+export APP_SECRET='ChangeMe'
+export CADDY_MERCURE_JWT_SECRET='ChangeMe'
+cp .env.caddy.php-bluegreen.redis.database.prod .env
+docker compose up --build -d
+console assets:install
+bash deploy-api-frontend.sh
+```
+
+This will start caddy, 2 php services (php-blue and php-green), redis for sessions, and the database.
+
+The `SERVER_NAME` and `CADDY_MERCURE_JWT_SECRET` env vars can be better persisted by doing the following:
+
+```sh
+cp api/docker/root/* ~
+cp api/docker/root/.* ~
+vi ~/.bash_aliases
+```
+
+Then set the variables in the file as follows:
+
+```sh
+# Change this to your domain name
+export SERVER_NAME='localhost'
+export CADDY_MERCURE_JWT_SECRET='ChangeMe'
+```
+
+Reload the bash aliases:
+
+```sh
+source ~/.bash_aliases
+docker compose up --build -d
+```
+
 ## Docker Compose
 
 Docker Compose is an orchestration tool, i.e. it can build and run Docker containers. The configuration code for Docker services are kept in yaml files e.g. `docker-compose.yml`

api/.env

@@ -61,7 +61,7 @@ LOCK_DSN=flock
 
 ###> symfony/messenger ###
 # Choose one of the transports below
-# MESSENGER_TRANSPORT_DSN=doctrine://default
+MESSENGER_TRANSPORT_DSN=doctrine://default
 # MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
 # MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
 ###< symfony/messenger ###

api/Dockerfile

@@ -224,8 +224,12 @@ CMD [ "redis-server --save 60 1 --appendonly yes", "/usr/local/etc/redis/redis.c
 ####################################################################
 # ssh tunnel                                                       #
 # For access to Redis                                              #
+# @see https://docs.linuxserver.io/images/docker-openssh-server    #
 ####################################################################
 
+# Docker wants a specific version
+# @see https://hub.docker.com/r/linuxserver/openssh-server
 FROM ghcr.io/linuxserver/openssh-server:version-9.3_p2-r0 as app_ssh_tunnel
 
-COPY --link docker/sshtunnel/custom-cont-init.d/88-enable_tunnels.conf /custom-cont-init.d/88-enable_tunnels.conf
+# RUN ln -s /run/secrets/user_ssh_key /config/ssh_host_keys/id_rsa.pub
+# COPY --link docker/sshtunnel/sshd_config /config/ssh_host_keys/sshd_config

api/docker/root/.bash_aliases

@@ -3,7 +3,7 @@ BLUE='\033[0;34m'
 RED='\033[0;31m'
 NC='\033[0m' # No Color
 
-export DC='docker compose --env-file api/.env.local -f docker-compose.bluegreen.yml'
+export DC='docker compose'
 
 alias dc="$DC"
 alias ssh-php-blue='source ~/.docker_env; qw; echo -e "${BLUE}SSH${NC}: into ${DOCKER_PHP_ENV}"; dc exec $DOCKER_PHP_ENV sh'
@@ -12,3 +12,16 @@ alias ssh-php='ssh-php-blue'
 alias ssh-caddy="$DC exec caddy sh"
 alias ssh-node="$DC run api-node-build sh"
 alias console="bash ~/console.sh"
+
+##########################################
+# env vars for docker                    #
+##########################################
+# Change this to your domain name
+export SERVER_NAME='localhost'
+export APP_SECRET='ChangeMe'
+export CADDY_MERCURE_JWT_SECRET='ChangeMe'
+export POSTGRES_USER='app'
+export POSTGRES_PASSWORD='Ku0B9XLFJTZtaKBOhzLCH4'
+
+# Create a public key file for sshing into the sshtunnel container
+export PUBLIC_KEY_FILE="~/.ssh/id_rsa.pub"

api/docker/root/console-other.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 source $HOME/.bash_aliases
 source $HOME/.docker_env_other
-RUN_COMMAND="$QW && $DC exec $DOCKER_PHP_ENV php -d memory_limit=2G bin/console"
+RUN_COMMAND="$DC exec $DOCKER_PHP_ENV php -d memory_limit=2G bin/console"
 eval $RUN_COMMAND "$@"

api/docker/root/console.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 source $HOME/.bash_aliases
 source $HOME/.docker_env
-RUN_COMMAND="$QW && $DC exec $DOCKER_PHP_ENV php -d memory_limit=2G bin/console"
+RUN_COMMAND="$DC exec $DOCKER_PHP_ENV php -d memory_limit=2G bin/console"
 eval $RUN_COMMAND "$@"

deploy-api-frontend.sh

@@ -11,7 +11,8 @@ fi
 export GIT_SHA="$(git rev-parse --verify HEAD)"
 echo -e "${BLUE}DEPLOY${NC} Setting GIT_SHA to $GIT_SHA"
 
-DOCKER_COMPOSE="GIT_SHA=$GIT_SHA docker compose --env-file api/.env.local -f docker-compose.bluegreen.yml"
+ Note: DC is set in the .bash_aliases file
+DOCKER_COMPOSE="GIT_SHA=$GIT_SHA $DC"
 
 echo -e "${BLUE}FRONTEND BUILD${NC} Building assets"
 eval $DOCKER_COMPOSE up -d --build api-node-build

deploy-docker.sh

@@ -23,7 +23,10 @@ echo -e "${BLUE}DEPLOY${NC} Setting GIT_SHA to $GIT_SHA"
 # https://docs.docker.com/develop/develop-images/build_enhancements/
 # see https://stackoverflow.com/a/66165135/339213
 # The idea is to be able to use the yarn cache on subsequent installs
-DOCKER_COMPOSE="SERVER_NAME=$SERVER_NAME COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 PHP_CONTAINER=$ENV GIT_SHA=$GIT_SHA docker compose --env-file=api/.env.local -f docker-compose.bluegreen.yml"
+
+# Note: DC is defined in the .bash_aliases file
+DOCKER_COMPOSE="SERVER_NAME=$SERVER_NAME COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 PHP_CONTAINER=$ENV GIT_SHA=$GIT_SHA $DC"
+
 
 echo -e "${BLUE}DEPLOY${NC} Rebuilding and starting "$ENV" container"
 echo -e "${BLUE}DEPLOY${NC} $DOCKER_COMPOSE"

docker-compose.bluegreen.yml

@@ -152,6 +152,9 @@ services:
   # Copies the user's public key to the container, and can ssh in with:
   # ssh proxy@localhost -p2222
   #
+  # Currently it looks like we have to enable PASSWORD_ACCESS, ssh in and manually put the allowed
+  # ssh keys into the authorized keys file.
+  #
   # To tunnel to, say, redis:
   # ssh -L 6379:redis:6379 proxy@localhost -p2222
   #
@@ -160,20 +163,20 @@ services:
     build:
       context: api/
       target: app_ssh_tunnel
-    restart: always
+    restart: unless-stopped
     image: ghcr.io/linuxserver/openssh-server
     container_name: sshtunnel
     ports:
       - 2222:2222
     environment:
       - DOCKER_MODS=linuxserver/mods:openssh-server-ssh-tunnel
-      - PUBLIC_KEY_FILE=/run/secrets/user_ssh_key
+      - PUBLIC_KEY_FILE=${PUBLIC_KEY_FILE:-"~/.ssh/id_rsa.pub"}
       - USER_NAME=proxy
       - SUDO_ACCESS=false
+      # - PASSWORD_ACCESS=true #optional
+      # - USER_PASSWORD=password #optional
     networks:
       - redis
-    secrets:
-      - user_ssh_key
     # Readonly volume, for security
     volumes:
       - ssh-tunnel-custom-init:/custom-cont-init.d:ro
@@ -198,7 +201,3 @@ networks:
   php-green:
   php-blue:
   redis:
-
-secrets:
-  user_ssh_key:
-    file: ~/.ssh/id_rsa.pub

docker-compose.database.yml

@@ -18,16 +18,16 @@ services:
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-!ChangeMe!}
       - POSTGRES_USER=${POSTGRES_USER:-app}
     volumes:
-      - db_data:/var/lib/postgresql/data
+      # - db_data:/var/lib/postgresql/data
       # you may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
-      # - ./api/docker/db/data:/var/lib/postgresql/data
+      - ./api/docker/db/data:/var/lib/postgresql/data
     ports:
       - target: 5432
         published: 5432
         protocol: tcp
 ###< doctrine/doctrine-bundle ###
 
-volumes:
+# volumes:
 ###> doctrine/doctrine-bundle ###
-  db_data:
+  # db_data:
 ###< doctrine/doctrine-bundle ###