Explorar o código

many small fixes and improvements

Christian Winther hai 1 ano
pai
achega
bc66b6da18

+ 7 - 7
.editorconfig

@@ -17,11 +17,11 @@ indent_style = space
 indent_size = 4
 
 # ShellCheck config
-shell_variant      = bash
-binary_next_line   = true
-case-indent 	   = true
-switch_case_indent = true
-space_redirects    = true
-function_next_line = true
+shell_variant      = bash  # like -ln=bash
+binary_next_line   = true  # like -bn
+switch_case_indent = true  # like -ci
+space_redirects    = false # like -sr
+keep_padding       = false  # like -kp
+function_next_line = true  # like -fn
+never_split        = true  # like -ns
 simplify           = true
-space-redirects    = true

A diferenza do arquivo foi suprimida porque é demasiado grande
+ 344 - 344
.env.docker


+ 0 - 80
.env.example

@@ -1,80 +0,0 @@
-# shellcheck disable=SC2034,SC2148
-
-APP_NAME="Pixelfed"
-APP_ENV="production"
-APP_KEY=
-APP_DEBUG="false"
-
-# Instance Configuration
-OPEN_REGISTRATION="false"
-ENFORCE_EMAIL_VERIFICATION="false"
-PF_MAX_USERS="1000"
-OAUTH_ENABLED="true"
-
-# Media Configuration
-PF_OPTIMIZE_IMAGES="true"
-IMAGE_QUALITY="80"
-MAX_PHOTO_SIZE="15000"
-MAX_CAPTION_LENGTH="500"
-MAX_ALBUM_LENGTH="4"
-
-# Instance URL Configuration
-APP_URL="http://localhost"
-APP_DOMAIN="localhost"
-ADMIN_DOMAIN="localhost"
-SESSION_DOMAIN="localhost"
-TRUST_PROXIES="*"
-
-# Database Configuration
-DB_CONNECTION="mysql"
-DB_HOST="127.0.0.1"
-DB_PORT="3306"
-DB_DATABASE="pixelfed"
-DB_USERNAME="pixelfed"
-DB_PASSWORD="pixelfed"
-
-# Redis Configuration
-REDIS_CLIENT="predis"
-REDIS_SCHEME="tcp"
-REDIS_HOST="127.0.0.1"
-REDIS_PASSWORD="null"
-REDIS_PORT="6379"
-
-# Laravel Configuration
-SESSION_DRIVER="database"
-CACHE_DRIVER="redis"
-QUEUE_DRIVER="redis"
-BROADCAST_DRIVER="log"
-LOG_CHANNEL="stack"
-HORIZON_PREFIX="horizon-"
-
-# ActivityPub Configuration
-ACTIVITY_PUB="false"
-AP_REMOTE_FOLLOW="false"
-AP_INBOX="false"
-AP_OUTBOX="false"
-AP_SHAREDINBOX="false"
-
-# Experimental Configuration
-EXP_EMC="true"
-
-## Mail Configuration (Post-Installer)
-MAIL_DRIVER=log
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-MAIL_USERNAME=null
-MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-MAIL_FROM_ADDRESS="pixelfed@example.com"
-MAIL_FROM_NAME="Pixelfed"
-
-## S3 Configuration (Post-Installer)
-PF_ENABLE_CLOUD=false
-FILESYSTEM_CLOUD=s3
-#AWS_ACCESS_KEY_ID=
-#AWS_SECRET_ACCESS_KEY=
-#AWS_DEFAULT_REGION=
-#AWS_BUCKET=<BucketName>
-#AWS_URL=
-#AWS_ENDPOINT=
-#AWS_USE_PATH_STYLE_ENDPOINT=false

+ 14 - 0
.vscode/settings.json

@@ -1,5 +1,19 @@
 {
     "shellformat.useEditorConfig": true,
+    "[shellscript]": {
+        "files.eol": "\n",
+        "editor.defaultFormatter": "foxundermoon.shell-format"
+    },
+    "[yaml]": {
+        "editor.defaultFormatter": "redhat.vscode-yaml"
+    },
+    "[dockercompose]": {
+        "editor.defaultFormatter": "redhat.vscode-yaml",
+        "editor.autoIndent": "advanced",
+    },
+    "yaml.schemas": {
+        "https://json.schemastore.org/composer": "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json"
+    },
     "files.associations": {
         ".env": "shellscript",
         ".env.*": "shellscript"

+ 10 - 6
Dockerfile

@@ -20,10 +20,8 @@ ARG FOREGO_VERSION="0.17.2"
 # See: https://github.com/hairyhenderson/gomplate
 ARG GOMPLATE_VERSION="v3.11.6"
 
-# See: https://github.com/dotenv-linter/dotenv-linter
-#
-# WARN: v3.3.0 and above requires newer libc version than Ubuntu ships with
-ARG DOTENV_LINTER_VERSION="v3.2.0"
+# See: https://github.com/jippi/dottie
+ARG DOTTIE_VERSION="v0.6.5"
 
 ###
 # PHP base configuration
@@ -88,6 +86,13 @@ FROM nginx:${NGINX_VERSION} AS nginx-image
 # See: https://github.com/nginx-proxy/forego
 FROM nginxproxy/forego:${FOREGO_VERSION}-debian AS forego-image
 
+# Dottie makes working with .env files easier and safer
+#
+# NOTE: Docker will *not* pull this image unless it's referenced (via build target)
+#
+# See: https://github.com/jippi/dottie
+FROM ghcr.io/jippi/dottie:${DOTTIE_VERSION} AS dottie-image
+
 # gomplate-image grabs the gomplate binary from GitHub releases
 #
 # It's in its own layer so it can be fetched in parallel with other build steps
@@ -116,7 +121,6 @@ FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base
 ARG BUILDKIT_SBOM_SCAN_STAGE="true"
 
 ARG APT_PACKAGES_EXTRA
-ARG DOTENV_LINTER_VERSION
 ARG PHP_DEBIAN_RELEASE
 ARG PHP_VERSION
 ARG RUNTIME_GID
@@ -135,7 +139,6 @@ RUN set -ex \
 WORKDIR /var/www/
 
 ENV APT_PACKAGES_EXTRA=${APT_PACKAGES_EXTRA}
-ENV DOTENV_LINTER_VERSION="${DOTENV_LINTER_VERSION}"
 
 # Install and configure base layer
 COPY docker/shared/root/docker/install/base.sh /docker/install/base.sh
@@ -226,6 +229,7 @@ ENV RUNTIME_UID=${RUNTIME_UID}
 ENV RUNTIME_GID=${RUNTIME_GID}
 
 COPY --link --from=forego-image /usr/local/bin/forego /usr/local/bin/forego
+COPY --link --from=dottie-image /dottie /usr/local/bin/dottie
 COPY --link --from=gomplate-image /usr/local/bin/gomplate /usr/local/bin/gomplate
 COPY --link --from=composer-image /usr/bin/composer /usr/bin/composer
 COPY --link --from=composer-and-src --chown=${RUNTIME_UID}:${RUNTIME_GID} /var/www /var/www

+ 37 - 23
docker-compose.yml

@@ -1,5 +1,6 @@
 ---
-version: "3"
+# Require 3.8 to ensure people use a recent version of Docker + Compose
+version: "3.8"
 
 ###############################################################
 # Please see docker/README.md for usage information
@@ -53,7 +54,7 @@ services:
       - ${DOCKER_PROXY_ACME_PROFILE:-}
     environment:
       DEBUG: 0
-      DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
+      DEFAULT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}"
       NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy"
     depends_on:
       - proxy
@@ -74,21 +75,21 @@ services:
     build:
       target: ${DOCKER_APP_RUNTIME}-runtime
       args:
-        PHP_VERSION: "${DOCKER_APP_PHP_VERSION}"
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
         PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
         PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
-        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
-        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
         PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}"
     volumes:
       - "./.env:/var/www/.env"
       - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache"
       - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage"
       - "${DOCKER_APP_HOST_OVERRIDES_PATH}:/docker/overrides:ro"
     environment:
-      LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
-      LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
-      LETSENCRYPT_TEST: "${LETSENCRYPT_TEST:-}"
+      LETSENCRYPT_HOST: "${DOCKER_PROXY_LETSENCRYPT_HOST:?error}"
+      LETSENCRYPT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}"
+      LETSENCRYPT_TEST: "${DOCKER_PROXY_LETSENCRYPT_TEST:-}"
       VIRTUAL_HOST: "${APP_DOMAIN}"
       VIRTUAL_PORT: "80"
     labels:
@@ -117,12 +118,12 @@ services:
     build:
       target: ${DOCKER_APP_RUNTIME}-runtime
       args:
-        PHP_VERSION: "${DOCKER_APP_PHP_VERSION}"
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
         PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
         PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
-        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
-        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
         PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}"
     volumes:
       - "./.env:/var/www/.env"
       - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache"
@@ -133,23 +134,37 @@ services:
       - redis
     healthcheck:
       test: gosu www-data php artisan horizon:status | grep running
-      interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL}"
+      interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL:?error}"
       timeout: 5s
       retries: 2
 
   db:
-    image: mariadb:${DB_VERSION}
+    image: ${DOCKER_DB_IMAGE:?error}
     container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db"
-    command: --default-authentication-plugin=mysql_native_password
+    command: ${DOCKER_DB_COMMAND:-}
     restart: unless-stopped
     profiles:
       - ${DOCKER_DB_PROFILE:-}
-    env_file:
-      - ".env"
+    environment:
+      TZ: "${TZ:?error}"
+      # MySQL (Oracle) - "Environment Variables" at https://hub.docker.com/_/mysql
+      MYSQL_ROOT_PASSWORD: "${DB_PASSWORD:?error}"
+      MYSQL_USER: "${DB_USERNAME:?error}"
+      MYSQL_PASSWORD: "${DB_PASSWORD:?error}"
+      MYSQL_DATABASE: "${DB_DATABASE:?error}"
+      # MySQL (MariaDB) - "Start a mariadb server instance with user, password and database" at https://hub.docker.com/_/mariadb
+      MARIADB_ROOT_PASSWORD: "${DB_PASSWORD:?error}"
+      MARIADB_USER: "${DB_USERNAME:?error}"
+      MARIADB_PASSWORD: "${DB_PASSWORD:?error}"
+      MARIADB_DATABASE: "${DB_DATABASE:?error}"
+      # PostgreSQL - "Environment Variables" at https://hub.docker.com/_/postgres
+      POSTGRES_USER: "${DB_USERNAME:?error}"
+      POSTGRES_PASSWORD: "${DB_PASSWORD:?error}"
+      POSTGRES_DB: "${DB_DATABASE:?error}"
     volumes:
-      - "${DOCKER_DB_HOST_DATA_PATH}:/var/lib/mysql"
+      - "${DOCKER_DB_HOST_DATA_PATH:?error}:${DOCKER_DB_CONTAINER_DATA_PATH:?error}"
     ports:
-      - "${DOCKER_DB_HOST_PORT}:3306"
+      - "${DOCKER_DB_HOST_PORT:?error}:${DOCKER_DB_CONTAINER_PORT:?error}"
     healthcheck:
       test:
         [
@@ -159,7 +174,7 @@ services:
           "--connect",
           "--innodb_initialized",
         ]
-      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL}"
+      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:?error}"
       retries: 2
       timeout: 5s
 
@@ -169,9 +184,8 @@ services:
     restart: unless-stopped
     command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'"
     environment:
-      - REDISCLI_AUTH=${REDIS_PASSWORD:-}
-    env_file:
-      - ".env"
+      TZ: "${TZ:?error}"
+      REDISCLI_AUTH: ${REDIS_PASSWORD:-}
     volumes:
       - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis"
       - "${DOCKER_REDIS_HOST_DATA_PATH}:/data"
@@ -179,6 +193,6 @@ services:
       - "${DOCKER_REDIS_HOST_PORT}:6379"
     healthcheck:
       test: ["CMD", "redis-cli", "-p", "6379", "ping"]
-      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL}"
+      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:?error}"
       retries: 2
       timeout: 5s

+ 41 - 0
docker/nginx/root/docker/templates/etc/nginx/nginx.conf

@@ -0,0 +1,41 @@
+# This is changed from the original "nginx" in upstream to work properly
+# with permissions within pixelfed when serving static files.
+user www-data;
+
+worker_processes auto;
+
+# Ensure the PID is writable
+# Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged
+pid /tmp/nginx.pid;
+
+# Write error log to stderr (/proc/self/fd/2 -> /dev/stderr)
+error_log /proc/self/fd/2 notice;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+
+    # Write error log to stdout (/proc/self/fd/1 -> /dev/stdout)
+    access_log /proc/self/fd/1 main;
+
+    sendfile on;
+    tcp_nopush on;
+    keepalive_timeout 65;
+    gzip on;
+
+    # Ensure all temp paths are in a writable by "www-data" user.
+    # Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    include /etc/nginx/conf.d/*.conf;
+}

+ 5 - 1
docker/shared/root/docker/entrypoint.d/02-check-config.sh

@@ -13,5 +13,9 @@ for file in "${dot_env_files[@]}"; do
         continue
     fi
 
-    run-as-current-user dotenv-linter --skip=QuoteCharacter --skip=UnorderedKey "${file}"
+    # We ignore 'dir' + 'file' rules since they are validate *host* paths
+    # which do not (and should not) exists inside the container
+    #
+    # We disable fixer since its not interactive anyway
+    run-as-current-user dottie validate --file "${file}" --ignore-rule dir,file --no-fix
 done

+ 17 - 9
docker/shared/root/docker/helpers.sh

@@ -20,9 +20,10 @@ declare -g script_name=
 declare -g script_name_previous=
 declare -g log_prefix=
 
+declare -Ag lock_fds=()
+
 # dot-env files to source when reading config
 declare -a dot_env_files=(
-    /var/www/.env.docker
     /var/www/.env
 )
 
@@ -166,7 +167,7 @@ function log-error()
         log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty"
     fi
 
-    echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" > /dev/stderr
+    echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" >/dev/stderr
 }
 
 # @description Print the given error message to stderr and exit 1
@@ -197,7 +198,7 @@ function log-warning()
         log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty"
     fi
 
-    echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" > /dev/stderr
+    echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" >/dev/stderr
 }
 
 # @description Print the given message to stdout unless [ENTRYPOINT_QUIET_LOGS] is set
@@ -236,7 +237,7 @@ function log-info-stderr()
     fi
 
     if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then
-        echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" > /dev/stderr
+        echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" >/dev/stderr
     fi
 }
 
@@ -377,17 +378,20 @@ function acquire-lock()
 {
     local name="${1:-$script_name}"
     local file="${docker_locks_path}/${name}"
+    local lock_fd
 
     ensure-directory-exists "$(dirname "${file}")"
 
+    exec {lock_fd}>"$file"
+
     log-info "🔑 Trying to acquire lock: ${file}: "
-    while file-exists "${file}"; do
+    while ! ([[ -v lock_fds[$name] ]] || flock -n -x "$lock_fd"); do
         log-info "🔒 Waiting on lock ${file}"
 
         staggered-sleep
     done
 
-    stream-prefix-command-output touch "${file}"
+    [[ -v lock_fds[$name] ]] || lock_fds[$name]=$lock_fd
 
     log-info "🔐 Lock acquired [${file}]"
 
@@ -403,7 +407,11 @@ function release-lock()
 
     log-info "🔓 Releasing lock [${file}]"
 
-    stream-prefix-command-output rm -fv "${file}"
+    [[ -v lock_fds[$name] ]] || return
+
+    # shellcheck disable=SC1083,SC2086
+    flock --unlock ${lock_fds[$name]}
+    unset 'lock_fds[$name]'
 }
 
 # @description Helper function to append multiple actions onto
@@ -450,14 +458,14 @@ function await-database-ready()
     case "${DB_CONNECTION:-}" in
         mysql)
             # shellcheck disable=SC2154
-            while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" "${DB_DATABASE}" --silent > /dev/null; do
+            while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" "${DB_DATABASE}" --silent >/dev/null; do
                 staggered-sleep
             done
             ;;
 
         pgsql)
             # shellcheck disable=SC2154
-            while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" "${DB_DATABASE}" > /dev/null; do
+            while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" "${DB_DATABASE}" >/dev/null; do
                 staggered-sleep
             done
             ;;

+ 0 - 3
docker/shared/root/docker/install/base.sh

@@ -59,6 +59,3 @@ apt-get install -y "${packages[@]}"
 
 locale-gen
 update-locale
-
-# Install dotenv linter (https://github.com/dotenv-linter/dotenv-linter)
-curl -sSfL https://raw.githubusercontent.com/dotenv-linter/dotenv-linter/master/install.sh | sh -s -- -b /usr/local/bin "${DOTENV_LINTER_VERSION:-}"

+ 4 - 3
docker/shared/root/docker/templates/usr/local/etc/php/php.ini

@@ -406,7 +406,7 @@ max_input_time = 60
 
 ; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
-memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "128M" }}
+memory_limit = {{ getenv "DOCKER_APP_PHP_MEMORY_LIMIT" "128M" }}
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -570,8 +570,9 @@ report_memleaks = On
 ; Log errors to specified file. PHP's default behavior is to leave this value
 ; empty.
 ; http://php.net/error-log
-; Example:
-;error_log = php_errors.log
+;
+; NOTE: Write error log to stderr (/proc/self/fd/2 -> /dev/stderr)
+error_log = /proc/self/fd/2
 ; Log errors to syslog (Event Log on Windows).
 ;error_log = syslog
 

+ 1 - 1
goss.yaml

@@ -114,7 +114,7 @@ command:
 {{ end }}
 
 {{ if eq .Env.PHP_BASE_TYPE "apache" }}
-  nginx-version:
+  apache-version:
     exit-status: 0
     exec: 'apachectl -v'
     stdout:

Algúns arquivos non se mostraron porque demasiados arquivos cambiaron neste cambio