new: [opensem] add automatic database migration

chg: dev: [opensem] move php dir creation from `publish-dir to php-fpm`
fix: [opensem] remove the need to care about leading zeroes in rank
2025-10-11 05:08:28 +02:00 · 2025-10-11 05:08:28 +02:00 · 2025-10-11 05:08:28 +02:00 · 2025-10-11 05:08:28 +02:00 · 2025-10-11 05:08:28 +02:00 · 2025-10-11 05:08:28 +02:00
8 changed files with 220 additions and 84 deletions
--- a/README.org
+++ b/README.org
@@ -0,0 +1,6 @@
+# -*- ispell-local-dictionary: "english" -*-
+
+* What is jev-charms
+
+This contains the 0k charm recipes for a managed deployment of ~opensem~
+app on a 0k ready installation.
--- a/opensem/README.org
+++ b/opensem/README.org
@@ -3,8 +3,73 @@

 * Build source code

-Using a ~Dockerfile~ and forcing latest known working ~composer.lock~
-and ~yarn.lock~ to ensure reproducible build.
+Using ~opensem~ source code, with the ~./build.sh~, we can build a proper
+~opensem-X.Y.Z.tar.xz~ that is ready for deployment.

-We provide the resulting production ready application files in a
-~tar.xz~.
+* Charm usage
+
+Please note that =paylib-system= relation is required and no
+auto-summon exists. It won't auto-pair neither as no charm currently
+provides this relation.
+
+So you need to explicitly express this relation to a =stub= service.
+
+* Usage
+
+** Opensem
+
+Typical installation of opensem would be:
+
+#+begin_src yaml
+opensem:
+  charm: opensem
+  options:
+    env:
+      mail:
+        from:
+          name: "Boutique Jardin En Vie"
+          address: boutique@jardinenvie.com
+
+  relations:
+    publish-dir:
+      frontend:
+        domain: boutique.jardinenvie.com
+    paybox-system:
+      paybox:
+        test: true
+        rank: 1  ## no need for zeroes before !
+        site: 2XXXX9
+        id: 2XXXXX4
+        hmac-key: "FFAXXXXX...XXXXX"
+
+paybox:
+  charm: stub
+
+letsencrypt:
+  options:
+    email: my-email@example.com
+
+frontend:
+  charm: mailcow-www
+
+logrotate:
+
+cron:
+
+jev-smtp:
+  charm: smtp-stub
+  options:
+    host: mail.jardinenvie.com
+    port: 465
+    connection-security: ssl
+    auth-method: password
+    login: boutique@jardinenvie.com
+    password: CXXXXXXXXXXg
+
+rsync-backup:
+  options:
+    ident: ext-00.jardinenvie.com
+    target: my-backup-host.com
+    private-key: |
+      # ...
+#+end_src
--- a/opensem/hooks/paybox_system-relation-joined
+++ b/opensem/hooks/paybox_system-relation-joined
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+. lib/common
+
+set -e
+
+test=$(relation-get test 2>/dev/null) || true
+site=$(relation-get site) || {
+    err "The 'site' option is required."
+    exit 1
+}
+rank=$(relation-get rank) || {
+    err "The 'rank' option is required."
+    exit 1
+}
+id=$(relation-get id) || {
+    err "The 'id' option is required."
+    exit 1
+}
+hmac_key=$(relation-get hmac-key) || {
+    err "The 'hmac-key' option is required."
+    exit 1
+}
+
+rank=$(printf "%03d" "$rank")
+
+[ -n "$test" ] && opensem:config-set PAYBOX_TEST "$test"
+opensem:config-set PAYBOX_SITE "$site"
+opensem:config-set PAYBOX_RANK "$rank"
+opensem:config-set PAYBOX_ID "$id"
+opensem:config-set PAYBOX_HMAC_KEY "$hmac_key"
+
+paybox_url="http://www1.paybox.com/wp-content/uploads/2014/03/pubkey.pem"
+paybox_pubkey_path="$SERVICE_DATASTORE/var/lib/opensem/paybox/pubkey.pem"
+
+if ! [ -f "$paybox_pubkey_path" ]; then
+    mkdir -p "${paybox_pubkey_path%/*}"
+    if ! curl -sSL "$paybox_url" -o "$paybox_pubkey_path"; then
+        err "Failed to download Paybox public key from $paybox_url"
+        exit 1
+    fi
+fi
+
+## and create the mount point also:
+paybox_mount_dir="$SERVICE_CONFIGSTORE/opt/apps/opensem/storage/paybox"
+if ! [ -d "$paybox_mount_dir" ]; then
+    mkdir -p "$paybox_mount_dir" || {
+        err "Could not create directory $paybox_mount_dir"
+        exit 1
+    }
+fi
+
+
+php_fpm_service=$(service:traverse "$SERVICE_NAME":php-fpm) || {
+    err "Could not find php-fpm service for $SERVICE_NAME"
+    exit 1
+}
+
+config-add "
+services:
+  $php_fpm_service:
+    volumes:
+      - $SERVICE_DATASTORE/var/lib/opensem/paybox:/opt/apps/$SERVICE_NAME/storage/paybox:ro
+"
--- a/opensem/hooks/php_fpm-relation-joined
+++ b/opensem/hooks/php_fpm-relation-joined
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+. lib/common
+
+set -e
+
+uid_gid=$(get_service_base_image_dir_uid_gid "$MASTER_TARGET_SERVICE_NAME" /var/www/html) || {
+    err "Could not determine uid:gid for $MASTER_TARGET_SERVICE_NAME of dir /var/www/html"
+    exit 1
+}
+gid="${uid_gid#* }"
+
+dirs=(
+    /var/cache/opensem/bootstrap
+    /var/cache/opensem/framework
+    /var/cache/opensem/views
+    /var/lib/opensem/sessions
+    /var/lib/opensem/app
+    /var/lib/opensem/app/public
+    /var/log/opensem
+)
+
+
+to_create=()
+volumes=""
+for d in "${dirs[@]}"; do
+    fdir="${SERVICE_DATASTORE}$d"
+    if [ -d "$fdir" ]; then
+        find "$fdir" \! -gid "$gid" -print0 | while read-0 f; do
+            chgrp -v "$gid" "$f" || return 1
+        done
+        find "$fdir" \! -perm -g+rwx -print0 | while read-0 f; do
+            chmod -v g+rwx "$f" || return 1
+        done
+    else
+        to_create+=("$fdir")
+    fi
+done
+
+if [ "${#to_create[@]}" -gt 0 ]; then
+    mkdir -p "${to_create[@]}" || return 1
+    chgrp -v "${gid}" "${to_create[@]}" || return 1
+    chmod g+rwx "${to_create[@]}" || return 1
+fi
+
+dev=$(options-get dev 2>/dev/null) || true
+if [ -n "$dev" ]; then
+    # if ! [ -d "$dev" ]; then
+    #     err "The 'dev' option is set to '$dev' but this is not a directory."
+    #     exit 1
+    # fi
+
+    OPENSEM_CODE="$dev"
+fi
+
+service:docker-compose:directive-merge "$MASTER_TARGET_SERVICE_NAME" <<EOF
+volumes:
+  - $OPENSEM_CODE:/opt/apps/$SERVICE_NAME:ro
+  - $SERVICE_DATASTORE/var/cache/opensem/bootstrap:/opt/apps/$SERVICE_NAME/bootstrap/cache:rw
+  - $SERVICE_DATASTORE/var/cache/opensem/framework:/opt/apps/$SERVICE_NAME/storage/framework/cache:rw
+  - $SERVICE_DATASTORE/var/cache/opensem/views:/opt/apps/$SERVICE_NAME/storage/framework/views:rw
+  - $SERVICE_DATASTORE/var/lib/opensem/sessions:/opt/apps/$SERVICE_NAME/storage/framework/sessions:rw
+  ## Required to give PHP write access to this dir
+  - $SERVICE_DATASTORE/var/lib/opensem/app:/opt/apps/$SERVICE_NAME/storage/app:rw
+  - $SERVICE_DATASTORE/var/lib/opensem/app/public:/opt/apps/$SERVICE_NAME/storage/app/public:rw
+EOF
--- a/opensem/hooks/pre_deploy
+++ b/opensem/hooks/pre_deploy
@@ -5,3 +5,6 @@
 set -e

 mv -v "${OPENSEM_CONFIG_FILE}" "${OPENSEM_CONFIG_FILE%.prepare}"
+
+artisan migrate -v --force &&
+artisan migrate -v --path=database/migrations/shop --force
--- a/opensem/hooks/publish_dir-relation-joined
+++ b/opensem/hooks/publish_dir-relation-joined
@@ -9,80 +9,9 @@ url=$(relation-get url) || exit 1

 location=$CONFIGSTORE/$BASE_SERVICE_NAME/var/www/$domain

-php_fpm_service=$(service:traverse "$SERVICE_NAME":php-fpm) || {
-    err "Could not find php-fpm service for $SERVICE_NAME"
-    exit 1
-}
-
-uid_gid=$(get_service_base_image_dir_uid_gid "$php_fpm_service" /var/www/html) || {
-    err "Could not determine uid:gid for $php_fpm_service of dir /var/www/html"
-    exit 1
-}
-gid="${uid_gid#* }"
-
-dirs=(
-    /var/cache/opensem/bootstrap
-    /var/cache/opensem/framework
-    /var/lib/opensem/views
-    /var/lib/opensem/sessions
-    /var/lib/opensem/app
-    /var/lib/opensem/app/public
-    /var/log/opensem
-)
-
-
-to_create=()
-volumes=""
-for d in "${dirs[@]}"; do
-    fdir="${SERVICE_DATASTORE}$d"
-    if [ -d "$fdir" ]; then
-        find "$fdir" \! -gid "$gid" -print0 | while read-0 f; do
-            chgrp -v "$gid" "$f" || return 1
-        done
-        find "$fdir" \! -perm -g+rwx -print0 | while read-0 f; do
-            chmod -v g+rwx "$f" || return 1
-        done
-    else
-        to_create+=("$fdir")
-    fi
-done
-
-if [ "${#to_create[@]}" -gt 0 ]; then
-    mkdir -p "${to_create[@]}" || return 1
-    chgrp -v "${gid}" "${to_create[@]}" || return 1
-    chmod g+rwx "${to_create[@]}" || return 1
-fi
-
 opensem:config-set APP_URL "$url"

-dev=$(options-get dev 2>/dev/null) || true
-if [ -n "$dev" ]; then
-    # if ! [ -d "$dev" ]; then
-    #     err "The 'dev' option is set to '$dev' but this is not a directory."
-    #     exit 1
-    # fi
-
-    OPENSEM_CODE="$dev"
-fi
-
-
 service:docker-compose:directive-merge "$MASTER_TARGET_SERVICE_NAME" <<EOF
 volumes:
  - $SERVICE_DATASTORE/var/lib/opensem/app/public:/var/www/$domain/storage:ro
 EOF
-
-config-add "
-services:
-  $php_fpm_service:
-    volumes:
-      # - $OPENSEM_CODE/public:/var/www/$domain:ro
-      - $OPENSEM_CODE:/opt/apps/$SERVICE_NAME:ro
-      - $SERVICE_DATASTORE/var/cache/opensem/bootstrap:/opt/apps/$SERVICE_NAME/bootstrap/cache:rw
-      - $SERVICE_DATASTORE/var/cache/opensem/framework:/opt/apps/$SERVICE_NAME/storage/framework/cache:rw
-      - $SERVICE_DATASTORE/var/lib/opensem/views:/opt/apps/$SERVICE_NAME/storage/framework/views:rw
-      - $SERVICE_DATASTORE/var/lib/opensem/sessions:/opt/apps/$SERVICE_NAME/storage/framework/sessions:rw
-      ## Required to give PHP write access to this dir
-      - $SERVICE_DATASTORE/var/lib/opensem/app:/opt/apps/$SERVICE_NAME/storage/app:rw
-      - $SERVICE_DATASTORE/var/lib/opensem/app/public:/opt/apps/$SERVICE_NAME/storage/app/public:rw
-
-"
--- a/opensem/lib/common
+++ b/opensem/lib/common
@@ -2,7 +2,7 @@

 OPENSEM_DIR="/opt/apps/opensem"
 OPENSEM_CODE="$SERVICE_CONFIGSTORE$OPENSEM_DIR"
-OPENSEM_RELEASE=1.0.0-rc.1
+OPENSEM_RELEASE=1.0.0-rc.5
 OPENSEM_URL=https://docker.0k.io/downloads/opensem-"${OPENSEM_RELEASE}".tar.xz
 OPENSEM_CONFIG_FILE="${OPENSEM_CODE}"/.env.prepare

@@ -111,16 +111,12 @@ artisan() {
    export COMPOSE_IGNORE_ORPHANS=true

    php_fpm_service=$(service:traverse "$SERVICE_NAME":php-fpm) || return 1
-    ## We don't want post deploy that is doing the final http initialization.
-    compose --debug -q --no-init --no-post-deploy --no-pre-deploy \
-            --without-relation="$SERVICE_NAME":publish-dir \
-            run \
-            "${artisan_docker_run_opts[@]}" \
+    launch_docker_compose run \
            -T --rm -w /opt/apps/"$SERVICE_NAME" \
            --entrypoint php \
-            -u www-data "$php_fpm_service" artisan "$@" | cat
+            -u www-data "$php_fpm_service" artisan "$@"

-    return "${PIPESTATUS[0]}"
+    return "$?"
 }

 dotenv:quote() {
--- a/opensem/metadata.yml
+++ b/opensem/metadata.yml
@@ -41,7 +41,6 @@ uses:
      exclude-patterns:
        - "/var/cache/"                    ## cache
        - "/var/lib/opensem/sessions/"     ## sessions
-        - "/var/lib/opensem/views/"        ## compiled blade cache

  php-fpm:
    #constraint: required | recommended | optional
@@ -75,3 +74,11 @@ uses:
    solves:
      unmanaged-logs: "in docker logs"
    #default-options:
+  paybox-system:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required
+    auto: pair
+    solves:
+      missing-payment: "credit card payment"
+    #default-options:
Author	SHA1	Message	Date
Valentin Lab	a2f98fd1cf	new: [opensem] add automatic database migration	2025-10-11 05:08:28 +02:00
Valentin Lab	f74e9b8ea8	chg: dev: [opensem] move php dir creation from ``publish-dir` `to` `php-fpm``	2025-10-11 05:08:28 +02:00
Valentin Lab	e2af51d181	fix: [opensem] remove the need to care about leading zeroes in rank	2025-10-11 05:08:28 +02:00
Valentin Lab	1e1e8fde0f	new: doc: [opensem] add some ``README.org`` information	2025-10-11 05:08:28 +02:00
Valentin Lab	55dd28c6d8	new: [opensem] upgrade to 1.0.0-rc.5	2025-10-11 05:08:28 +02:00
Valentin Lab	e34372631f	new: [opensem] upgrade to 1.0.0-rc.4	2025-10-11 05:08:28 +02:00
Valentin Lab	55f88737b9	new: [opensem] add ``paybox-system`` relation	2025-10-11 05:08:28 +02:00
Valentin Lab	c4ae6f55f2	chg: [opensem] move '/var/lib/opensem/views' to '/var/cache/opensem/views' This directory is the compiled blade cache. It should be in the cache directory.	2025-10-11 05:08:21 +02:00