jev/jev-charms
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jev:f9954e3b52355793a7fc61ef640a33b5f7f2e8bd
Branches Tags
jev:master
...
compare: jev:85f19e68327b9b3fd7b3227150e74cc9f24e3aef
Branches Tags
jev:master

7 Commits
f9954e3b52 ... 85f19e6832

Author SHA1 Message Date
Valentin Lab
85f19e6832 new: [opensem] add automatic database migration 2025-10-11 05:06:14 +02:00
Valentin Lab
aed1449a19 chg: dev: [opensem] move php dir creation from `publish-dir to php-fpm` 2025-10-11 05:06:14 +02:00
Valentin Lab
e7f71e7b40 fix: [opensem] remove the need to care about leading zeroes in rank 2025-10-11 05:06:14 +02:00
Valentin Lab
1e6a92f7a7 new: doc: [opensem] add some `README.org` information 2025-10-11 05:06:14 +02:00
Valentin Lab
b2c688656f new: [opensem] upgrade to 1.0.0-rc.5 2025-10-11 05:06:14 +02:00
Valentin Lab
ec7a6cb3cb new: [opensem] upgrade to 1.0.0-rc.4 2025-10-11 05:04:47 +02:00
Valentin Lab
26a4470432 new: [opensem] add `paybox-system` relation 2025-10-11 05:04:07 +02:00
8 changed files with 220 additions and 83 deletions
Expand all files Collapse all files

6
README.org Normal file
View File

@@ -0,0 +1,6 @@
# -*- ispell-local-dictionary: "english" -*-
* What is jev-charms
This contains the 0k charm recipes for a managed deployment of ~opensem~
app on a 0k ready installation.

73
opensem/README.org
View File

@@ -3,8 +3,73 @@
* Build source code
Using a ~Dockerfile~ and forcing latest known working ~composer.lock~
and ~yarn.lock~ to ensure reproducible build.
Using ~opensem~ source code, with the ~./build.sh~, we can build a proper
~opensem-X.Y.Z.tar.xz~ that is ready for deployment.
We provide the resulting production ready application files in a
~tar.xz~.
* Charm usage
Please note that =paylib-system= relation is required and no
auto-summon exists. It won't auto-pair neither as no charm currently
provides this relation.
So you need to explicitly express this relation to a =stub= service.
* Usage
** Opensem
Typical installation of opensem would be:
#+begin_src yaml
opensem:
charm: opensem
options:
env:
mail:
from:
name: "Boutique Jardin En Vie"
address: boutique@jardinenvie.com
relations:
publish-dir:
frontend:
domain: boutique.jardinenvie.com
paybox-system:
paybox:
test: true
rank: 1 ## no need for zeroes before !
site: 2XXXX9
id: 2XXXXX4
hmac-key: "FFAXXXXX...XXXXX"
paybox:
charm: stub
letsencrypt:
options:
email: my-email@example.com
frontend:
charm: mailcow-www
logrotate:
cron:
jev-smtp:
charm: smtp-stub
options:
host: mail.jardinenvie.com
port: 465
connection-security: ssl
auth-method: password
login: boutique@jardinenvie.com
password: CXXXXXXXXXXg
rsync-backup:
options:
ident: ext-00.jardinenvie.com
target: my-backup-host.com
private-key: |
# ...
#+end_src

64
opensem/hooks/paybox_system-relation-joined Executable file
View File

@@ -0,0 +1,64 @@
#!/bin/bash
. lib/common
set -e
test=$(relation-get test 2>/dev/null) || true
site=$(relation-get site) || {
err "The 'site' option is required."
exit 1
}
rank=$(relation-get rank) || {
err "The 'rank' option is required."
exit 1
}
id=$(relation-get id) || {
err "The 'id' option is required."
exit 1
}
hmac_key=$(relation-get hmac-key) || {
err "The 'hmac-key' option is required."
exit 1
}
rank=$(printf "%03d" "$rank")
[ -n "$test" ] && opensem:config-set PAYBOX_TEST "$test"
opensem:config-set PAYBOX_SITE "$site"
opensem:config-set PAYBOX_RANK "$rank"
opensem:config-set PAYBOX_ID "$id"
opensem:config-set PAYBOX_HMAC_KEY "$hmac_key"
paybox_url="http://www1.paybox.com/wp-content/uploads/2014/03/pubkey.pem"
paybox_pubkey_path="$SERVICE_DATASTORE/var/lib/opensem/paybox/pubkey.pem"
if ! [ -f "$paybox_pubkey_path" ]; then
mkdir -p "${paybox_pubkey_path%/*}"
if ! curl -sSL "$paybox_url" -o "$paybox_pubkey_path"; then
err "Failed to download Paybox public key from $paybox_url"
exit 1
fi
fi
## and create the mount point also:
paybox_mount_dir="$SERVICE_CONFIGSTORE/opt/apps/opensem/storage/paybox"
if ! [ -d "$paybox_mount_dir" ]; then
mkdir -p "$paybox_mount_dir" || {
err "Could not create directory $paybox_mount_dir"
exit 1
}
fi
php_fpm_service=$(service:traverse "$SERVICE_NAME":php-fpm) || {
err "Could not find php-fpm service for $SERVICE_NAME"
exit 1
}
config-add "
services:
$php_fpm_service:
volumes:
- $SERVICE_DATASTORE/var/lib/opensem/paybox:/opt/apps/$SERVICE_NAME/storage/paybox:ro
"

66
opensem/hooks/php_fpm-relation-joined Executable file
View File

@@ -0,0 +1,66 @@
#!/bin/bash
. lib/common
set -e
uid_gid=$(get_service_base_image_dir_uid_gid "$MASTER_TARGET_SERVICE_NAME" /var/www/html) || {
err "Could not determine uid:gid for $MASTER_TARGET_SERVICE_NAME of dir /var/www/html"
exit 1
}
gid="${uid_gid#* }"
dirs=(
/var/cache/opensem/bootstrap
/var/cache/opensem/framework
/var/cache/opensem/views
/var/lib/opensem/sessions
/var/lib/opensem/app
/var/lib/opensem/app/public
/var/log/opensem
)
to_create=()
volumes=""
for d in "${dirs[@]}"; do
fdir="${SERVICE_DATASTORE}$d"
if [ -d "$fdir" ]; then
find "$fdir" \! -gid "$gid" -print0 | while read-0 f; do
chgrp -v "$gid" "$f" || return 1
done
find "$fdir" \! -perm -g+rwx -print0 | while read-0 f; do
chmod -v g+rwx "$f" || return 1
done
else
to_create+=("$fdir")
fi
done
if [ "${#to_create[@]}" -gt 0 ]; then
mkdir -p "${to_create[@]}" || return 1
chgrp -v "${gid}" "${to_create[@]}" || return 1
chmod g+rwx "${to_create[@]}" || return 1
fi
dev=$(options-get dev 2>/dev/null) || true
if [ -n "$dev" ]; then
# if ! [ -d "$dev" ]; then
# err "The 'dev' option is set to '$dev' but this is not a directory."
# exit 1
# fi
OPENSEM_CODE="$dev"
fi
service:docker-compose:directive-merge "$MASTER_TARGET_SERVICE_NAME" <<EOF
volumes:
- $OPENSEM_CODE:/opt/apps/$SERVICE_NAME:ro
- $SERVICE_DATASTORE/var/cache/opensem/bootstrap:/opt/apps/$SERVICE_NAME/bootstrap/cache:rw
- $SERVICE_DATASTORE/var/cache/opensem/framework:/opt/apps/$SERVICE_NAME/storage/framework/cache:rw
- $SERVICE_DATASTORE/var/cache/opensem/views:/opt/apps/$SERVICE_NAME/storage/framework/views:rw
- $SERVICE_DATASTORE/var/lib/opensem/sessions:/opt/apps/$SERVICE_NAME/storage/framework/sessions:rw
## Required to give PHP write access to this dir
- $SERVICE_DATASTORE/var/lib/opensem/app:/opt/apps/$SERVICE_NAME/storage/app:rw
- $SERVICE_DATASTORE/var/lib/opensem/app/public:/opt/apps/$SERVICE_NAME/storage/app/public:rw
EOF

3
opensem/hooks/pre_deploy
View File

@@ -5,3 +5,6 @@
set -e
mv -v "${OPENSEM_CONFIG_FILE}" "${OPENSEM_CONFIG_FILE%.prepare}"
artisan migrate -v --force &&
artisan migrate -v --path=database/migrations/shop --force

71
opensem/hooks/publish_dir-relation-joined
View File

@@ -9,80 +9,9 @@ url=$(relation-get url) || exit 1
location=$CONFIGSTORE/$BASE_SERVICE_NAME/var/www/$domain
php_fpm_service=$(service:traverse "$SERVICE_NAME":php-fpm) || {
err "Could not find php-fpm service for $SERVICE_NAME"
exit 1
}
uid_gid=$(get_service_base_image_dir_uid_gid "$php_fpm_service" /var/www/html) || {
err "Could not determine uid:gid for $php_fpm_service of dir /var/www/html"
exit 1
}
gid="${uid_gid#* }"
dirs=(
/var/cache/opensem/bootstrap
/var/cache/opensem/framework
/var/cache/opensem/views
/var/lib/opensem/sessions
/var/lib/opensem/app
/var/lib/opensem/app/public
/var/log/opensem
)
to_create=()
volumes=""
for d in "${dirs[@]}"; do
fdir="${SERVICE_DATASTORE}$d"
if [ -d "$fdir" ]; then
find "$fdir" \! -gid "$gid" -print0 | while read-0 f; do
chgrp -v "$gid" "$f" || return 1
done
find "$fdir" \! -perm -g+rwx -print0 | while read-0 f; do
chmod -v g+rwx "$f" || return 1
done
else
to_create+=("$fdir")
fi
done
if [ "${#to_create[@]}" -gt 0 ]; then
mkdir -p "${to_create[@]}" || return 1
chgrp -v "${gid}" "${to_create[@]}" || return 1
chmod g+rwx "${to_create[@]}" || return 1
fi
opensem:config-set APP_URL "$url"
dev=$(options-get dev 2>/dev/null) || true
if [ -n "$dev" ]; then
# if ! [ -d "$dev" ]; then
# err "The 'dev' option is set to '$dev' but this is not a directory."
# exit 1
# fi
OPENSEM_CODE="$dev"
fi
service:docker-compose:directive-merge "$MASTER_TARGET_SERVICE_NAME" <<EOF
volumes:
- $SERVICE_DATASTORE/var/lib/opensem/app/public:/var/www/$domain/storage:ro
EOF
config-add "
services:
$php_fpm_service:
volumes:
# - $OPENSEM_CODE/public:/var/www/$domain:ro
- $OPENSEM_CODE:/opt/apps/$SERVICE_NAME:ro
- $SERVICE_DATASTORE/var/cache/opensem/bootstrap:/opt/apps/$SERVICE_NAME/bootstrap/cache:rw
- $SERVICE_DATASTORE/var/cache/opensem/framework:/opt/apps/$SERVICE_NAME/storage/framework/cache:rw
- $SERVICE_DATASTORE/var/cache/opensem/views:/opt/apps/$SERVICE_NAME/storage/framework/views:rw
- $SERVICE_DATASTORE/var/lib/opensem/sessions:/opt/apps/$SERVICE_NAME/storage/framework/sessions:rw
## Required to give PHP write access to this dir
- $SERVICE_DATASTORE/var/lib/opensem/app:/opt/apps/$SERVICE_NAME/storage/app:rw
- $SERVICE_DATASTORE/var/lib/opensem/app/public:/opt/apps/$SERVICE_NAME/storage/app/public:rw
"

12
opensem/lib/common
View File

@@ -2,7 +2,7 @@
OPENSEM_DIR="/opt/apps/opensem"
OPENSEM_CODE="$SERVICE_CONFIGSTORE$OPENSEM_DIR"
OPENSEM_RELEASE=1.0.0-rc.1
OPENSEM_RELEASE=1.0.0-rc.5
OPENSEM_URL=https://docker.0k.io/downloads/opensem-"${OPENSEM_RELEASE}".tar.xz
OPENSEM_CONFIG_FILE="${OPENSEM_CODE}"/.env.prepare
@@ -111,16 +111,12 @@ artisan() {
export COMPOSE_IGNORE_ORPHANS=true
php_fpm_service=$(service:traverse "$SERVICE_NAME":php-fpm) || return 1
## We don't want post deploy that is doing the final http initialization.
compose --debug -q --no-init --no-post-deploy --no-pre-deploy \
--without-relation="$SERVICE_NAME":publish-dir \
run \
"${artisan_docker_run_opts[@]}" \
launch_docker_compose run \
-T --rm -w /opt/apps/"$SERVICE_NAME" \
--entrypoint php \
-u www-data "$php_fpm_service" artisan "$@" | cat
-u www-data "$php_fpm_service" artisan "$@"
return "${PIPESTATUS[0]}"
return "$?"
}
dotenv:quote() {

8
opensem/metadata.yml
View File

@@ -74,3 +74,11 @@ uses:
solves:
unmanaged-logs: "in docker logs"
#default-options:
paybox-system:
#constraint: required | recommended | optional
#auto: pair | summon | none ## default: pair
constraint: required
auto: pair
solves:
missing-payment: "credit card payment"
#default-options: