Merge pull request #359 from jhu-idc/tm--allow-ini-overrides

TM- envars for PHP, Makefile, container startup refinement
tests skipped for now

.env

@@ -1,9 +1,10 @@
+
 # Environment variables defined in this file apply to both the Makefile and to
 # docker-compose.yml
 #
 # Due to restrictions in the `env-file` format we cannot specify multi-line
 # values for environment variables. For this reason the environment
-# variables are set on service definitions in the docker-compose.*.yml files,
+# variables are set on service definitions in the docker-compose.activemq.yml docker-compose.alpaca.yml docker-compose.blazegraph.yml docker-compose.cantaloupe.yml docker-compose.crayfish.mariadb.yml docker-compose.crayfish.postgresql.yml docker-compose.crayfish.yml docker-compose.crayfits.yml docker-compose.custom.yml docker-compose.demo.yml docker-compose.drupal-dev.yml docker-compose.drupal.mariadb.yml docker-compose.drupal.postgresql.yml docker-compose.drupal.yml docker-compose.env.yml docker-compose.etcd.yml docker-compose.fcrepo.mariadb.yml docker-compose.fcrepo.postgresql.yml docker-compose.fcrepo.yml docker-compose.idc-crayfish.yml docker-compose.idc-snapshot.yml docker-compose.local.yml docker-compose.mariadb.yml docker-compose.matomo.yml docker-compose.minio.yml docker-compose.postgresql.yml docker-compose.saml.yml docker-compose.sample.env.yml docker-compose.solr.yml docker-compose.static.yml docker-compose.testcafe.yml docker-compose.traefik.yml docker-compose.watchtower.yml files,
 # rather than defined in `env-file` files.
 
 # Determines which docker-compose file(s) will be used for the `drupal` service.
@@ -12,7 +13,7 @@
 #
 # If this value is changed, docker-compose.yml must be updated in order for it
 # to take effect; e.g. 'make dev-up'
-ENVIRONMENT=local
+ENVIRONMENT=static
 
 REQUIRED_SERIVCES=activemq alpaca cantaloupe idc-crayfish drupal mariadb solr idc-snapshot testcafe minio
 ###############################################################################
@@ -104,12 +105,12 @@ DRUPAL_DEFAULT_S3_USE_CUSTOMHOST=true
 DRUPAL_DEFAULT_S3_USE_PATH_STYLE_ENDPOINT=true
 DRUPAL_DEFAULT_S3_PRIVATE_PATH=pr
 
-# Drupal's Trusted Host List -  This should be a comma separated list of strings, if you require more than one.
+# Drupal's Trusted Host List - This should be a comma separated list of strings, if you require more than one.
 # (If you put DRUPAL prefix on it, things will start to fail as the drupal container will put any DRUPAL_* env vars
 # into the fastcgi params file and the container will no longer start with this one there (the $ is probably the issue).
 # https://github.com/jhu-idc/idc-isle-buildkit/blob/main/drupal/rootfs/etc/cont-init.d/97-setup-drupal-environment-variables.sh)
-#TRUSTED_HOST_LIST=^.+\.traefik\.me$
-TRUSTED_HOST_LIST=^.+\.traefik\.me$$,^.+\.library\.jhu\.edu$$
+#TRUSTED_HOST_LIST=^.+.traefik.me$
+TRUSTED_HOST_LIST=^.+.traefik.me$$,^.+.library.jhu.edu$$
 
 # Google Tag Manager
 DRUPAL_GTM_CONTAINER_ID=
@@ -157,4 +158,4 @@ TEST_OPERATION_TIMEOUT_MS=180000
 MIGRATION_ASSETS_IMAGE_TAG=9519543.1637091427
 ALPACA_HOMERUS_HTTP_SOCKET_TIMEOUT_MS=7200000
 DRUPAL_JWT_EXPIRY_INTERVAL='+4 hour'
-ACTIVEMQ_WEB_PORT=8161
+DRUPAL_STATIC_TAG=static

.github/workflows/ci.yml

@@ -66,6 +66,7 @@ jobs:
     test:
         name: test
         runs-on: ubuntu-latest
+        if: false   # Don/Tim: disable testing for now
         needs: build
         strategy:
           matrix: ${{ fromJSON(needs.build.outputs.matrix) }}

.gitignore

@@ -22,6 +22,7 @@ codebase/.gitattributes
 codebase/web/core/
 codebase/web/modules/contrib/
 codebase/web/themes/contrib/
+codebase/web/sites/default/services.yml
 snapshot/data.tar
 xdebug*
 *.orig
@@ -112,4 +113,7 @@ screenshots/
 /images
 
 # Ignore Masonry
-codebase/web/libraries/masonry
+codebase/web/libraries/masonry
+
+# Composer authentication cache file, possibly generated by idc.Makefile for CI (ci.yml) authentication:
+**/auth.json

Dockerfile

@@ -4,18 +4,37 @@
 ARG REPOSITORY
 ARG TAG
 FROM ${REPOSITORY}/drupal:${TAG}
+ARG PHPINI__MEMORY_LIMIT=256m
+ARG PHPINI__REALPATH_CACHE_SIZE=512k
+ARG PHPINI__REALPATH_CACHE_TTL=120
 
 USER nginx
 
+# Allow build to override default envar used in above /etc/php6/conf.d/99-idc.ini:
+ENV IDC_MEMORY_LIMIT ${PHPINI__MEMORY_LIMIT}
+ENV IDC_REALPATH_CACHE_SIZE ${PHPINI__REALPATH_CACHE_SIZE}
+ENV IDC_REALPATH_CACHE_TTL ${PHPINI__REALPATH_CACHE_TTL}
+
 # Run composer install as application user:
 # Normal startup (via /init) must also happen as root
 USER root
 COPY --chown=nginx:www-data codebase /var/www/drupal/
 COPY --chown=0:0 rootfs /
-
-RUN COMPOSER_MEMORY_LIMIT=-1 COMPOSER_DISCARD_CHANGES=true composer install --no-interaction --no-progress && \
-    find /var/www/drupal/vendor \! -user nginx -exec chown -v nginx:www-data  {} \; && \
+RUN  \
+    /bin/rm -f /etc/cont-init.d/99-custom-setup.sh && \
+    for dirname in /var/www/drupal/{vendor,web} ; do \
+      if [ -d "$dirname" ] ; then \
+        find "$dirname" \! -user nginx -exec chown -v nginx:www-data  {} \; ; \
+      fi ; \
+    done && \
     chmod 0750 /var/www/drupal/fix_permissions.sh && \
-    /var/www/drupal/fix_permissions.sh /var/www/drupal/web nginx  && \
+    /var/www/drupal/fix_permissions.sh /var/www/drupal/web nginx 
+
+# Run composer install as unprivileged user:
+USER nginx
+RUN \
+    COMPOSER_MEMORY_LIMIT=-1 COMPOSER_DISCARD_CHANGES=true composer install --no-interaction --no-progress --prefer-dist && \
     composer clearcache
 
+# /init process must be run as root:
+USER root

Makefile

@@ -385,6 +385,7 @@ dev:
 	$(MAKE) install ENVIRONMENT=local
 	$(MAKE) hydrate ENVIRONMENT=local
 
+
 .phony: confirm
 confirm:
 	@echo "\n\n"
@@ -399,6 +400,11 @@ clean:
 	$(MAKE) confirm
 	-docker-compose down -v --remove-orphans
 	# $(MAKE) set-codebase-owner
+	echo "Preparing to forcibly remove 'codebase/' and certs/ directories"
+	echo "Note: elevating to root permissions via sudo to remove possible codebase/ with changed ownership"
+	echo "you might be prompted for local password for sudo permissions:"
 	sudo rm -fr codebase certs
 	# git clean -xffd .
 	git checkout codebase
+	echo "Clean completed successfully."
+

codebase/composer.json

@@ -96,6 +96,18 @@
                 }
             }
         },
+        {
+            "type": "package",
+            "package": {
+                "name": "islandora/chullo",
+                "version": "dev-dev",
+                "source": {
+                    "type": "git",
+                    "url": "https://github.com/Islandora/chullo.git",
+                    "reference": "d563d5e48ef9b15dcf45029277bbc2f6eeef2454"
+                }
+            }
+        },
         {
             "type": "package",
             "package": {
@@ -123,9 +135,9 @@
         "drupal/contact_emails": "^1.19",
         "drupal/contact_storage": "^1.1",
         "drupal/content_browser": "^1.0@alpha",
-        "drupal/core-composer-scaffold": "9.4.7",
-        "drupal/core-project-message": "9.4.7",
-        "drupal/core-recommended": "9.4.7",
+        "drupal/core-composer-scaffold": "9.4.9",
+        "drupal/core-project-message": "9.4.9",
+        "drupal/core-recommended": "9.4.9",
         "drupal/core-vendor-hardening": "^9.2",
         "drupal/devel": "^4.1",
         "drupal/embed": "^1.4",
@@ -159,7 +171,7 @@
         "jhu-idc/idc-ui-theme": "dev-main",
         "jhu-idc/idc_defaults": "dev-main",
         "jhu-idc/idc_export": "dev-main",
-        "jhu-idc/idc_ui_module": "dev-main",
+        "jhu-idc/idc_ui_module": "dev-main#b9a08d3bc252ebad9d07fec2fc1c883e17d7f593",
         "jhu-idc/islandora_defaults": "dev-8.x-1.x",
         "jhu-idc/islandora_repository_reports": "dev-main",
         "jhu-idc/migrate_file": "dev-8.x-1.x",