druidfi · back-2-95 · May 8, 2024 · May 8, 2024 · May 8, 2024 · Jul 8, 2024
diff --git a/.env b/.env
@@ -0,0 +1,19 @@
+#
+# Enviromental values for Makefiles and for Docker Compose
+#
+
+# Local hostname
+DRUPAL_HOSTNAME=starshot.docker.so
+
+IS_DRUPAL=yes
+
+# Default source @alias where to sync database and files from
+DRUPAL_SYNC_SOURCE=dev
+
+# Use stage_file_proxy
+DRUPAL_SYNC_FILES=no
+
+# Download dump from repo artifacts
+GH_DUMP_ARTIFACT=no
+
+WEBROOT=web
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,14 @@
 /composer.lock
 /patches.lock.json
 /vendor
-/web
+/web/*.*
+/web/core
+/web/libraries
+/web/modules
+/web/profiles
+/web/recipes
+/web/sites/*.*
+/web/sites/default/*.*
+/web/sites/default/files
+!/web/sites/default/default.settings.php
+/web/themes
diff --git a/Makefile b/Makefile
@@ -0,0 +1,17 @@
+PHONY :=
+PROJECT_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
+
+# Include project env vars (if exists)
+-include .env
+-include .env.local
+
+# Include druidfi/tools config
+include $(PROJECT_DIR)/tools/make/Makefile
+
+# Include project specific make files (if they exist)
+-include $(PROJECT_DIR)/tools/make/project/*.mk
+
+# Project specific overrides for variables (if they exist)
+-include $(PROJECT_DIR)/tools/make/override.mk
+
+.PHONY: $(PHONY)
diff --git a/compose.yaml b/compose.yaml
@@ -0,0 +1,45 @@
+services:
+
+  app:
+    container_name: ${COMPOSE_PROJECT_NAME}-app
+    hostname: ${COMPOSE_PROJECT_NAME}
+    image: druidfi/drupal-web:v8.3.8
+    depends_on:
+      db:
+        condition: service_healthy
+    volumes:
+      - .:/app:delegated
+    environment:
+      APP_ENV: ${APP_ENV:-dev}
+      DRUSH_OPTIONS_URI: https://${DRUPAL_HOSTNAME}
+      SIMPLETEST_BASE_URL: http://app:8080
+      SIMPLETEST_DB: mysql://drupal:drupal@db:3306/drupal
+      XDEBUG_ENABLE: ${XDEBUG_ENABLE:-false}
+      WEBROOT: web
+      # This is for Starshot installer
+      DB: mysql://drupal:drupal@db:3306/drupal
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME}-app.entrypoints=https
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME}-app.rule=Host(`${DRUPAL_HOSTNAME}`)
+      - traefik.http.routers.${COMPOSE_PROJECT_NAME}-app.tls=true
+      - traefik.http.services.${COMPOSE_PROJECT_NAME}-app.loadbalancer.server.port=8080
+      - traefik.docker.network=stonehenge-network
+    networks:
+      - default
+      - stonehenge-network
+
+  db:
+    container_name: ${COMPOSE_PROJECT_NAME}-db
+    image: druidfi/mysql:8.0-drupal-lts
+    ports:
+      - 3306
+    healthcheck:
+      test: [ "CMD", "mysqladmin" ,"ping", "-h", "localhost", "-uroot", "-pdrupal" ]
+      interval: 5s
+      timeout: 5s
+      retries: 3
+
+networks:
+  stonehenge-network:
+    external: true
diff --git a/composer.json b/composer.json
@@ -134,8 +134,10 @@
         }
     },
     "require": {
+        "php": "^8.3",
         "composer/installers": "^2.3",
         "cweagans/composer-patches": "^2",
+        "druidfi/omen": "^0.9.0",
         "drupal/core-composer-scaffold": "^10.3",
         "drupal/core-project-message": "^10.3",
         "drupal/core-recommended": "^10.3",
@@ -168,6 +170,9 @@
     },
     "extra": {
         "drupal-scaffold": {
+            "file-mapping": {
+                "[web-root]/sites/default/default.settings.php": false
+            },
             "locations": {
                 "web-root": "web/"
             }

diff --git a/conf/cmi/.htaccess b/conf/cmi/.htaccess
@@ -0,0 +1,24 @@
+# Deny all requests from Apache 2.4+.
+<IfModule mod_authz_core.c>
+  Require all denied
+</IfModule>
+
+# Deny all requests from Apache 2.0-2.2.
+<IfModule !mod_authz_core.c>
+  Deny from all
+</IfModule>
+
+# Turn off all options we don't need.
+Options -Indexes -ExecCGI -Includes -MultiViews
+
+# Set the catch-all handler to prevent scripts from being executed.
+SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+<Files *>
+  # Override the handler again if we're run later in the evaluation list.
+  SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
+</Files>
+
+# If we know how to do it safely, disable the PHP engine entirely.
+<IfModule mod_php.c>
+  php_flag engine off
+</IfModule>
diff --git a/tools/make/Makefile b/tools/make/Makefile
@@ -0,0 +1,46 @@
+.DEFAULT_GOAL := help
+
+BUILD_TARGETS :=
+COMPOSER_JSON_PATH ?= .
+DRUIDFI_TOOLS_MAKE_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
+ENV := dev
+PACKAGE_JSON_PATH ?= .
+RUN_ON := host
+UNAME_S := $(shell uname -s)
+# Shorten with https://git.io/ : https://raw.githubusercontent.com/druidfi/tools/main/update.sh
+UPDATE_SCRIPT_URL := https://git.io/JP10q
+WEBROOT ?= public
+
+include $(DRUIDFI_TOOLS_MAKE_DIR)utils.mk
+
+# Include druidfi/tools make files
+include $(DRUIDFI_TOOLS_MAKE_DIR)include.mk
+
+PHONY += debug
+debug: ## Show debug information
+	@printf "\n$(YELLOW)Debug starts:$(NO_COLOR)\n\n"
+	$(call dbg,DOCKER,$(call has,docker))
+	$(call dbg,DOCKER_PROJECT_ROOT,$(DOCKER_PROJECT_ROOT))
+	$(call dbg,DOCKER_COMPOSE_YML_EXISTS,$(DOCKER_COMPOSE_YML_EXISTS))
+	$(call dbg,CLI_SERVICE,$(CLI_SERVICE))
+	$(call dbg,CLI_USER,$(if $(CLI_USER),$(CLI_USER),default user from CLI image))
+	$(call dbg,CLI_SHELL,${CLI_SHELL})
+	$(call dbg,ENV,${ENV})
+	$(call dbg,PHP on host,$(call has,php))
+	$(call dbg,PHP_BIN,$(shell command -v php || echo no))
+	$(call dbg,RUN_ON,${RUN_ON})
+	$(call dbg,Composer on host,$(call has,composer))
+	$(call dbg,COMPOSER_BIN,$(shell command -v composer || echo no))
+	$(call dbg,COMPOSER_JSON_EXISTS,${COMPOSER_JSON_EXISTS})
+	$(call dbg,IS_DRUPAL,${IS_DRUPAL})
+	$(call dbg,IS_SYMFONY,${IS_SYMFONY})
+	$(call dbg,LAGOON,${LAGOON})
+	$(call dbg,SYSTEM,${SYSTEM})
+	$(call dbg,WEBROOT,${WEBROOT})
+	$(call dbg,UNAME_S,${UNAME_S})
+ifeq ($(RUN_ON),docker)
+	@printf "\n${YELLOW}Assumption: We should run on Docker and not on host${NO_COLOR}\n"
+else
+	@printf "\n${YELLOW}Assumption: We should run on host and not on Docker${NO_COLOR}\n"
+endif
+	@printf "\n${GREEN}End of debug.${NO_COLOR}\n"
diff --git a/tools/make/ansible.mk b/tools/make/ansible.mk
@@ -0,0 +1,35 @@
+ANSIBLE_ROLES_PATH ?= ansible/roles
+ANSIBLE_CHECK_ROLE ?= geerlingguy.docker
+ANSIBLE_PLAYBOOK ?= ansible-playbook
+ANSIBLE_PROVISION ?= ansible/provision.yml
+ANSIBLE_REQUIREMENTS ?= ansible/requirements.yml
+ANSIBLE_FLAGS ?=
+
+PHONY += provision
+provision: $(ANSIBLE_ROLES_PATH)/$(ANSIBLE_CHECK_ROLE) ## Make provisioning
+	$(call step,Ansible: Make dry run on provisioning...\n)
+	@$(ANSIBLE_PLAYBOOK) $(ANSIBLE_PROVISION) $(ANSIBLE_FLAGS)
+
+PHONY += provision-%
+provision-%: $(ANSIBLE_ROLES_PATH)/$(ANSIBLE_CHECK_ROLE) ## Make provisioning by tag
+	$(call step,Ansible: Make provisioning by tag "$*"...\n)
+	@$(ANSIBLE_PLAYBOOK) $(ANSIBLE_PROVISION) --tags="$*" $(ANSIBLE_FLAGS)
+
+PHONY += provision-dry-run
+provision-dry-run: $(ANSIBLE_ROLES_PATH)/$(ANSIBLE_CHECK_ROLE) ## Make dry run on provisioning
+	$(call step,Ansible: Make dry run on provisioning...\n)
+	@$(ANSIBLE_PLAYBOOK) $(ANSIBLE_PROVISION) $(ANSIBLE_FLAGS) --check
+
+PHONY += ansible-install-roles
+ansible-install-roles: ## Install Ansible roles
+	$(call step,Ansible: Install Ansible roles...\n)
+	@ansible-galaxy install -r $(ANSIBLE_REQUIREMENTS) -p $(ANSIBLE_ROLES_PATH)
+
+PHONY += ansible-update-roles
+ansible-update-roles: ## Update Ansible roles
+	$(call step,Ansible: Update Ansible roles...\n)
+	@ansible-galaxy remove --roles-path=$(ANSIBLE_ROLES_PATH) $(shell find $(ANSIBLE_ROLES_PATH) -mindepth 1 -maxdepth 1 -type d -exec basename {} \;) || true
+	@ansible-galaxy install --force-with-deps --role-file=$(ANSIBLE_REQUIREMENTS) --roles-path=$(ANSIBLE_ROLES_PATH)
+
+$(ANSIBLE_ROLES_PATH)/$(ANSIBLE_CHECK_ROLE):
+	@$(MAKE) ansible-install-roles
diff --git a/tools/make/common.mk b/tools/make/common.mk
@@ -0,0 +1,75 @@
+ARTIFACT_INCLUDE_EXISTS := $(shell test -f conf/artifact/include && echo yes || echo no)
+ARTIFACT_EXCLUDE_EXISTS := $(shell test -f conf/artifact/exclude && echo yes || echo no)
+ARTIFACT_CMD := tar -hczf artifact.tar.gz
+DUMP_SQL_FILENAME ?= dump.sql
+DUMP_SQL_EXISTS := $(shell test -f $(DUMP_SQL_FILENAME) && echo yes || echo no)
+SSH_OPTS ?= -o LogLevel=ERROR -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+CLEAN_EXCLUDE := .idea $(DUMP_SQL_FILENAME) .env.local
+
+ifeq ($(ARTIFACT_EXCLUDE_EXISTS),yes)
+	ARTIFACT_CMD := $(ARTIFACT_CMD) --exclude-from=conf/artifact/exclude
+endif
+
+ifeq ($(ARTIFACT_INCLUDE_EXISTS),yes)
+	ARTIFACT_CMD := $(ARTIFACT_CMD) --files-from=conf/artifact/include
+else
+	ARTIFACT_CMD := $(ARTIFACT_CMD) *
+endif
+
+PHONY += artifact
+# This command can always be run on host
+artifact: RUN_ON := host
+artifact: ## Make tar.gz package from the current build
+	$(call step,Create artifact...\n)
+	@$(ARTIFACT_CMD)
+
+PHONY += build
+build: ## Build codebase(s)
+	$(call group_step,Build ($(ENV)):${NO_COLOR} $(BUILD_TARGETS))
+	@$(MAKE) $(BUILD_TARGETS) ENV=$(ENV)
+
+PHONY += build-dev
+build-dev: build
+
+PHONY += build-testing
+build-testing:
+	@$(MAKE) build ENV=testing
+
+PHONY += build-production
+build-production:
+	@$(MAKE) build ENV=production
+
+PHONY += clean
+clean: ## Cleanup
+	$(call step,Cleanup loaded files...\n)
+	@rm -rf vendor
+	@git clean -fdx $(foreach item,$(CLEAN_EXCLUDE),-e $(item))
+
+PHONY += self-update
+self-update: ## Self-update makefiles from druidfi/tools
+	$(call step,Update makefiles from druidfi/tools\n)
+	@bash -c "$$(curl -fsSL $(UPDATE_SCRIPT_URL))"
+
+PHONY += shell-%
+shell-%: OPTS = $(INSTANCE_$*_OPTS)
+shell-%: USER = $(INSTANCE_$*_USER)
+shell-%: HOST = $(INSTANCE_$*_HOST)
+shell-%: EXTRA = $(INSTANCE_$*_EXTRA)
+shell-%: ## Login to remote instance
+	ssh $(OPTS) $(USER)@$(HOST) $(EXTRA)
+
+PHONY += sync
+sync: ## Sync data from other environments
+	$(call group_step,Sync:$(NO_COLOR) $(SYNC_TARGETS))
+	@$(MAKE) $(SYNC_TARGETS) ENV=$(ENV)
+
+PHONY += gh-download-dump
+gh-download-dump: GH_FLAGS += $(if $(GH_ARTIFACT),-n $(GH_ARTIFACT),-n latest-dump)
+gh-download-dump: GH_FLAGS += $(if $(GH_REPO),-R $(GH_REPO),)
+gh-download-dump: ## Download database dump from repository artifacts
+	$(call step,Download database dump from repository artifacts\n)
+ifeq ($(DUMP_SQL_EXISTS),no)
+	$(call run,gh run download $(strip $(GH_FLAGS)),Downloaded $(DUMP_SQL_FILENAME),Failed)
+else
+	@echo "There is already $(DUMP_SQL_FILENAME)"
+endif
diff --git a/tools/make/composer.mk b/tools/make/composer.mk
@@ -0,0 +1,32 @@
+BUILD_TARGETS += composer-install
+COMPOSER_PROD_FLAGS := --no-dev --optimize-autoloader --prefer-dist
+
+PHONY += composer-info
+composer-info: ## Composer info
+	$(call step,Do Composer info...\n)
+	$(call composer,info)
+
+PHONY += composer-update
+composer-update: ## Update Composer packages
+	$(call step,Do Composer update...\n)
+	$(call composer,update)
+
+PHONY += composer-install
+composer-install: ## Install Composer packages
+	$(call step,Do Composer install...\n)
+	$(call composer,install$(if $(filter production,$(ENV)), $(COMPOSER_PROD_FLAGS),))
+
+PHONY += composer-outdated
+composer-outdated: ## Show outdated Composer packages
+	$(call step,Show outdated Composer packages...\n)
+	$(call composer,outdated --direct)
+
+ifeq ($(RUN_ON),docker)
+define composer
+	$(call docker_compose_exec,composer --ansi$(if $(filter $(COMPOSER_JSON_PATH),.),, --working-dir=$(COMPOSER_JSON_PATH)) $(1))
+endef
+else
+define composer
+	@composer --ansi$(if $(filter $(COMPOSER_JSON_PATH),.),, --working-dir=$(COMPOSER_JSON_PATH)) $(1)
+endef
+endif