From 6d29a9fee8255defbbb3e11e50bb923dbeb911cb Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Fri, 26 Jun 2026 13:30:01 +0000 Subject: [PATCH 1/3] Fix Drupal smoke template startup --- assets/default_settings.txt | 14 +++++++------- docker-compose.yml | 3 +++ scripts/init-entrypoint.sh | 4 ++++ scripts/init.sh | 23 ++++++++++++++++++++--- scripts/up.sh | 13 ++++++++++--- 5 files changed, 44 insertions(+), 13 deletions(-) diff --git a/assets/default_settings.txt b/assets/default_settings.txt index 6f184c5..c19a0df 100644 --- a/assets/default_settings.txt +++ b/assets/default_settings.txt @@ -23,8 +23,8 @@ $content_directories['sync'] = '/var/www/drupal/content/sync'; // Container environment variable path. $path = "/var/run/s6/container_environment/"; -$config['search_api.server.default_solr_server']['backend_config']['connector_config']['host'] = file_get_contents($path . 'DRUPAL_DEFAULT_SOLR_HOST'); -$config['search_api.server.default_solr_server']['backend_config']['connector_config']['port'] = file_get_contents($path . 'DRUPAL_DEFAULT_SOLR_PORT'); +$config['search_api.server.default_solr_server']['backend_config']['connector_config']['host'] = file_exists($path . 'DRUPAL_DEFAULT_SOLR_HOST') ? file_get_contents($path . 'DRUPAL_DEFAULT_SOLR_HOST') : 'solr'; +$config['search_api.server.default_solr_server']['backend_config']['connector_config']['port'] = file_exists($path . 'DRUPAL_DEFAULT_SOLR_PORT') ? file_get_contents($path . 'DRUPAL_DEFAULT_SOLR_PORT') : '8983'; $config['search_api.server.default_solr_server']['backend_config']['connector_config']['core'] = file_get_contents($path . 'DRUPAL_DEFAULT_SOLR_CORE'); $smtp_host = file_exists($path . 'LIBOPS_SMTP_HOST') ? trim(file_get_contents($path . 'LIBOPS_SMTP_HOST')) : 'host.docker.internal'; @@ -47,11 +47,11 @@ $settings['trusted_host_patterns'] = [ // Database settings are also derived from environment variables. $databases['default']['default'] = [ - 'database' => file_get_contents($path . 'DRUPAL_DEFAULT_DB_NAME'), - 'username' => file_get_contents($path . 'DRUPAL_DEFAULT_DB_USER'), - 'password' => file_get_contents($path . 'DRUPAL_DEFAULT_DB_PASSWORD'), - 'host' => file_get_contents($path . 'DB_MYSQL_HOST'), - 'port' => file_get_contents($path . 'DB_MYSQL_PORT'), + 'database' => file_get_contents($path . 'DB_NAME'), + 'username' => file_get_contents($path . 'DB_USER'), + 'password' => file_get_contents($path . 'DB_PASSWORD'), + 'host' => file_get_contents($path . 'DB_HOST'), + 'port' => file_get_contents($path . 'DB_PORT'), 'prefix' => '', 'driver' => 'mysql', 'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql', diff --git a/docker-compose.yml b/docker-compose.yml index 3c3247a..f77b935 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -85,7 +85,9 @@ services: DRUPAL_DEFAULT_NAME: "Drupal-Website" DRUPAL_DEFAULT_PROFILE: "minimal" DRUPAL_DEFAULT_SITE_URL: "${DOMAIN}" + DRUPAL_DEFAULT_SOLR_HOST: "solr" DRUPAL_DEFAULT_SOLR_CORE: "default" + DRUPAL_DEFAULT_SOLR_PORT: "8983" DRUSH_OPTIONS_URI: "${URI_SCHEME}://${DOMAIN}" NGINX_REAL_IP_RECURSIVE: ${REVERSE_PROXY} NGINX_SET_REAL_IP_FROM: ${FRONTEND_IP_1} @@ -100,6 +102,7 @@ services: - source: DB_ROOT_PASSWORD - source: DRUPAL_DEFAULT_ACCOUNT_PASSWORD - source: DRUPAL_DEFAULT_DB_PASSWORD + target: DB_PASSWORD - source: DRUPAL_DEFAULT_SALT - source: CERT_AUTHORITY - source: UID diff --git a/scripts/init-entrypoint.sh b/scripts/init-entrypoint.sh index 86610ee..15501ad 100755 --- a/scripts/init-entrypoint.sh +++ b/scripts/init-entrypoint.sh @@ -19,3 +19,7 @@ chmod +x /usr/local/bin/mkcert ./scripts/generate-certs.sh ./scripts/generate-secrets.sh + +if [ -n "${HOST_UID:-}" ]; then + chown -R "${HOST_UID}:${HOST_GID:-${HOST_UID}}" /certs /secrets +fi diff --git a/scripts/init.sh b/scripts/init.sh index 4b9a0a1..56eebea 100755 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -26,8 +26,25 @@ if command -v "sestatus" >/dev/null; then fi fi -docker compose run --rm init - -chown -R "$(whoami)" ./certs ./secrets > /dev/null 2>&1 || sudo chown -R "$(whoami)" ./certs ./secrets +host_uid="$(id -u)" +host_gid="$(id -g)" + +docker compose run --rm \ + -e HOST_UID="${host_uid}" \ + -e HOST_GID="${host_gid}" \ + init + +if [ "${host_uid}" -eq 0 ]; then + chown -R "${host_uid}:${host_gid}" ./certs ./secrets +else + unowned_path="$(find ./certs ./secrets ! -user "${host_uid}" -print -quit)" + if [ -n "${unowned_path}" ]; then + if command -v sudo > /dev/null 2>&1 && sudo -n true 2> /dev/null; then + sudo chown -R "${host_uid}:${host_gid}" ./certs ./secrets + else + echo "Could not change certs/secrets ownership without sudo; continuing after container-side ownership fix." >&2 + fi + fi +fi make build diff --git a/scripts/up.sh b/scripts/up.sh index 344f5af..352790c 100755 --- a/scripts/up.sh +++ b/scripts/up.sh @@ -48,8 +48,13 @@ if [ "$FINAL_PORT" != "$DEFAULT_P" ]; then URL="$URL:$FINAL_PORT" fi -export MAX_RETRIES=3 -WAIT_FOR_INSTALL=$(./scripts/ping.sh || echo "yes") +skip_public_ping="${SKIP_PUBLIC_PING:-false}" +if [ "${skip_public_ping}" = "true" ]; then + WAIT_FOR_INSTALL="yes" +else + export MAX_RETRIES=3 + WAIT_FOR_INSTALL=$(./scripts/ping.sh || echo "yes") +fi if [ "$WAIT_FOR_INSTALL" = "yes" ]; then echo "Site install in progress..." docker compose logs -f --since 20s drupal 2>&1 | { \ @@ -66,7 +71,9 @@ fi # The Drupal install log line can arrive slightly before Traefik can proxy a # successful request to the backend, so do one final readiness check before # announcing the URL or opening the browser. -./scripts/ping.sh > /dev/null 2>&1 +if [ "${skip_public_ping}" != "true" ]; then + MAX_RETRIES="${POST_INSTALL_MAX_RETRIES:-12}" ./scripts/ping.sh > /dev/null 2>&1 +fi echo "---------------------------------------------------" echo "🚀 Site available at: $URL" From a3b4c82b2b0daa2da784ce3058148e8f53a58859 Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Fri, 26 Jun 2026 19:42:13 -0400 Subject: [PATCH 2/3] rm old makefile commands --- Dockerfile | 4 +- Makefile | 30 +++-- scripts/build.sh | 10 -- scripts/sequelace.sh | 46 -------- scripts/status-traefik.sh | 165 --------------------------- scripts/status.sh | 78 ------------- scripts/traefik-http.sh | 19 --- scripts/traefik-https-letsencrypt.sh | 47 -------- scripts/traefik-https-mkcert.sh | 30 ----- 9 files changed, 21 insertions(+), 408 deletions(-) delete mode 100755 scripts/build.sh delete mode 100755 scripts/sequelace.sh delete mode 100755 scripts/status-traefik.sh delete mode 100755 scripts/status.sh delete mode 100755 scripts/traefik-http.sh delete mode 100755 scripts/traefik-https-letsencrypt.sh delete mode 100755 scripts/traefik-https-mkcert.sh diff --git a/Dockerfile b/Dockerfile index 11de742..106e972 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,9 @@ FROM ${BASE_IMAGE} ARG TARGETARCH -ENV COMPOSER_ALLOW_SUPERUSER=1 +ENV \ + COMPOSER_ALLOW_SUPERUSER=1 \ + COMPOSER_MEMORY_LIMIT=-1 WORKDIR /var/www/drupal COPY --link composer.json composer.lock /var/www/drupal/ diff --git a/Makefile b/Makefile index b38ba01..72f1798 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,9 @@ DEFAULT_HTTP=80 DEFAULT_HTTPS=443 +SITECTL ?= sitectl +SITECTL_CONTEXT ?= +SITECTL_ARGS := $(if $(SITECTL_CONTEXT),--context $(SITECTL_CONTEXT),) help: ## Show this help message echo 'Usage: make [target]' @@ -18,22 +21,24 @@ help: ## Show this help message awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " \033[36m%s\033[0m\t%s\n", $$1, $$2}' $(MAKEFILE_LIST) | sort | column -t -s $$'\t' status: ## Show the current status of the development environment - ./scripts/status.sh + $(SITECTL) $(SITECTL_ARGS) validate + $(SITECTL) $(SITECTL_ARGS) traefik ingress-status traefik-http: ## Switch to HTTP mode (default) - ./scripts/traefik-http.sh + $(SITECTL) $(SITECTL_ARGS) traefik tls http traefik-https-mkcert: ## Switch to HTTPS mode using mkcert self-signed certificates - ./scripts/traefik-https-mkcert.sh + $(SITECTL) $(SITECTL_ARGS) traefik tls mkcert traefik-https-letsencrypt: ## Switch to HTTPS mode using Let's Encrypt ACME - ./scripts/traefik-https-letsencrypt.sh + $(SITECTL) $(SITECTL_ARGS) traefik tls letsencrypt pull: - docker compose pull --ignore-buildable --ignore-pull-failures + $(SITECTL) $(SITECTL_ARGS) compose pull --ignore-buildable --ignore-pull-failures build: pull ## Build the drupal container - ./scripts/build.sh + id -u > ./certs/UID + $(SITECTL) $(SITECTL_ARGS) compose build lint: ## Lint custom Drupal code ./scripts/lint.sh @@ -48,25 +53,26 @@ up: ## Start docker compose project with smart port allocation ./scripts/up.sh up-%: ## Start a specific service (e.g., make up-drupal) - docker compose up $* -d + $(SITECTL) $(SITECTL_ARGS) compose up $* down: ## Stop/remove the docker compose project's containers and network. - docker compose down + $(SITECTL) $(SITECTL_ARGS) compose down down-%: ## Stop/remove a specific service (e.g., make down-traefik) - docker compose down $* + $(SITECTL) $(SITECTL_ARGS) compose stop $* + $(SITECTL) $(SITECTL_ARGS) compose rm -f $* logs-%: ## Look at logs for a specific service (e.g., make logs-drupal) - docker compose logs $* --tail 20 -f + $(SITECTL) $(SITECTL_ARGS) compose logs $* --tail 20 -f clean: ## Delete all stateful data. ./scripts/clean.sh ping: ## Ensure site is available. - ./scripts/ping.sh + $(SITECTL) $(SITECTL_ARGS) healthcheck rollout: ## Roll out the currently checked out Drupal stack. ./scripts/rollout.sh sequelace: - ./scripts/sequelace.sh + $(SITECTL) $(SITECTL_ARGS) sequelace diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100755 index 2ef5367..0000000 --- a/scripts/build.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -set -eou pipefail - -# shellcheck disable=SC1091 -source "$(dirname "${BASH_SOURCE[0]}")/profile.sh" - -id -u > ./certs/UID - -docker compose build --pull diff --git a/scripts/sequelace.sh b/scripts/sequelace.sh deleted file mode 100755 index acf0e70..0000000 --- a/scripts/sequelace.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env bash - -set -eou pipefail - -SEQUEL_ACE_PATH="/Applications/Sequel Ace.app" - -if [ ! -d "$SEQUEL_ACE_PATH" ]; then - echo "Error: Sequel Ace is not installed at $SEQUEL_ACE_PATH" >&2 - exit 1 -fi - -SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" -# shellcheck disable=SC1091 -source "${SCRIPT_DIR}/profile.sh" - -PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" -OVERRIDE_FILE="$PROJECT_ROOT/docker-compose.override.yaml" -if [ ! -f "$OVERRIDE_FILE" ] && [ -f "$PROJECT_ROOT/docker-compose.override.yml" ]; then - OVERRIDE_FILE="$PROJECT_ROOT/docker-compose.override.yml" -fi - -if [ ! -f "$OVERRIDE_FILE" ]; then - echo "${RED}Error: docker-compose.override.yaml does not exist.${RESET}" >&2 - echo "" >&2 - echo "To enable mariadb port mapping, run:" >&2 - echo -e "\t${BLUE}cp docker-compose.override-example.yaml docker-compose.override.yaml" >&2 - echo -e "\tmake up${RESET}" >&2 - exit 1 -fi - -# Check if mariadb has port 3306 mapped -if ! grep -A5 'mariadb:' "$OVERRIDE_FILE" | grep -q '3306:3306'; then - echo "${RED}Error: mariadb port 3306 is not mapped to host in docker-compose.override.yaml${RESET}" >&2 - echo "" >&2 - echo "To enable mariadb port mapping, run:" >&2 - echo -e "\t${BLUE}cp docker-compose.override-example.yaml docker-compose.override.yaml" >&2 - echo -e "\tmake up${RESET}" >&2 - exit 1 -fi - - -mariadb_db=drupal_default -mariadb_user=drupal_default -mariadb_password=$(cat secrets/DRUPAL_DEFAULT_DB_PASSWORD) - -open "mysql://${mariadb_user}:${mariadb_password}@127.0.0.1:3306/${mariadb_db}" -a "$SEQUEL_ACE_PATH" diff --git a/scripts/status-traefik.sh b/scripts/status-traefik.sh deleted file mode 100755 index 8295305..0000000 --- a/scripts/status-traefik.sh +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC1091 -source "$(dirname "${BASH_SOURCE[0]}")/profile.sh" - -print_traefik_make_helpers() { - printf "\tThere are some make commands you can run to get traefik configured correctly\n" - make help | grep traefik | sed 's/^/\t/' - echo -} - -echo_e "${BLUE}--- Traefik Status ---${RESET}" - -# --- Port Binding --- -echo "" -HTTP_PORT=$(find_port 80) -HTTPS_PORT=$(find_port 443) -echo_e "HTTP port: ${GREEN}${HTTP_PORT}${RESET}" -echo_e "HTTPS port: ${GREEN}${HTTPS_PORT}${RESET}" -if is_using_non_standard_ports; then - echo_e "(${BLUE}Default ports 80/443 were occupied, so the next available ports were chosen.${RESET})" -fi - -echo_e "DOMAIN: ${GREEN}${DOMAIN}${RESET}" -echo_e "URL: ${GREEN}${URI_SCHEME}://${DOMAIN}${RESET}" -echo_e "TLS_PROVIDER: ${GREEN}${TLS_PROVIDER}${RESET}" -if is_acme_enabled; then - color=$GREEN - if is_acme_using_default_email; then - color=$RED - fi - echo_e "ACME_EMAIL: ${color}${ACME_EMAIL}${RESET}" -fi - -# Check 1: Traefik Container Status -if ! docker compose ps traefik | grep -q "traefik"; then - echo_e "${RED}Traefik container is not running.${RESET}" -else - TRAEFIK_STATUS= - if command -v jq &> /dev/null; then - HEALTH=$(docker compose ps traefik --format=json | jq -r .Health) - color=$RED - if [ "$HEALTH" = "healthy" ]; then - color=$GREEN - fi - TRAEFIK_STATUS=" and ${color}healthy${RESET}" - fi - echo_e "${GREEN}Traefik container is running${RESET}${TRAEFIK_STATUS}" - -fi - -# Check 2: DNS Resolution -RESOLVED_IP="not_found" -if command -v dig &> /dev/null; then - RESOLVED_IP=$(dig +short "$DOMAIN" | tail -n1) -elif command -v nslookup &> /dev/null; then - RESOLVED_IP=$(nslookup "$DOMAIN" | awk '/^Address: / { print $2 }' | tail -n1) -fi - -if [ -z "$RESOLVED_IP" ]; then - RESOLVED_IP="not_found" -fi - -if [ "$RESOLVED_IP" = "not_found" ]; then - echo_e "${RED}Domain: Could not resolve domain '$DOMAIN'.${RESET}" -else - echo_e "Domain ${BLUE}$DOMAIN${RESET} resolves to: ${GREEN}${RESOLVED_IP}${RESET}" -fi - -if is_dev_mode && [ "$RESOLVED_IP" != "127.0.0.1" ] && [ "$RESOLVED_IP" != "not_found" ]; then - echo_e "\t${YELLOW}DNS Mismatch${RESET}: ${RED}DEVELOPMENT_ENVIRONMENT=true${RESET}, but ${RED}DOMAIN=$DOMAIN${RESET} does not resolve to 127.0.0.1" - echo_e "\tThis is expected if you are developing on a remote VM." - echo_e "\tIf this is a local setup, your DNS or DOMAIN may be misconfigured\n" -fi - -if is_prod_mode && [ "$RESOLVED_IP" = "127.0.0.1" ]; then - print_warning_header - echo_e "\t${YELLOW}DNS Misconfiguration${RESET}: ${RED}DEVELOPMENT_ENVIRONMENT=false${RESET}, but ${RED}DOMAIN=$DOMAIN${RESET} resolves to 127.0.0.1" - echo_e "\tProduction environments should not use localhost/127.0.0.1." - echo_e "\tUpdate DOMAIN in .env to your actual production domain name\n" -fi - -# Check 1: Mismatched HTTPS/URI Scheme -if is_tls_http_uri_mismatch; then - print_warning_header - echo_e "\t${YELLOW}Mismatched Configuration${RESET}: ENABLE_HTTPS=${RED}true${RESET}, but URI_SCHEME=${RED}http${RESET}" - print_traefik_make_helpers -fi - -if is_http_tls_uri_mismatch; then - print_warning_header - echo_e "\t${YELLOW}Mismatched Configuration${RESET}: ENABLE_HTTPS=${RED}false${RESET}, but URI_SCHEME=${RED}https${RESET}" - print_traefik_make_helpers -fi - -# Check 2: ACME in Development -if is_dev_mode && is_https_enabled && is_acme_enabled; then - print_warning_header - echo_e "\t${YELLOW}Insecure Configuration${RESET}: DEVELOPMENT_ENVIRONMENT=${RED}true${RESET} and TLS_PROVIDER=${RED}letsencrypt${RESET}" - echo_e "\tThis is unusual for local development unless you are on a remote VM" - echo_e "\tYou should not set DEVELOPMENT_ENVIRONMENT=true on production VMs to ensure the container filesystem is read only\n" -fi - -# Check 3: HTTP in Production -if is_prod_mode && ! is_https_enabled; then - print_warning_header - echo_e "\t${YELLOW}Insecure Configuration: You are in production mode with traffic accepted over HTTP${RESET}" - echo_e "\tThis should only be done if ISLE is behind a secure reverse proxy." - echo_e "\tTo configure a reverse proxy, set REVERSE_PROXY=on and define FRONTEND_IP variables in your .env file." - echo_e "\tThe network between your site and the frontend should be encrypted in transit.\n" -fi - -# --- Helper Text Logic --- -if is_prod_mode && is_https_enabled; then - if is_acme_enabled; then - if is_acme_using_default_email; then - print_warning_header - echo_e "\t${YELLOW}Bad default setting{$RESET}: ${RED}ACME_EMAIL=postmaster@example.com${RESET}" - echo_e "\tUpdate it to a real email for certificate issuance\n" - fi - else - print_warning_header - echo_e "\t${YELLOW}ACME is disabled${RESET} To get valid certificates, you should either:" - echo_e "\t1. Enable ACME (make traefik-https-letsencrypt) and configure ACME_EMAIL in .env" - echo_e "\t2. Place your public (cert.pem) and private (privkey.pem) certificates in the ./certs/ directory and set TLS_PROVIDER=self-managed in .env" - fi -fi - -# Check 4: Certificate validation -if is_https_enabled && [ -f certs/cert.pem ]; then - if command -v openssl &> /dev/null; then - # Check certificate expiration - if ! openssl x509 -noout -checkend 0 -in certs/cert.pem &>/dev/null; then - print_warning_header - echo_e "\t${RED}Certificate Expired${RESET}: The SSL certificate in certs/cert.pem has expired" - EXPIRY_DATE=$(openssl x509 -noout -enddate -in certs/cert.pem 2>/dev/null | cut -d= -f2) - echo_e "\tExpired on: $EXPIRY_DATE" - echo_e "\tRegenerate the certificate or obtain a new one.\n" - elif ! openssl x509 -noout -checkend 604800 -in certs/cert.pem &>/dev/null; then - # Certificate expires within 7 days (604800 seconds) - print_warning_header - EXPIRY_DATE=$(openssl x509 -noout -enddate -in certs/cert.pem 2>/dev/null | cut -d= -f2) - echo_e "\t${YELLOW}Certificate Expiring Soon${RESET}: The SSL certificate will expire within 7 days" - echo_e "\tExpires on: $EXPIRY_DATE" - echo_e "\tConsider renewing the certificate soon.\n" - fi - - # Extract SANs from certificate - CERT_SANS=$(openssl x509 -noout -text -in certs/cert.pem 2>/dev/null | grep -A1 "Subject Alternative Name" | tail -n1 || echo "") - - if [ -n "$CERT_SANS" ]; then - # Check if DOMAIN appears in the SANs (accounting for DNS: prefix) - if ! echo "$CERT_SANS" | grep -q "DNS:$DOMAIN" && ! echo "$CERT_SANS" | grep -q " $DOMAIN"; then - print_warning_header - echo_e "\t${YELLOW}Certificate Domain Mismatch${RESET}: ${RED}DOMAIN=$DOMAIN${RESET} is not in certificate SANs" - echo_e "\tCertificate is valid for: ${CERT_SANS//DNS:/}" - echo_e "\tEither update DOMAIN in .env to match the certificate, or regenerate the certificate.\n" - fi - fi - fi -fi - -echo diff --git a/scripts/status.sh b/scripts/status.sh deleted file mode 100755 index 9aaaafa..0000000 --- a/scripts/status.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC1091 -source "$(dirname "${BASH_SOURCE[0]}")/profile.sh" - -echo_e "${BLUE}--- General Status ---${RESET}" - -if is_dev_mode; then - echo_e "Site mode: ${GREEN}Development${RESET}" -elif is_prod_mode; then - echo_e "Site mode: ${GREEN}Production${RESET}" -else - echo_e "Site mode: ${RED}Unknown${RESET} (DEVELOPMENT_ENVIRONMENT is not set to 'true' or 'false' in .env)" -fi - -echo_e "COMPOSE_PROJECT_NAME: ${GREEN}${COMPOSE_PROJECT_NAME}${RESET}" - -if is_dev_mode && is_docker_rootless; then - print_warning_header - echo_e "\t${RED}Docker Security: rootless${RESET}" - echo_e "\tYou appear to be running docker in rootless mode." - echo_e "\tYou must set DEVELOPMENT_ENVIRONMENT=false in .env\n" -fi - -# --- Docker Override Check --- -if is_dev_mode && has_no_docker_override; then - print_warning_header - echo_e "\t${YELLOW}Mount Drupal extension paths into the Drupal container for local development${RESET}" - echo -e "\tFor easier local development, you can copy the sample docker-compose override file." - echo -e "\tThis allows you to mount local Drupal modules, themes, config, and assets into the container." - echo -e "\tTo do so you can run the following command:" - echo_e "\t${BLUE}cp docker-compose.override-example.yaml docker-compose.override.yaml${RESET}" - echo_e "\tAnd then run ${BLUE}make up${RESET} for the changes to apply.\n" -fi - - -if [ "${COMPOSE_PROJECT_NAME}" = "isle-site-template" ]; then - print_warning_header - echo_e "\t${YELLOW}Update COMPOSE_PROJECT_NAME in .env${RESET}" - echo -e "\tDocker Compose uses this name to prefix containers, networks, and volumes." - echo -e "\tRunning multiple projects with the same name on one machine will cause conflicts." - echo -e "\tThis is mostly relevant for development environments that may have multiple ISLE sites" - echo -e "\tBut may also be a concern is a single host serves multiple ISLE sites." - echo -e "\tEnsure this value is unique if you run other Docker Compose projects.\n" -fi - -if [ ! -f secrets/JWT_PRIVATE_KEY ]; then - print_warning_header - echo_e "\t${RED}Missing JWT Private Key${RESET}: secrets/JWT_PRIVATE_KEY not found" - echo -e "\tGenerate JWT keys for authentication to work properly.\n" -elif [ ! -f secrets/JWT_PUBLIC_KEY ]; then - print_warning_header - echo_e "\t${RED}Missing JWT Public Key${RESET}: secrets/JWT_PUBLIC_KEY not found" - echo -e "\tGenerate JWT keys for authentication to work properly.\n" -elif command -v openssl &> /dev/null; then - EXTRACTED_PUBLIC=$(openssl rsa -in secrets/JWT_PRIVATE_KEY -pubout 2>/dev/null || echo "EXTRACT_FAILED") - STORED_PUBLIC=$(cat secrets/JWT_PUBLIC_KEY 2>/dev/null || echo "READ_FAILED") - - if [ "$EXTRACTED_PUBLIC" = "EXTRACT_FAILED" ]; then - print_warning_header - echo_e "\t${RED}Invalid JWT Private Key${RESET}: Cannot read secrets/JWT_PRIVATE_KEY" - echo_e "\tThe private key file may be corrupted or in wrong format.\n" - elif [ "$STORED_PUBLIC" = "READ_FAILED" ]; then - print_warning_header - echo_e "\t${RED}Cannot Read JWT Public Key${RESET}: Failed to read secrets/JWT_PUBLIC_KEY\n" - elif [ "$EXTRACTED_PUBLIC" != "$STORED_PUBLIC" ]; then - print_warning_header - echo_e "\t${RED}JWT Key Mismatch${RESET}: Public and private keys do not match" - echo_e "\tThe public key in secrets/JWT_PUBLIC_KEY does not correspond to the private key." - echo_e "\tRegenerate both keys or ensure they are a matching pair.\n" - else - echo_e "JWT key pair: ${GREEN}Valid${RESET}: secrets/JWT_PUBLIC_KEY and secrets/JWT_PRIVATE_KEY match\n" - fi -fi - -./scripts/status-traefik.sh diff --git a/scripts/traefik-http.sh b/scripts/traefik-http.sh deleted file mode 100755 index a993f6e..0000000 --- a/scripts/traefik-http.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC1091 -source "$(dirname "${BASH_SOURCE[0]}")/profile.sh" - -echo "${BLUE}Switching to HTTP mode...${RESET}" - -sed -i.bak 's/^ENABLE_HTTPS=.*/ENABLE_HTTPS="false"/' .env && rm -f .env.bak -sed -i.bak 's/^URI_SCHEME=.*/URI_SCHEME="http"/' .env && rm -f .env.bak -sed -i.bak 's/^ENABLE_ACME=.*/ENABLE_ACME="false"/' .env && rm -f .env.bak - -set_https "false" -set_letsencrypt_config "false" - -echo "Site will be available at: ${GREEN}${URI_SCHEME}://${DOMAIN}${RESET}" -echo "Run this for the changes to take effect:" -echo "${BLUE}make down-traefik up${RESET}" diff --git a/scripts/traefik-https-letsencrypt.sh b/scripts/traefik-https-letsencrypt.sh deleted file mode 100755 index acb7190..0000000 --- a/scripts/traefik-https-letsencrypt.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC1091 -source "$(dirname "${BASH_SOURCE[0]}")/profile.sh" - -if is_wsl; then - echo "${RED}Error: letsencrypt is not supported using WSL.${RESET}" - exit 1 -fi - -echo "Switching to HTTPS mode with ACME (Let's Encrypt)..." -echo - -# Get current values from .env -CURRENT_DOMAIN=$(grep '^DOMAIN=' .env | cut -d= -f2) -CURRENT_EMAIL=$(grep '^ACME_EMAIL=' .env | cut -d= -f2) - -# Prompt for DOMAIN -read -r -p "Enter domain name (current: ${CURRENT_DOMAIN}): " NEW_DOMAIN -NEW_DOMAIN=${NEW_DOMAIN:-$CURRENT_DOMAIN} - -# Prompt for ACME_EMAIL -read -r -p "Enter email for Let's Encrypt notifications (current: ${CURRENT_EMAIL}): " NEW_EMAIL -NEW_EMAIL=${NEW_EMAIL:-$CURRENT_EMAIL} - -echo -echo "Updating .env with:" -echo " ${GREEN}URI_SCHEME=https" -echo " DOMAIN=${NEW_DOMAIN}" -echo " ACME_EMAIL=${NEW_EMAIL}" -echo " URI_SCHEME=http" -echo " DEVELOPMENT_ENVIRONMENT=false${RESET}" -echo - -# Update .env file -sed -i.bak 's|^DEVELOPMENT_ENVIRONMENT=.*|DEVELOPMENT_ENVIRONMENT="false"|' .env && rm -f .env.bak -sed -i.bak "s|^DOMAIN=.*|DOMAIN=${NEW_DOMAIN}|" .env && rm -f .env.bak -sed -i.bak "s|^ACME_EMAIL=.*|ACME_EMAIL=${NEW_EMAIL}|" .env && rm -f .env.bak - -set_https "true" -set_letsencrypt_config "true" - -echo "Site will be available at: ${GREEN}${URI_SCHEME}://${DOMAIN}${RESET}" -echo "Run this for the changes to take effect:" -echo "${BLUE}make down-traefik up${RESET}" diff --git a/scripts/traefik-https-mkcert.sh b/scripts/traefik-https-mkcert.sh deleted file mode 100755 index 458306e..0000000 --- a/scripts/traefik-https-mkcert.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC1091 -source "$(dirname "${BASH_SOURCE[0]}")/profile.sh" - -if is_wsl; then - echo "${RED}Error: mkcert is not supported using WSL. Stay on http for local development.${RESET}" - exit 0 -fi - -echo "${BLUE}Switching to HTTPS mode with mkcert...${RESET}" - -# Update .env file -sed -i.bak 's/^URI_SCHEME=.*/URI_SCHEME="https"/' .env && rm -f .env.bak -sed -i.bak 's/^TLS_PROVIDER=.*/TLS_PROVIDER="self-managed"/' .env && rm -f .env.bak -set_https "true" -set_letsencrypt_config "false" - -PROGDIR=$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)") -readonly PROGDIR -"${PROGDIR}/scripts/generate-certs.sh" - -echo "" -echo "${GREEN}Done! HTTPS mode enabled with mkcert certificates.${RESET}" -echo "Site will be available at: ${GREEN}${URI_SCHEME}://${DOMAIN}${RESET}" -echo "" -echo "Run this for the changes to take effect:" -echo "${BLUE}make down-traefik up${RESET}" From 583314c02c5b06d9b0c64cb3b850fd413cfa6f08 Mon Sep 17 00:00:00 2001 From: Joe Corall Date: Fri, 26 Jun 2026 19:42:53 -0400 Subject: [PATCH 3/3] Delete .github/workflows/sitectl-create-smoke-test.yaml --- .../workflows/sitectl-create-smoke-test.yaml | 28 ------------------- 1 file changed, 28 deletions(-) delete mode 100644 .github/workflows/sitectl-create-smoke-test.yaml diff --git a/.github/workflows/sitectl-create-smoke-test.yaml b/.github/workflows/sitectl-create-smoke-test.yaml deleted file mode 100644 index 7f06f54..0000000 --- a/.github/workflows/sitectl-create-smoke-test.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: sitectl-create-smoke-test - -on: - push: - pull_request: - workflow_dispatch: - -permissions: - contents: read - -concurrency: - group: sitectl-create-smoke-test-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - create: - name: sitectl create drupal ${{ matrix.create_definition }} - strategy: - fail-fast: false - matrix: - include: - - create_definition: default - create_args: "" - uses: libops/.github/.github/workflows/sitectl-create-smoke-test.yaml@main - with: - plugin: drupal - create-definition: ${{ matrix.create_definition }} - create-args: ${{ matrix.create_args }}