INFRA-517: Phase 2 #24
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why these changes are being introduced: The workflows do not need to permission to make any changes to the code itself, so we restrict to just `read-only`. How this addresses that need: * Add a line to each of the GHA workflows to restrict the workflow to just read-only permissions to the code in the repository. * Update the permissions for the job to allow GitHub Actions to interact with the OIDC endpoint Additionally, * Add a `temp/` directory to the .gitignore file so that it's possible to do some local work moving files around without worrying about content getting accidentally pushed to GitHub * Minor formatting changes to a few files Side effects of this change: None.
Why these changes are being introduced: After much testing, this captures the latest understanding of how to manage the installation of new premium plugins (e.g., those plugins that require a license key and that might make changes to the database). How this addresses that need: * Minor edits to old migration document * Update the How-To document for installing new premium plugins based on the experience in Dev1 and Stage-Workloads for the current attempt Side effects of this change: None. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/INFRA-517
Why these changes are being introduced: Phase 1 of the premium plugins installation is complete across Dev1, Stage-Workloads, and Prod-Workloads (that is, the plugin folders are installed in the container and the plugins are listed in the Plugin Directory in the UI, but they are not activated). The plugins have been manually activated in Stage & Prod, so any database schema changes are complete. As part of the testing, InnoCraft support let us know that the `CustomJsTracker` plugin (a Core plugin) must be activated for the HeatmapSessionRecording and the UsersFlow plugins to work correctly (because both plugins actually make changes to the matomo.js and piwik.js files). How this addresses that need: * Update the Dockerfile to include the updated `matomo.js and `piwik.js` files (that are the result of activating the plugins); these files are written to the `/usr/src/matomo/` directory because the `entrypoint.sh` script is what actually creates the `/var/www/html/` directory when the container is launched * Update the `config.ini.php` file to correctly list all the plugins that exist in the `plugins/` directory and sort them alphabetically to make it easier to review them in the future * Update the `config.ini.php` file to include the `CustomJsTracker` as an activated plugin * Update the `config.ini.php` file to include the UsersFlow and HeatmapSessionRecording plugins as active plugins * Include the version of the `matomo.js` and `piwik.js` files that are generated by the new plugins Side effects of this change: None. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/INFRA-517
dhrutibc
approved these changes
May 6, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
config.ini.phpfile to activate the core ConfigJsTracker pluginconfig.ini.phpfile with the new plugins (HeatmapSessionRecording and UsersFlow)config.ini.phpfile by resorting the list of available plugins alphabetically to make them easier to review and ensure that all the plugins that exist in theplugins/directory are correctly listed in the available pluginsmatomo.jsandpiwik.jsfiles that are generated by activating the new premium plugins in thefiles/directoryDockerfileto install the updatedmatomo.jsandpiwik.jsfiles into the/usr/src/matomodirectory so that theentrypoint.shscript will put them in place in the/var/www/htmldirectory when the container is launchedread-onlyaccess to the repository (we don't want them to ever be allowed to change the code)Helpful background context
This is Phase 2 of the deployment of the new premium plugins. See the HOWTO-premium-plugins.md for details.
The testing in Dev and Stage revealed a few other things that needed some tweaking, so this is a slightly updated How-To and a slightly updated Phase 2.
How can a reviewer manually see the effects of these changes?
The Matomo instance in Dev1 does not have the license key for the two plugins, so it's not possible to view the updates there (we are only allowed two installations of the single license key and we use Stage and Prod for those). But, I did manually push this version of the container to Stage-Workloads before this PR to verify that everything was going to work smoothly, so it's possible to log in to the stage-matomo instance as an account with superuser privileges and see the activated plugins working correctly.
Includes new or updated dependencies?
YES: This does depend on the new plugins being activated once via the Matomo UI in order to trigger the database schema updates in each environment. This has been done in all three environments.
What are the relevant tickets?
Developer
Code Reviewer
(not just this pull request message)