diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml index 02a905e..2f66f83 100644 --- a/.github/workflows/dev-build.yml +++ b/.github/workflows/dev-build.yml @@ -1,9 +1,10 @@ ### This is the Terraform-generated dev-build.yml workflow for the ### ### docker-matomo-dev app repository. ### -### If this is a Lambda repo, uncomment the FUNCTION line at the end of the ### -### document. If the container requires any additional pre-build commands, ### -### uncomment and edit the PREBUILD line at the end of the document. ### name: Dev Container Build and Deploy + +# checkov:skip=CKV2_GHA_1:The shared workflow contains the permissions constraints +# NOTE: The above checkov skip command doesn't actually work and this workflow +# will always show a checkov warning. on: workflow_dispatch: pull_request: @@ -12,21 +13,12 @@ on: paths-ignore: - '.github/**' -permissions: read-all - jobs: deploy: - # These permissions are needed to interact with GitHub's OIDC Token endpoint. - permissions: - id-token: write - contents: read - name: Dev Container Deploy - uses: mitlibraries/.github/.github/workflows/ecr-shared-deploy-dev.yml@main + uses: mitlibraries/.github/.github/workflows/ecr-shared-deploy-dev.yml@INFRA-526 secrets: inherit with: AWS_REGION: "us-east-1" GHA_ROLE: "docker-matomo-gha-dev" ECR: "docker-matomo-dev" - # FUNCTION: "" - # PREBUILD: diff --git a/.github/workflows/prod-promote.yml b/.github/workflows/prod-promote.yml index 40d7675..d1741d1 100644 --- a/.github/workflows/prod-promote.yml +++ b/.github/workflows/prod-promote.yml @@ -1,24 +1,21 @@ ### This is the Terraform-generated prod-promote.yml workflow for the ### ### docker-matomo-prod repository. ### -### If this is a Lambda repo, uncomment the FUNCTION line at the end of the ### -### document. ### + name: Prod Container Promote + +# checkov:skip=CKV2_GHA_1:The shared workflow contains the permissions constraints +# NOTE: The above checkov skip command doesn't actually work and this workflow +# will always show a checkov warning. + on: workflow_dispatch: release: types: [published] -permissions: read-all - jobs: deploy: - # These permissions are needed to interact with GitHub's OIDC Token endpoint. - permissions: - id-token: write - contents: read - name: Prod Container Promote - uses: mitlibraries/.github/.github/workflows/ecr-shared-promote-prod.yml@main + uses: mitlibraries/.github/.github/workflows/ecr-shared-promote-prod.yml@INFRA-526 secrets: inherit with: AWS_REGION: "us-east-1" diff --git a/.github/workflows/stage-build.yml b/.github/workflows/stage-build.yml index bab5ad8..f7a5fc7 100644 --- a/.github/workflows/stage-build.yml +++ b/.github/workflows/stage-build.yml @@ -1,9 +1,11 @@ ### This is the Terraform-generated dev-build.yml workflow for the ### ### docker-matomo-stage app repository. ### -### If this is a Lambda repo, uncomment the FUNCTION line at the end of the ### -### document. If the container requires any additional pre-build commands, ### -### uncomment and edit the PREBUILD line at the end of the document. ### name: Stage Container Build and Deploy + +# checkov:skip=CKV2_GHA_1:The shared workflow contains the permissions constraints +# NOTE: The above checkov skip command doesn't actually work and this workflow +# will always show a checkov warning. + on: workflow_dispatch: push: @@ -12,21 +14,13 @@ on: paths-ignore: - '.github/**' -permissions: read-all - jobs: deploy: - # These permissions are needed to interact with GitHub's OIDC Token endpoint. - permissions: - id-token: write - contents: read - name: Stage Container Deploy - uses: mitlibraries/.github/.github/workflows/ecr-shared-deploy-stage.yml@main + uses: mitlibraries/.github/.github/workflows/ecr-shared-deploy-stage.yml@INFRA-526 secrets: inherit with: AWS_REGION: "us-east-1" GHA_ROLE: "docker-matomo-gha-stage" ECR: "docker-matomo-stage" - # FUNCTION: "" - # PREBUILD: + diff --git a/Dockerfile b/Dockerfile index 2c62177..69eb01e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM matomo:5.3.1 +FROM matomo:5.3.2 # checkov:skip=CKV_DOCKER_2:Skipping HEALTHCHECK configuration for now - # checkov:skip=CKV_DOCKER_3:Intentionally using root for the user + # checkov:skip=CKV_DOCKER_3:The container actually runs as www-data user # Add the EnvironmentVariables plugin COPY ./files/plugin-EnvironmentVariables-5.0.3/ /var/www/html/plugins/EnvironmentVariables diff --git a/docs/HowTos/HOWTO-activate-TagManager.md b/docs/HowTos/HOWTO-activate-TagManager.md new file mode 100644 index 0000000..427a7cc --- /dev/null +++ b/docs/HowTos/HOWTO-activate-TagManager.md @@ -0,0 +1,21 @@ +# TagManager core plugin activation + +Turns out that the TagManager core plugin needs some extra care and attention if it wasn't initially enabled when first starting with Matomo. Attempting to activate it the usual way causes Matomo to break. + +This GitHub Issue documents that problem and provides a simple (but strange) solution: + +* [Issue: Can't install TagManager plugin because table _tagmanager_container is missing](https://github.com/matomo-org/matomo/issues/19474) + +For our container-based deploy, this means + +1. connect to the running container +1. ensure that a simple text editor is available in the container +1. deactivate the TagManager plugin: `./console plugin:deactivate TagManager` +1. edit the config/config.ini.php file to remove the `PluginsInstalled[] = "TagManager"` line +1. run the `core:update` command: `./console core:update` (nothing should happen) +1. activate the TagManager plugin: `./console plugin:activate TagManager` +1. run the `core:update` command again: `./console core:update` (nothing should happen) + +The appropriate updates to the database will now be in place. + +At this point, proceed with updates to this repository by updating the `config.ini.php` file to match the file from the container. diff --git a/files/config.ini.php b/files/config.ini.php index 85d1818..3854dee 100644 --- a/files/config.ini.php +++ b/files/config.ini.php @@ -96,6 +96,7 @@ Plugins[] = "CustomDimensions" Plugins[] = "FeatureFlags" Plugins[] = "MobileAppMeasurable" +Plugins[] = "TagManager" Plugins[] = "CustomVariables" Plugins[] = "EnvironmentVariables" Plugins[] = "HeatmapSessionRecording"