Merge branch 'release/v3.9.0'

Author: dlen

.gitignore

@@ -34,4 +34,6 @@ src
 .ruby-version
 
 .bundle
-docker-compose/.env
+
+# docker compose specific
+dev/.env

CHANGELOG.md

@@ -2,7 +2,22 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.8.1...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.9.0...HEAD)
+
+## [3.9.0](https://github.com/passbolt/passbolt_docker/compare/v3.8.1...v3.9.0) - 2023-01-31
+
+### Changed
+
+- Now environment is dumped during entrypoint script running instead of during cron runs
+- Migrations are executed without clearing the cache by default and only core and model caches are cleared.
+
+### Added
+
+- Development only: Configuration for xdebug to ease working with IDES
+
+### Fixed
+
+- Ports for rootless version pointing to 4433 on docker-compose files
 
 ## [3.8.1](https://github.com/passbolt/passbolt_docker/compare/v3.8.0...v3.8.1) - 2023-01-18
 

Gemfile.lock

@@ -6,7 +6,7 @@ GEM
     docker-api (2.2.0)
       excon (>= 0.47.0)
       multi_json
-    excon (0.97.0)
+    excon (0.98.0)
     method_source (1.0.0)
     multi_json (1.15.0)
     net-scp (4.0.0)
@@ -29,7 +29,7 @@ GEM
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.12.2)
+    rspec-mocks (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.0)
@@ -39,7 +39,7 @@ GEM
       rspec-its
       specinfra (~> 2.72)
     sfl (2.3)
-    specinfra (2.84.0)
+    specinfra (2.84.1)
       net-scp
       net-ssh (>= 2.7)
       net-telnet (= 0.1.1)
@@ -55,4 +55,4 @@ DEPENDENCIES
   serverspec
 
 BUNDLED WITH
-   2.4.1
+   2.4.5

README.md

@@ -180,14 +180,6 @@ $ export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(su -c "gpg --homedir $GNUPGHOME
 $ bin/cake passbolt healthcheck
 ```
 
-## CI passbolt Docker images building
-
-In order to pull custom images from the Gitlab registry, you need to set this variables and assuming you are not using a self-hosted gitlab instance:
-
-REGISTRY_USERNAME=<username>
-REGISTRY_PASSWORD=<password>
-REGISTRY_EMAIL=<email>
-
 ## Docker secrets support
 
 As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/<secret_name> files. For example:
@@ -210,3 +202,9 @@ This feature is only supported for:
 - PASSBOLT_SSL_SERVER_KEY_FILE that points to /etc/ssl/certs/certificate.key
 - PASSBOLT_GPG_SERVER_KEY_PRIVATE_FILE that points to /etc/passbolt/gpg/serverkey_private.asc
 - PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE that points to /etc/passbolt/gpg/serverkey.asc
+
+## Develop on Passbolt
+
+This repository also provides a way to quickly setup Passbolt for development purposes. This way should never be used in production, as this would be unsafe.
+You can use the docker-compose files under [docker-compose/](./docker-compose/) to spin up Passbolt for production using docker compose.
+If you would like to setup Passbolt for development purposes, please follow the steps described [here](./dev/README.md).

conf/supervisor/cron.conf

@@ -1,5 +1,5 @@
 [program:cron]
-command=/bin/bash -c "declare -p | grep -Ev 'BASHOPTS|BASH_VERSINFO|EUID|PPID|SHELLOPTS|UID' > /etc/environment; cron -f -l"
+command=cron -f -l
 autostart=true
 priority=20
 stdout_logfile=/dev/stdout

conf/xdebug.ini

@@ -0,0 +1,8 @@
+zend_extension=xdebug
+
+[xdebug]
+xdebug.mode=develop,debug
+xdebug.client_host=host.docker.internal
+xdebug.start_with_request=yes
+xdebug.client_port=9003
+xdebug.log=/var/log/xdebug.log

debian/Dockerfile.rootless

@@ -75,7 +75,10 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/sites-enabled/nginx-passbolt.
     && touch /var/www/.profile \
     && chown www-data:www-data /var/www/.profile \
     && sed -i 's,www-data\s,,' /etc/cron.d/$PASSBOLT_PKG \
-    && sed -i "s,__PASSBOLT_PACKAGE__,$PASSBOLT_PKG," /etc/supervisor/conf.d/cron.conf
+    && sed -i "s,__PASSBOLT_PACKAGE__,$PASSBOLT_PKG," /etc/supervisor/conf.d/cron.conf \
+    && touch /etc/environment \
+    && chown www-data:www-data /etc/environment \
+    && chmod 600 /etc/environment 
 
 COPY conf/supervisor/nginx.conf /etc/supervisor/conf.d/nginx.conf
 COPY conf/supervisor/php.conf /etc/supervisor/conf.d/php.conf

docker-compose/.env.example dev/.env.exampledocker-compose/.env.example renamed to dev/.env.example

@@ -1,10 +1,10 @@
 FROM composer:2.4 AS composer
 
-FROM php:8-fpm
+FROM php:8.1-fpm
 
 LABEL maintainer="Passbolt SA <contact@passbolt.com>"
 
-ARG PASSBOLT_VERSION="3.2.1"
+ARG PASSBOLT_VERSION="3.8.3"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 ARG PASSBOLT_CURL_HEADERS=""
 ARG PASSBOLT_FLAVOUR="ce"
@@ -15,30 +15,33 @@ ARG PHP_EXTENSIONS="gd \
       pdo_mysql \
       opcache \
       xsl \
-      ldap"
+      ldap\
+      xdebug"
 
 ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
       redis \
-      mcrypt"
+      mcrypt\
+      xdebug"
 
 ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \
       libpng-dev \
       libjpeg62-turbo-dev \
       libicu-dev \
       libxslt1-dev \
       libmcrypt-dev \
+      libldap2-dev \
       libzip-dev \
-      zip \
       unzip \
-      libldap2-dev"
+      zip"
 
 ARG PASSBOLT_BASE_PACKAGES="nginx \
-         gnupg \
-         libgpgme11 \
-         libmcrypt4 \
-         mariadb-client \
-         supervisor \
-         cron"
+      git \
+      gnupg \
+      libgpgme11 \
+      libmcrypt4 \
+      mariadb-client \
+      supervisor \
+      cron"
 
 ENV PECL_BASE_URL="https://pecl.php.net/get"
 ENV PHP_EXT_DIR="/usr/src/php/ext"
@@ -78,11 +81,15 @@ RUN apt-get update \
     && mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" \
     && echo "* * * * * su -c \"source /etc/environment ; /var/www/passbolt/bin/cake EmailQueue.sender\" -s /bin/bash www-data >> /var/log/cron.log 2>&1" >> /etc/cron.d/passbolt_email \
     && crontab /etc/cron.d/passbolt_email \
-    && ln -s $(which php-fpm) $(which php-fpm)7.3
+    && ln -s $(which php-fpm) $(which php-fpm)7.3 \
+    && touch /var/log/xdebug.log \
+    && chown www-data:www-data /var/log/xdebug.log \
+    && chmod 664 /var/log/xdebug.log
 
 COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
 COPY conf/supervisor/*.conf /etc/supervisor/conf.d/
 COPY conf/supervisor/php-dev.conf /etc/supervisor/conf.d/php.conf
+COPY conf/xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
 COPY dev/bin/docker-entrypoint.sh /docker-entrypoint.sh
 COPY scripts/wait-for.sh /usr/bin/wait-for.sh
 

dev/Dockerfile

@@ -0,0 +1,113 @@
+```
+       ____                  __          ____          .-.
+      / __ \____  _____ ____/ /_  ____  / / /_    .--./ /      _.---.,
+     / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/     '-,  (__..-`       \
+    / ____/ /_/ (__  |__  ) /_/ / /_/ / / /_          \                |
+   /_/    \__,_/____/____/_,___/\____/_/\__/           `,.__.   ^___.-/
+                                                         `-./ .'...--`
+  The open source password manager for teams                `'
+  (c) 2023 Passbolt SA
+  https://www.passbolt.com
+```
+
+# Setting up a working development environment using docker
+
+Please note that these instructions are for setting a functional development environment only. Refer to the [installation guide](https://help.passbolt.com/hosting/install) if you want to use Passbolt securely to share passwords with your team.
+
+## Prerequisites
+  - [Git](https://git-scm.com/)
+  - [Docker](https://docs.docker.com/get-docker/) v20 or newer
+
+## Preparing Local Environment
+
+1. Clone the repos
+Fork the Passbolt API repository. Please read [Fork a repo](https://docs.github.com/en/get-started/quickstart/fork-a-repo?tool=webui) if you've never done this before.
+
+Clone the forked repository onto your local machine:
+```bash
+git clone git@github.com:<YOUR_FORK_HERE>/passbolt_api.git
+```
+
+In addition to the Passbolt API repository, you'll also require the [passbolt_docker](https://github.com/passbolt/passbolt_docker) repository to spin up the stack using docker compose.
+```bash
+git clone https://github.com/passbolt/passbolt_docker.git
+```
+
+2. Copy the initial app.php into a new one for passbolt_api (the new file will be used by the passbolt server)
+```
+cd passbolt_api
+cp config/app.default.php config/app.php
+```
+
+3. Run composer install to update all the dependencies. A new vendor directory will be created with all the required libraries
+```
+cd passbolt_api
+docker run --rm --interactive --tty --volume $PWD:/app composer install --ignore-platform-reqs
+```
+
+4. Map the passbolt.local to the localhost in the /etc/hosts
+```
+127.0.0.1   passbolt.local
+```
+
+5. Copy the .env.example file into .env and replace the PATH_TO_PASSBOLT_API variable with the path to the passbolt_api repository on your machine
+
+6. Spin-up the docker-compose containers (mariadb and passbolt server)
+```
+cd passbolt_docker
+docker-compose -f dev/docker-compose-dev.yml up -d
+```
+
+7. Create the first user (the administrator) by replacing the below command with your own data. More details [here](https://help.passbolt.com/hosting/install/ce/docker).
+```
+cd passbolt_docker
+docker-compose -f dev/docker-compose-ce.yaml exec passbolt /bin/bash -c \
+  'su -m -c "/var/www/passbolt/bin/cake passbolt register_user -u myuser@passbolt.local \
+   -f name  -l lastname  -r admin" -s /bin/sh www-data'
+```
+
+8. Copy-paste the output in the browser and you are ready!
+
+# Setup xDebug
+
+In order to setup xDebug with an IDE or code editor, please use dev/Dockerfile or docker-compose/docker-compose-dev.yaml to spin up a development stack, which already contains xDebug configured to run within the Passbolt server.
+You will then have to configure your IDE to connect to xDebug. Below are the steps required for a few IDEs:
+
+## Visual Studio Code
+
+1. From the Extensions tab, install the "PHP Debug" extension from the "Xdebug" publisher
+2. In the "Run and Debug" tab, click the gear icon at the very top of the panel to "Open 'launch.json'"
+3. Under "configurations", add a new JSON object with the following content:
+```
+{
+  "name": "Listen for Xdebug on Docker",
+  "type": "php",
+  "request": "launch",
+  "port": 9003,
+  "pathMappings": {
+    "/var/www/passbolt": "${workspaceFolder}"
+  }
+},
+```
+4. Check for errors by adding `xdebug_info(); die();` to the Passbolt `webroot/index.php` file and visiting the Passbolt server root page. If you don't see anything under the "Diagnosis" section, you can remove this change and start using xDebug
+5. In the "Run and Debug" tab, select the debug profile we added in "launch.json" ("Listen for Xdebug on Docker") and click the green arrow to connect to xDebug
+
+In case the "${workspaceFolder}" value is not mapped correctly (this seems to be the case on MacOS), you can provide the full path of the open workspace folder:
+* Either manually: `<ABSOLUTE_PATH_TO_WORKSPACE_FOLDER>`
+* Or if you store all your code fodlers in a common code place:
+  - `<ABSOLUTE_PATH_TO_COMMON_CODE_FOLDER>/${workspaceFolderBasename}` OR
+  - `${workspaceRoot}` (deprecated in vscode but still works, though only works in single-workspace setup)
+
+## PHPStorm
+
+1. Configure your IDE so that it can properly connect with Docker: under Settings/Preferences -> Build, Execution, Deployment -> Docker. Here is a tutorial: https://www.jetbrains.com/help/phpstorm/docker.html#enable_docker
+2. Then, under Settings/Preferences -> PHP -> Debug, in the "External connections" section, make sure the "Break at first line in PHP scripts" checkbox is unchecked
+3. Thereafter, we need to configure a PHP server, which can be done by going to File > Settings > PHP > Servers. Click on the plus sign twice to create two servers:
+  - The first server should be set to xDebug: Name="Docker - Passbolt", Host="passbolt.local", Port="9003", Debugger="Xdebug", ProjectFiles="<PATH_TO_PASSBOLT_API_REPO>", AbsolutePath="/var/www/passbolt"
+  - The second server should be set to the web server (passbolt.local): Name="passbolt.local", Host="passbolt.local", Port="443", Debugger="Xdebug", ProjectFiles="<PATH_TO_PASSBOLT_API_REPO>", AbsolutePath="/var/www/passbolt"
+4. Save and close the Settings/Preferences window
+5. At the top of the main window, click the "Add Configuration..." button, then "Add new..." > "PHP Remote Debug"
+6. Check the "Filter debug connection by IDE key", and fill in the form with: Name="Docker - Passbolt", Server="Docker - Passbolt", IDEKey="docker_passbolt"
+7. At the top of the main window, click the "Listen for PHP debug connection" button and start a debugging session
+
+**Note:** If you want to debug tests, you will need to properly setup the PHPUnit library under Settings/Preferences -> PHP -> Test Frameworks by adding a configuration and setting the path to phpunit.phar to "/var/www/passbolt/vendor/bin/phpunit" (the docker path mapping must be setup for it to work with this path)