Continuous Delivery with Docker and GCP

.dockerignore

@@ -0,0 +1,6 @@
+
+.github
+.git
+build
+
+README.md

.gitignore

@@ -25,3 +25,11 @@ lcpencrypt/.DS_Store
 lcpserver/.DS_Store
 npm-debug.log
 manage/config.js
+
+!docker/**/config.yaml
+!docker/cloudbuild.prod.yaml
+!docker/cloudbuild.test.yaml
+!docker/nginx-edrlab/cloudbuild.yaml
+build/
+.*.swp
+docker/private/

Makefile

@@ -0,0 +1,120 @@
+
+ROOT_DIR=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+BUILD_DIR=$(ROOT_DIR)/build
+
+UNAME_S= $(shell uname -s)
+
+BUILD_PROD=false
+LIBUSERKEY_PATH=/
+USERKEYH_PATH=/
+USERKEYGO_PATH=/
+
+export READIUM_LCPSERVER_CONFIG := $(BUILD_DIR)/config.yaml
+export READIUM_LSDSERVER_CONFIG := $(BUILD_DIR)/config.yaml
+export READIUM_FRONTEND_CONFIG := $(BUILD_DIR)/config.yaml
+export GOPATH= $(BUILD_DIR)
+
+lcpencrypt=lcpencrypt
+lcpserver=lcpserver
+lsdserver=lsdserver
+frontend=frontend
+frontend_manage=frontend/manage
+
+NODE_VERSION=6.9.2
+
+ifeq ($(UNAME_S), Linux)
+	NODE_URL="https://nodejs.org/dist/v$(NODE_VERSION)/node-v$(NODE_VERSION)-linux-x64.tar.xz"
+	SED_I=sed -i
+else
+	NODE_URL="https://nodejs.org/dist/v$(NODE_VERSION)/node-v$(NODE_VERSION)-darwin-x64.tar.xz"
+	SED_I=sed -i ''
+endif
+
+#LDFLAGS=-extldflags=-static
+LDFLAGS=
+
+CC=GOARCH=amd64 go install -x #-ldflags="$(LDFLAGS)"
+
+.PHONY: all node run prepare clean
+
+all: $(lcpencrypt) $(lcpserver) $(lsdserver) $(frontend) $(frontend_manage)
+
+clean:
+	@if [ "$(BUILD_PROD)" = "true" ]; then\
+		echo "RM $(LIBUSERKEY_PATH)"; 																							\
+		rm -f license/libuserkey.a; 																		\
+		echo "RM $(USERKEYH_PATH)"; 																								\
+		rm -f license/userkey.h;																				\
+		echo "RM $(USERKEYGO_PATH)";																								\
+		mv $(BUILD_DIR)/user_key.go.backup license/user_key.go;											\
+	fi
+
+	@rm -rf $(BUILD_DIR) 2>/dev/null || true
+	@rm -rf $(ROOT_DIR)/$(frontend_manage)/node_modules
+	@rm -rf $(ROOT_DIR)/$(frontend_manage)/dist
+
+node:
+	open $(NODE_URL)
+
+prepare:
+	mkdir -p $(BUILD_DIR)
+	mkdir -p $(BUILD_DIR)/cert
+	mkdir -p $(BUILD_DIR)/db
+	mkdir -p $(BUILD_DIR)/files
+	mkdir -p $(BUILD_DIR)/files/storage
+	cp $(ROOT_DIR)/test/cert/cert-edrlab-test.pem $(BUILD_DIR)/cert/.
+	cp $(ROOT_DIR)/test/cert/privkey-edrlab-test.pem $(BUILD_DIR)/cert/.
+	mkdir -p $(BUILD_DIR)/log
+	mkdir -p $(BUILD_DIR)/frontend/manage
+	sed 's~<LCP_HOME>~$(BUILD_DIR)~g' < $(ROOT_DIR)/test/config.yaml > $(BUILD_DIR)/config.yaml
+	echo "adm_username:\$$apr1\$$bxwn8jim\$$kbfYFRgbBlKDWpAvd2tHW." > $(BUILD_DIR)/htpasswd
+	@if [ "$(BUILD_PROD)" = "true" ]; then\
+		echo "COPY $(LIBUSERKEY_PATH)"; 																			\
+		cp $(LIBUSERKEY_PATH) license/.; 																			\
+		echo "COPY $(USERKEYH_PATH)"; 																				\
+		cp $(USERKEYH_PATH) license/.;																				\
+		echo "COPY $(USERKEYGO_PATH)"; 																				\
+		cp license/user_key.go $(BUILD_DIR)/user_key.go.backup; 	\
+		cp $(USERKEYGO_PATH) license/.;													\
+	fi
+
+$(lcpencrypt): prepare
+	GOPATH=$(GOPATH) $(CC) ./$@
+
+$(lcpserver): prepare
+	GOPATH=$(GOPATH) CGO_ENABLED=1 $(CC) ./$@
+
+$(lsdserver): prepare
+	GOPATH=$(GOPATH) $(CC) ./$@
+
+$(frontend): prepare
+	GOPATH=$(GOPATH) $(CC) ./$@
+
+$(frontend_manage): prepare
+		cd ./$@ \
+		&& cp package.json package.json.backup \
+		&& $(SED_I) '/\"lite-server\"\:/d' package.json \
+		&& $(SED_I) 's/git\:/https\:/g' package.json \
+		&& npm install \
+		&& npm update \
+		&& npm run clean \
+		&& npm run build-css \
+		&& npm run copy-templates \
+		&& $(SED_I) '/es2015/d' node_modules/@types/node/index.d.ts \
+		&& node_modules/.bin/tsc \
+		&& mv package.json.backup package.json \
+		&& cp -r . $(BUILD_DIR)/frontend/manage/.
+
+
+run:
+	rm -f $(BUILD_DIR)/run.sh
+	echo "#! /usr/bin/env sh" >> $(BUILD_DIR)/run.sh
+	echo "READIUM_LCPSERVER_CONFIG=$(READIUM_LCPSERVER_CONFIG) $(BUILD_DIR)/bin/$(lcpserver) > $(BUILD_DIR)/log/$(lcpserver).log &" >> $(BUILD_DIR)/run.sh
+	echo "READIUM_LSDSERVER_CONFIG=$(READIUM_LSDSERVER_CONFIG) $(BUILD_DIR)/bin/$(lsdserver) > $(BUILD_DIR)/log/$(lsdserver).log &" >> $(BUILD_DIR)/run.sh
+	echo "READIUM_FRONTEND_CONFIG=$(READIUM_FRONTEND_CONFIG) $(BUILD_DIR)/bin/$(frontend) > $(BUILD_DIR)/log/$(frontend).logi &" >> $(BUILD_DIR)/run.sh
+	echo "wait" >> $(BUILD_DIR)/run.sh
+	chmod +x $(BUILD_DIR)/run.sh
+	@open http://127.0.0.1:8991/
+	sh $(BUILD_DIR)/run.sh
+

README.md

@@ -46,6 +46,36 @@ Out of the box, this open-source software is using what we call the "basic" (or
 
 But this profile, because it is open, does not offer any security. Security is provided by a "production" profile, i.e. confidential crypto information and a personal X.509 certificate delivered to trusted implementers by [EDRLab](mailto:contact@edrlab.org). EDRLab is the wordwide LCP Certification Authority. Licenses generated with the "production" profile are handled by any LCP compliant Reading System.
 
+Quickstart
+==========
+
+
+> You have to download node [v6.9.2](https://nodejs.org/dist/v6.9.2/) to compile the frontend webapp
+
+```
+make clean && PATH=/Users/edrlab/Downloads/node-v6.9.2-darwin-x64/bin:$PATH make && make run
+```
+
+Docker
+=======
+
+
+To build the master container (lcp+lsd+frontend) :
+
+```
+./docker/dockerbuild.sh `pwd` master
+```
+
+To run it :
+
+```
+./docker/dockerrun.sh
+```
+
+
+go to http://127.0.0.1:8080/frontend
+
+
 Executables
 ===========
 The server software is composed of several independant parts:

docker/100-lcpserver-lsdserver-frontend.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+/lcpserver/entrypoint.sh /lcpserver/tmp/config.yaml /lcpserver/lcpserver &
+echo "LCPSERVER PID=$!"
+
+
+/lsdserver/entrypoint.sh /lsdserver/tmp/config.yaml /lsdserver/lsdserver &
+echo "LSDSERVER PID=$!"
+
+
+/frontend/entrypoint.sh /frontend/tmp/config.yaml /frontend/manage /frontend/frontend &
+echo "FRONTENDSERVER PID=$!"
+
+

docker/Dockerfile

@@ -0,0 +1,126 @@
+
+FROM golang:alpine as lcpserver
+WORKDIR /lcp
+COPY . /lcp/.
+
+ARG BUILD_PROD=false
+ARG LIBUSERKEY_PATH=/docker/dummy
+ARG USERKEYH_PATH=/docker/dummy
+ARG USERKEYGO_PATH=/docker/dummy
+
+COPY $LIBUSERKEY_PATH $LIBUSERKEY_PATH
+COPY $USERKEYH_PATH $USERKEYH_PATH
+COPY $USERKEYGO_PATH $USERKEYGO_PATH
+
+RUN apk add build-base
+RUN make BUILD_PROD=${BUILD_PROD} LIBUSERKEY_PATH=${LIBUSERKEY_PATH} USERKEYH_PATH=${USERKEYH_PATH} USERKEYGO_PATH=${USERKEYGO_PATH} lcpserver
+
+
+FROM golang:alpine as lsdserver
+WORKDIR /lcp
+COPY . /lcp/.
+
+RUN apk add build-base
+RUN make lsdserver
+
+# FROM node:6.9.2 doesn't works npm failed to download librairies
+FROM ubuntu:20.04 as frontend-manage
+
+WORKDIR /lcp
+COPY . /lcp/.
+
+RUN apt-get update \
+    && apt-get install -y make curl git \
+    && curl -O https://nodejs.org/dist/v6.9.2/node-v6.9.2-linux-x64.tar.gz \
+    && tar -xzf node-v6.9.2-linux-x64.tar.gz
+
+RUN PATH=/lcp/node-v6.9.2-linux-x64/bin:$PATH make "frontend/manage"
+
+FROM golang:alpine as frontendserver
+WORKDIR /lcp
+COPY . /lcp/.
+
+RUN apk add build-base
+RUN make frontend
+
+
+
+
+FROM nginx:stable-alpine
+
+COPY --from=lcpserver /lcp/build/bin/lcpserver /usr/bin/lcpserver
+COPY --from=lsdserver /lcp/build/bin/lsdserver /usr/bin/lsdserver
+COPY --from=frontendserver /lcp/build/bin/frontend /usr/bin/frontend
+COPY --from=frontend-manage /lcp/build/frontend/manage/. /frontend/manage/.
+
+ARG I18N=/messages
+ARG AUTH_FILE=/test/htpasswd 
+ARG PRIVATE_KEY_PATH=/test/cert/privkey-edrlab-test.pem
+ARG CERTIFICATE_PATH=/test/cert/cert-edrlab-test.pem
+ARG CONFIG_PATH=/docker/config.yaml
+ARG PROFILE=basic
+
+COPY $PRIVATE_KEY_PATH /privkey.pem
+COPY $CERTIFICATE_PATH /cert.pem
+COPY $I18N /i18n
+COPY $AUTH_FILE /htpasswd
+
+# envsubst in inittab once
+COPY $CONFIG_PATH /tmp/config.yaml
+COPY /docker/init.sh /init.sh
+
+COPY /docker/inittab /etc/inittab
+
+RUN apk --update add --no-cache gettext sed ca-certificates openssl && update-ca-certificates
+
+ENV LCP_PORT=8081
+ENV LCP_HOST=127.0.0.1
+ENV LSD_PORT=8082
+ENV LSD_HOST=127.0.0.1
+ENV FRONTEND_PORT=8083
+ENV FRONTEND_HOST=127.0.0.1
+
+ENV AUTH_FILE=/htpasswd
+ENV CERTIFICATE_PATH=/cert.pem
+ENV PRIVATE_KEY=/privkey.pem
+ENV LOCALIZATION_FOLDER=/i18n
+
+ENV LOCALIZATION_DEFAULT_LANGUAGE=en-US
+ENV LOCALIZATION_LANGUAGES_ARRAY=[\"en-US\"]
+
+ENV LCP_DATABASE_ROOT_PATH=/lcp/db
+
+ENV LSD_BASE_URL=http://127.0.0.1:8080/lsdserver
+ENV LSD_NOTIFY_AUTH_USER=adm_username
+ENV LSD_NOTIFY_AUTH_PASS=adm_password
+ENV LSD_DATABASE=sqlite3://file:$LCP_DATABASE_ROOT_PATH/lcp.sqlite?cache=shared&mode=rwc
+
+ENV LCP_BASE_URL=http://127.0.0.1:8080/lcpserver
+ENV LCP_UPDATE_AUTH_USER=adm_username
+ENV LCP_UPDATE_AUTH_PASS=adm_password
+ENV LCP_DATABASE=sqlite3://file:$LCP_DATABASE_ROOT_PATH/lsd.sqlite?cache=shared&mode=rwc
+ENV LCP_STORAGE_PATH=/lcp/files/storage
+
+ENV FRONTEND_BASE_URL=http://127.0.0.1:8080/frontend
+ENV FRONTEND_MANAGE=/frontend/manage
+ENV FRONTEND_DATABASE=sqlite3://file:$LCP_DATABASE_ROOT_PATH/frontend.sqlite?cache=shared&mode=rwc
+
+ENV FRONTEND_MASTER_PATH=/lcp/files/master
+ENV FRONTEND_ENCRYPTED_PATH=/lcp/files/encrypted
+ENV FRONTEND_PROVIDER_URI=https://www.myprovidername.org
+
+ENV READIUM_LCPSERVER_CONFIG=/config.yaml
+ENV READIUM_LSDSERVER_CONFIG=/config.yaml
+ENV READIUM_FRONTEND_CONFIG=/config.yaml
+
+ENV PROFILE=$PROFILE
+
+ENV PORT=8080
+
+ENV BASE_URL=http://127.0.0.1:8080/frontend/
+
+COPY /docker/nginx.conf.template /etc/nginx/templates/default.conf.template
+
+CMD ["init"]
+
+EXPOSE $PORT

docker/cloudbuild.prod.yaml

@@ -0,0 +1,32 @@
+steps:
+  # Docker Build
+  - name: gcr.io/cloud-builders/gsutil
+    args: ['cp', 'gs://lcpserver-build-prod/libuserkey.a', '/workspace/libuserkey.a']
+  - name: gcr.io/cloud-builders/gsutil
+    args: ['cp', 'gs://lcpserver-build-prod/userkey.h', '/workspace/userkey.h']
+  - name: gcr.io/cloud-builders/gsutil
+    args: ['cp', 'gs://lcpserver-build-prod/user_key.go', '/workspace/user_key.go']
+  - name: gcr.io/cloud-builders/gsutil
+    args: ['cp', 'gs://lcpserver-build-prod/cert-edrlab.pem', '/workspace/cert-edrlab.pem']
+  - name: gcr.io/cloud-builders/gsutil
+    args: ['cp', 'gs://lcpserver-build-prod/privkey-edrlab.pem', '/workspace/privkey-edrlab.pem']
+  - name: 'gcr.io/cloud-builders/docker'
+
+    args: ['build', '-t', 
+    'europe-west1-docker.pkg.dev/lcpserver-1/lcp-server-build/readium-lcp-server-build-prod:latest', 
+    '-f', 'docker/Dockerfile',
+    '--build-arg', 'LIBUSERKEY_PATH=/libuserkey.a',
+    '--build-arg', 'USERKEYH_PATH=/userkey.h',
+    '--build-arg', 'USERKEYGO_PATH=/user_key.go',
+    '--build-arg', 'BUILD_PROD=true',
+    '--build-arg', 'PRIVATE_KEY_PATH=/privkey-edrlab.pem',
+    '--build-arg', 'CERTIFICATE_PATH=/cert-edrlab.pem',
+    '--build-arg', 'PROFILE=1.0',
+    '.']
+
+    # Docker Push
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['push', 
+    'europe-west1-docker.pkg.dev/lcpserver-1/lcp-server-build/readium-lcp-server-build-prod:latest']
+
+timeout: 3600s

docker/cloudbuild.test.yaml

@@ -0,0 +1,14 @@
+steps:
+  # Docker Build
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['build', '-t', 
+    'europe-west1-docker.pkg.dev/lcpserver-1/lcp-server-build/readium-lcp-server-build-test:latest', 
+    '-f', 'docker/Dockerfile',
+    '.']
+
+    # Docker Push
+  - name: 'gcr.io/cloud-builders/docker'
+    args: ['push', 
+    'europe-west1-docker.pkg.dev/lcpserver-1/lcp-server-build/readium-lcp-server-build-test:latest']
+
+timeout: 3600s