Merge branch 'osx-rebase'

.env.skeleton

@@ -59,9 +59,6 @@ PHPMYADMIN_VIRTUAL_HOST=local.phpmyadmin.opentalent.fr
 MAILCATCHER_VIRTUAL_HOST=local.mailcatcher.opentalent.fr
 MAILCATCHER_PORT=1080
 
-#THUMBOR
-THUMBOR_VIRTUAL_HOST=local.thumbor.opentalent.fr
-
 #Black Fire
 BLACKFIRE_CLIENT_ID=988fcba8-552d-48df-a9c2-035c76535b69
 BLACKFIRE_CLIENT_TOKEN=8cfbeb263d044da9678dc2612531504da3790c308da7448e35724a5da91c136f

.gitignore

@@ -4,13 +4,13 @@
 /mysqldata/*
 /metabase-data/*
 /elasticsearchdata/*
-/apps/*
+
 !/apps/.gitkeep
 /clonedb/*
 /.vagrant
 /.ssh/*
 /useruploaddata/*
-/.env
+.env
 !/.ssh/.gitkeep
 !/useruploaddata/.gitkeep
 !/.ssh/id_rsa_exploitation

docker-compose-osx.yml

@@ -0,0 +1,134 @@
+version: '3.3'
+
+services:
+  php70:
+    volumes:
+      - php70-code:/var/www/html
+
+  admin:
+    platform: linux/amd64
+    volumes:
+      - admin-code:/home/workspace
+
+  ap2i:
+    volumes:
+      - ap2i-code:/var/www/html
+
+  app:
+    volumes:
+      - app-code:/home/workspace
+
+  metabase:
+    platform: linux/amd64
+
+#  es:
+#    platform: linux/amd64
+
+  phpmyadmin:
+    platform: linux/amd64
+
+  frames_v3:
+    volumes:
+      - frame-v3-code:/home/workspace
+
+  db:
+    volumes:
+      - ./apps/opentalent-platform/migration:/usr/src:cached
+      - mysqldata:/var/lib/mysql
+      - ./apps/env:/env:cached
+      - metabase-code:/usr/metabase:cached
+
+volumes:
+  php70-code:
+  ap2i-code:
+  admin-code:
+  app-code:
+  frame-v3-code:
+  metabase-code:
+
+x-mutagen:
+  sync:
+    defaults:
+      mode: "two-way-resolved"
+      ignore:
+        vcs: true
+
+    php70-code:
+      alpha: "./apps/opentalent-platform"
+      beta: "volume://php70-code"
+      configurationBeta:
+        permissions:
+          defaultFileMode: 0644
+          defaultDirectoryMode: 0755
+          defaultOwner: "id:1000"
+          defaultGroup: "id:1000"
+      ignore:
+        paths:
+          - "app/cache/*"
+          - "app/logs/*"
+          - "vendor"
+
+    ap2i-code:
+      alpha: "./apps/ap2i"
+      beta: "volume://ap2i-code"
+      configurationBeta:
+        permissions:
+          defaultFileMode: 0644
+          defaultDirectoryMode: 0755
+          defaultOwner: "id:1000"
+          defaultGroup: "id:1000"
+      ignore:
+        paths:
+          - "var/cache"
+          - "var/log"
+          - "vendor"
+
+    admin-code:
+      alpha: "./apps/opentalent-admin-2.0"
+      beta: "volume://admin-code"
+      configurationBeta:
+        permissions:
+          defaultFileMode: 0644
+          defaultDirectoryMode: 0755
+          defaultOwner: "id:1000"
+          defaultGroup: "id:1000"
+      ignore:
+        paths:
+          - "node_modules"
+          - "bower_components"
+
+    app-code:
+      alpha: "./apps/app"
+      beta: "volume://app-code"
+      configurationBeta:
+        permissions:
+          defaultFileMode: 0644
+          defaultDirectoryMode: 0755
+          defaultOwner: "id:1000"
+          defaultGroup: "id:1000"
+      ignore:
+        paths:
+          - "node_modules"
+
+    frame-v3-code:
+      alpha: "./apps/frames_v3"
+      beta: "volume://frame-v3-code"
+      configurationBeta:
+        permissions:
+          defaultFileMode: 0644
+          defaultDirectoryMode: 0755
+          defaultOwner: "id:1000"
+          defaultGroup: "id:1000"
+      ignore:
+        paths:
+          - "node_modules"
+
+    metabase-code:
+      alpha: "./apps/metabase"
+      beta: "volume://metabase-code"
+      configurationBeta:
+        permissions:
+          defaultFileMode: 0644
+          defaultDirectoryMode: 0755
+          defaultOwner: "id:1000"
+          defaultGroup: "id:1000"

docker-compose.yml

@@ -11,6 +11,8 @@ services:
     ports:
       - "80:80"
       - "443:443"
+    environment:
+      TRUST_DOWNSTREAM_PROXY: true
     networks:
       - network
     volumes:
@@ -72,15 +74,12 @@ services:
     volumes:
       # Le code sera surtout modifié en dehors du container, donc la consistence est prioritairement dans ce sens
       - ./apps/opentalent-platform:/var/www/html:rw,cached
-      - appcache:/var/www/html/var/cache
-      - applog:/var/www/html/var/logs
     networks:
       network:
         ipv4_address: 172.20.1.1
     depends_on:
       - db
       - es
-      - thumbor
       - nginx-proxy
 
   nginx_new:
@@ -116,15 +115,12 @@ services:
     volumes:
       # Le code sera surtout modifié en dehors du container, donc la consistence est prioritairement dans ce sens
       - ./apps/ap2i:/var/www/html:rw,cached
-      - appcache5:/var/www/html/var/cache
-      - applog5:/var/www/html/var/logs
     networks:
       network:
         ipv4_address: 172.20.2.1
     depends_on:
       - db
       - es
-      - thumbor
       - nginx-proxy
 
   mercure:
@@ -335,26 +331,26 @@ services:
     depends_on:
       - nginx
 
-  adminassos:
-     hostname: v59
-     container_name: adminassos
-     build:
-       context: .
-       dockerfile: docker/adminassos/Dockerfile
-       args:
-         - OS=${OS}
-     restart: always
-     volumes:
-       - ./apps/opentalent:/var/source/opentalent:cached
-       - useruploaddata:/var/www/opentalent/fileadmin/user_upload:cached
-       - ./apps/vendor:/var/source/vendor:delegated
-       - ./apps/opentalent-config:/var/source/config:cached
-     environment:
-       - VIRTUAL_HOST=${V59_VIRTUAL_HOST}
-     networks:
-       - network
-     depends_on:
-       - nginx
+#  adminassos:
+#     hostname: v59
+#     container_name: adminassos
+#     build:
+#       context: .
+#       dockerfile: docker/adminassos/Dockerfile
+#       args:
+#         - OS=${OS}
+#     restart: always
+#     volumes:
+#       - ./apps/opentalent:/var/source/opentalent:cached
+#       - useruploaddata:/var/www/opentalent/fileadmin/user_upload:cached
+#       - ./apps/vendor:/var/source/vendor:delegated
+#       - ./apps/opentalent-config:/var/source/config:cached
+#     environment:
+#       - VIRTUAL_HOST=${V59_VIRTUAL_HOST}
+#     networks:
+#       - network
+#     depends_on:
+#       - nginx
 
   metabase:
     hostname: metabase
@@ -392,19 +388,6 @@ services:
     networks:
       - network
 
-  thumbor:
-    hostname: thumbor
-    container_name: thumbor
-    image: minimalcompact/thumbor
-    restart: always
-    environment:
-      - VIRTUAL_HOST=${THUMBOR_VIRTUAL_HOST}
-      - LOADER=thumbor.loaders.file_loader
-    networks:
-      - network
-    #    volumes:
-    #      - ./apps/opentalent-platform/web/files:/data/loader:cached
-
   phpmyadmin:
     hostname: phpmyadmin
     container_name: phpmyadmin
@@ -439,23 +422,23 @@ services:
     depends_on:
       - nginx-proxy
 
-  blackfire:
-    hostname: blackfire
-    container_name: blackfire
-    image: blackfire/blackfire
-    environment:
-      - BLACKFIRE_LOG_LEVEL=4
-      - BLACKFIRE_SERVER_ID=${BLACKFIRE_SERVER_ID}
-      - BLACKFIRE_SERVER_TOKEN=${BLACKFIRE_SERVER_TOKEN}
-      - BLACKFIRE_CLIENT_ID=${BLACKFIRE_CLIENT_ID}
-      - BLACKFIRE_CLIENT_TOKEN=${BLACKFIRE_CLIENT_TOKEN}
-      - VIRTUAL_HOST=${BLACK_FIRE_VIRTUAL_HOST}
-      - VIRTUAL_PORT=${BLACK_FIRE_PORT}
-    networks:
-      - network
-    depends_on:
-      - php70
-      - ap2i
+#  blackfire:
+#    hostname: blackfire
+#    container_name: blackfire
+#    image: blackfire/blackfire
+#    environment:
+#      - BLACKFIRE_LOG_LEVEL=4
+#      - BLACKFIRE_SERVER_ID=${BLACKFIRE_SERVER_ID}
+#      - BLACKFIRE_SERVER_TOKEN=${BLACKFIRE_SERVER_TOKEN}
+#      - BLACKFIRE_CLIENT_ID=${BLACKFIRE_CLIENT_ID}
+#      - BLACKFIRE_CLIENT_TOKEN=${BLACKFIRE_CLIENT_TOKEN}
+#      - VIRTUAL_HOST=${BLACK_FIRE_VIRTUAL_HOST}
+#      - VIRTUAL_PORT=${BLACK_FIRE_PORT}
+#    networks:
+#      - network
+#    depends_on:
+#      - php70
+#      - ap2i
 
   phpdoc:
     hostname: phpdoc
@@ -491,9 +474,5 @@ volumes:
   mysqldata: ~
   elasticsearchdata: ~
   useruploaddata: ~
-  appcache5: ~
-  applog5: ~
-  appcache: ~
-  applog: ~
   mercure_data: ~
-  mercure_config: ~
+  mercure_config: ~

docker/ap2i/Dockerfile

@@ -66,6 +66,9 @@ RUN     docker-php-ext-install zip
 RUN     docker-php-ext-install xsl
         ## APCU
 RUN     pecl install apcu-5.1.21
+RUN     pecl install imagick
+RUN     docker-php-ext-install imagick
+
 ## COMPOSER
 RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"; \
     php composer-setup.php; \

docker/elasticsearch/Dockerfile

@@ -0,0 +1,72 @@
+# adapted from https://github.com/docker-library/elasticsearch/blob/master/2.4/Dockerfile
+
+FROM openjdk:8-jre
+
+# grab gosu for easy step-down from root
+ENV GOSU_VERSION 1.10
+RUN set -x \
+	&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
+	&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
+	&& export GNUPGHOME="$(mktemp -d)" \
+	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+	&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
+	&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
+	&& chmod +x /usr/local/bin/gosu \
+	&& gosu nobody true
+
+RUN set -ex; \
+# https://artifacts.elastic.co/GPG-KEY-elasticsearch
+	key='46095ACC8548582C1A2699A9D27D666CD88E42B4'; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	gpg --export "$key" > /etc/apt/trusted.gpg.d/elastic.gpg; \
+	rm -rf "$GNUPGHOME"; \
+	apt-key list
+
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html
+# https://www.elastic.co/guide/en/elasticsearch/reference/5.0/deb.html
+RUN set -x \
+	&& apt-get update && apt-get install -y --no-install-recommends apt-transport-https && rm -rf /var/lib/apt/lists/* \
+	&& echo 'deb http://packages.elasticsearch.org/elasticsearch/2.x/debian stable main' > /etc/apt/sources.list.d/elasticsearch.list
+
+ENV ELASTICSEARCH_VERSION 2.4.6
+ENV ELASTICSEARCH_DEB_VERSION 2.4.6
+
+RUN set -x \
+	\
+# don't allow the package to install its sysctl file (causes the install to fail)
+# Failed to write '262144' to '/proc/sys/vm/max_map_count': Read-only file system
+	&& dpkg-divert --rename /usr/lib/sysctl.d/elasticsearch.conf \
+	\
+	&& apt-get update \
+	&& apt-get install -y --no-install-recommends "elasticsearch=$ELASTICSEARCH_DEB_VERSION" \
+	&& rm -rf /var/lib/apt/lists/*
+
+ENV PATH /usr/share/elasticsearch/bin:$PATH
+
+WORKDIR /usr/share/elasticsearch
+
+# uid 11002 because 1000 (elasticsearch) conflicts in our infra
+RUN addgroup --gid 11002 elasticsearch-user
+RUN useradd --uid 11002 --gid 11002 --home /usr/share/elasticsearch elasticsearch-user
+
+RUN set -ex \
+	&& for path in \
+		./data \
+		./logs \
+		./config \
+		./config/scripts \
+	; do \
+		mkdir -p "$path"; \
+        chown -R elasticsearch-user:elasticsearch-user "$path"; \
+	done
+
+RUN yes | bin/plugin install cloud-aws
+
+VOLUME /usr/share/elasticsearch/data
+
+COPY ./docker/elasticsearch/docker-entrypoint.sh /
+
+EXPOSE 9200 9300
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["elasticsearch"]

docker/elasticsearch/docker-entrypoint.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+# Add elasticsearch as command if needed
+if [ "${1:0:1}" = '-' ]; then
+	set -- elasticsearch "$@"
+fi
+
+# Drop root privileges if we are running elasticsearch
+# allow the container to be started with `--user`
+if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then
+	# Change the ownership of /usr/share/elasticsearch/data to elasticsearch
+	chown -R elasticsearch-user:elasticsearch-user /usr/share/elasticsearch/data
+
+	set -- gosu elasticsearch-user "$@"
+fi
+
+# As argument is not related to elasticsearch,
+# then assume that user wants to run his own process,
+# for example a `bash` shell to explore this image
+exec "$@"

docker/nginx-proxy/Dockerfile

@@ -1,3 +1,3 @@
 FROM jwilder/nginx-proxy:alpine
 
-ADD /docker/nginx-proxy/certs /etc/nginx/certs
+ADD /docker/nginx-proxy/certs /etc/nginx/certs