mirror of
https://github.com/LaCasemate/fab-manager.git
synced 2025-02-19 13:54:25 +01:00
(wip) fix folders permissions during setup
@see https://github.com/moby/moby/issues/2259
This commit is contained in:
Sylvain
parent
667272fab6
commit
1bb1d13a50
@ -3,6 +3,7 @@
|
||||
## next deploy
|
||||
|
||||
- Updated sidekiq-unique-jobs to 7.1.23 to get rid of Sidekiq's default_worker_options deprecation warning
|
||||
- Allow moving with arrows in the setup script's inputs
|
||||
- Fix a bug: unable to edit OIDC provider
|
||||
- Fix a bug: list of OIDC scopes are loading indefinitely
|
||||
|
||||
|
||||
11
Dockerfile
11
Dockerfile
@ -1,6 +1,9 @@
|
||||
FROM ruby:2.6.10-alpine
|
||||
MAINTAINER contact@fab-manager.com
|
||||
|
||||
RUN addgroup --gid 1000 fabmanager && \
|
||||
adduser --uid 1000 -G fabmanager -s /bin/bash -D fabmanager
|
||||
|
||||
# Install upgrade system packages
|
||||
RUN apk update && apk upgrade && \
|
||||
# Install runtime apk dependencies
|
||||
@ -48,6 +51,11 @@ COPY Gemfile /tmp/
|
||||
COPY Gemfile.lock /tmp/
|
||||
RUN bundle config set --local without 'development test doc' && bundle install && bundle binstubs --all
|
||||
|
||||
# Prepare the application directory
|
||||
RUN mkdir -p /usr/src/app && chown -R fabmanager:fabmanager /usr/src/app
|
||||
# Change to non-root user
|
||||
USER fabmanager
|
||||
|
||||
# Install Javascript packages
|
||||
WORKDIR /usr/src/app
|
||||
COPY package.json /usr/src/app/package.json
|
||||
@ -63,8 +71,7 @@ RUN apk del .build-deps && \
|
||||
/usr/lib/ruby/gems/*/cache/*
|
||||
|
||||
# Web app
|
||||
RUN mkdir -p /usr/src/app && \
|
||||
mkdir -p /usr/src/app/config && \
|
||||
RUN mkdir -p /usr/src/app/config && \
|
||||
mkdir -p /usr/src/app/invoices && \
|
||||
mkdir -p /usr/src/app/payment_schedules && \
|
||||
mkdir -p /usr/src/app/exports && \
|
||||
|
||||
2
Procfile
2
Procfile
@ -1,3 +1,3 @@
|
||||
web: bundle exec rails server puma -p $PORT
|
||||
#web: bundle exec rails server puma -p $PORT
|
||||
worker: bundle exec sidekiq -C ./config/sidekiq.yml
|
||||
webpack: bin/webpacker-dev-server
|
||||
|
||||
@ -117,7 +117,7 @@ elevate_cmd()
|
||||
read_email()
|
||||
{
|
||||
local email
|
||||
read -rp "Please input a valid email address > " email </dev/tty
|
||||
read -rep "Please input a valid email address > " email </dev/tty
|
||||
if [[ "$email" == *"@"*"."* ]]; then
|
||||
EMAIL="$email"
|
||||
else
|
||||
@ -152,7 +152,7 @@ config()
|
||||
|
||||
read_domain()
|
||||
{
|
||||
read -rp 'Please input the domain name > ' domain </dev/tty
|
||||
read -rep 'Please input the domain name > ' domain </dev/tty
|
||||
if [[ "$domain" == *"."* ]]; then
|
||||
DOMAINS+=("$domain")
|
||||
else
|
||||
@ -175,7 +175,7 @@ prepare_files()
|
||||
if [[ "$confirm" = "n" ]]; then exit 1; fi
|
||||
|
||||
elevate_cmd mkdir -p "$FABMANAGER_PATH/config"
|
||||
elevate_cmd chown -R "$(whoami)" "$FABMANAGER_PATH"
|
||||
elevate_cmd chown -R "$(whoami):$(whoami)" "$FABMANAGER_PATH"
|
||||
|
||||
mkdir -p "$FABMANAGER_PATH/elasticsearch/config"
|
||||
|
||||
@ -228,7 +228,7 @@ prepare_nginx()
|
||||
printf "The two following configurations are useful if you want to install Fab-manager behind a reverse proxy...\n"
|
||||
read -rp "- Do you want to map the Fab-manager's service to an external network? (Y/n) " confirm </dev/tty
|
||||
if [ "$confirm" != "n" ]; then
|
||||
read -rp "Please input the name of the external network (default: web) " network </dev/tty
|
||||
read -rep "Please input the name of the external network (default: web) " network </dev/tty
|
||||
if [ "$network" = "" ]; then network="web"; fi
|
||||
|
||||
echo "Adding a network configuration to the docker-compose.yml file..."
|
||||
@ -248,7 +248,7 @@ prepare_nginx()
|
||||
if [ "$confirm" != "n" ]; then
|
||||
current="$(yq eval '.services.*.image | select(. == "sleede/fab-manager*") | path | .[-2]' docker-compose.yml)"
|
||||
printf "=======================\n- \e[1mCurrent value: %s\e[21m\n- New value? (leave empty to keep the current value)\n" "$current"
|
||||
read -rp " > " value </dev/tty
|
||||
read -rep " > " value </dev/tty
|
||||
echo "======================="
|
||||
if [ "$value" != "" ]; then
|
||||
escaped=$(printf '%s\n' "$value" | iconv -f utf8 -t ascii//TRANSLIT//IGNORE | sed -e 's/[^a-zA-Z0-9-]/_/g')
|
||||
@ -331,7 +331,7 @@ configure_env_file()
|
||||
printf "**** \e[1mDocumentation:\e[21m ****\n"
|
||||
echo "$var_doc"
|
||||
printf "=======================\n- \e[1mCurrent value: %s\e[21m\n- New value? (leave empty to keep the current value)\n" "$current"
|
||||
read -rp " > " value </dev/tty
|
||||
read -rep " > " value </dev/tty
|
||||
echo "======================="
|
||||
if [ "$value" != "" ]; then
|
||||
esc_val=$(printf '%s\n' "$value" | sed -e 's/\//\\\//g')
|
||||
@ -340,7 +340,7 @@ configure_env_file()
|
||||
fi
|
||||
done
|
||||
# we automatically generate the SECRET_KEY_BASE
|
||||
secret=$(cd "$FABMANAGER_PATH" && docker-compose run --rm "$SERVICE" bundle exec rake secret)
|
||||
secret=$(docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake secret)
|
||||
sed -i.bak "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$secret/g" "$FABMANAGER_PATH/config/env"
|
||||
}
|
||||
|
||||
@ -370,32 +370,32 @@ setup_assets_and_databases()
|
||||
read -rp "Continue? (Y/n) " confirm </dev/tty
|
||||
if [ "$confirm" = "n" ]; then return; fi
|
||||
|
||||
cd "$FABMANAGER_PATH" && docker-compose run --rm "$SERVICE" bundle exec rake db:create # create the database
|
||||
cd "$FABMANAGER_PATH" && docker-compose run --rm "$SERVICE" bundle exec rake db:migrate # run all the migrations
|
||||
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake db:create # create the database
|
||||
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake db:migrate # run all the migrations
|
||||
# prompt default admin email/password
|
||||
printf "\n\nWe will now create the default administrator of Fab-manager.\n"
|
||||
read_email
|
||||
PASSWORD=$(read_password)
|
||||
printf "\nOK. We will fill the database now...\n"
|
||||
cd "$FABMANAGER_PATH" && docker-compose run --rm -e ADMIN_EMAIL="$EMAIL" -e ADMIN_PASSWORD="$PASSWORD" "$SERVICE" bundle exec rake db:seed # seed the database
|
||||
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm -e ADMIN_EMAIL="$EMAIL" -e ADMIN_PASSWORD="$PASSWORD" "$SERVICE" bundle exec rake db:seed # seed the database
|
||||
|
||||
# now build the assets
|
||||
if ! docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --rm "$SERVICE" bundle exec rake assets:precompile; then
|
||||
if ! docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake assets:precompile; then
|
||||
echo -e "\e[91m[ ❌ ] someting went wrong while compiling the assets, exiting...\e[39m" && exit 1
|
||||
fi
|
||||
|
||||
# and prepare elasticsearch
|
||||
cd "$FABMANAGER_PATH" && docker-compose run --rm "$SERVICE" bundle exec rake fablab:es:build_stats
|
||||
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake fablab:es:build_stats
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
cd "$FABMANAGER_PATH" && docker-compose down
|
||||
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" down
|
||||
}
|
||||
|
||||
start()
|
||||
{
|
||||
cd "$FABMANAGER_PATH" && docker-compose up -d
|
||||
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" up -d
|
||||
}
|
||||
|
||||
enable_ssl()
|
||||
|
||||
@ -40,7 +40,7 @@ yq() {
|
||||
}
|
||||
|
||||
jq() {
|
||||
docker run --rm -i -v "${PWD}:/data" imega/jq "$@"
|
||||
docker run --rm -i -v "${PWD}:/data" --user "$UID" imega/jq "$@"
|
||||
}
|
||||
|
||||
docker-compose()
|
||||
@ -58,6 +58,43 @@ docker-compose()
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
has_sudo()
|
||||
{
|
||||
local prompt
|
||||
|
||||
prompt=$(sudo -nv 2>&1)
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "has_sudo__pass_set"
|
||||
elif echo $prompt | grep -q '^sudo:'; then
|
||||
echo "has_sudo__needs_pass"
|
||||
else
|
||||
echo "no_sudo"
|
||||
fi
|
||||
}
|
||||
|
||||
elevate_cmd()
|
||||
{
|
||||
local cmd=$@
|
||||
|
||||
HAS_SUDO=$(has_sudo)
|
||||
|
||||
case "$HAS_SUDO" in
|
||||
has_sudo__pass_set)
|
||||
sudo $cmd
|
||||
;;
|
||||
has_sudo__needs_pass)
|
||||
echo "Please supply sudo password for the following command: sudo $cmd"
|
||||
sudo $cmd
|
||||
;;
|
||||
*)
|
||||
echo "Please supply root password for the following command: su -c \"$cmd\""
|
||||
su -c "$cmd"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
|
||||
# set $SERVICE and $YES_ALL
|
||||
config()
|
||||
{
|
||||
@ -125,9 +162,9 @@ version_error()
|
||||
# set $VERSION
|
||||
version_check()
|
||||
{
|
||||
VERSION=$(docker-compose exec -T "$SERVICE" cat .fabmanager-version 2>/dev/null)
|
||||
VERSION=$(docker-compose exec --user "$(id -u):$(id -g)" -T "$SERVICE" cat .fabmanager-version 2>/dev/null)
|
||||
if [[ $? = 1 ]]; then
|
||||
VERSION=$(docker-compose exec -T "$SERVICE" cat package.json | jq -r '.version')
|
||||
VERSION=$(docker-compose exec --user "$(id -u):$(id -g)" -T "$SERVICE" cat package.json | jq -r '.version')
|
||||
fi
|
||||
target_version
|
||||
if [ "$TARGET" = 'custom' ]; then return; fi
|
||||
@ -185,13 +222,16 @@ compile_assets()
|
||||
PG_NET_ID=$(docker inspect "$PG_ID" -f "{{json .NetworkSettings.Networks }}" | jq -r '.[] .NetworkID')
|
||||
clean_env_file
|
||||
# shellcheck disable=SC2068
|
||||
if ! docker run --rm --env-file ./config/env ${ENV_ARGS[@]} --link "$PG_ID" --net "$PG_NET_ID" -v "${PWD}/public/new_packs:/usr/src/app/public/packs" "$IMAGE" bundle exec rake assets:precompile; then
|
||||
if ! docker run --user "$(id -u):$(id -g)" --rm --env-file ./config/env ${ENV_ARGS[@]} --link "$PG_ID" --net "$PG_NET_ID" -v "${PWD}/public/new_packs:/usr/src/app/public/packs" "$IMAGE" bundle exec rake assets:precompile; then
|
||||
restore_tag
|
||||
printf "\e[91m[ ❌ ] Something went wrong while compiling the assets, please check the logs above.\e[39m\nExiting...\n"
|
||||
exit 4
|
||||
fi
|
||||
docker-compose down
|
||||
rm -rf public/packs
|
||||
if ! rm -rf public/packs; then
|
||||
# sometimes we can't delete the packs folder, because of a permission issue. In that case try with sudo
|
||||
elevate_cmd rm -rf public/packs
|
||||
fi
|
||||
mv public/new_packs public/packs
|
||||
}
|
||||
|
||||
@ -239,21 +279,21 @@ upgrade()
|
||||
done
|
||||
for PRE in "${PREPROCESSING[@]}"; do
|
||||
printf "\e[91m::\e[0m \e[1mRunning preprocessing command %s...\e[0m\n" "$PRE"
|
||||
if ! docker-compose run --rm "$SERVICE" bundle exec "$PRE" </dev/tty; then
|
||||
if ! docker-compose run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec "$PRE" </dev/tty; then
|
||||
restore_tag
|
||||
printf "\e[91m[ ❌ ] Something went wrong while running \"%s\", please check the logs above.\e[39m\nExiting...\n" "$PRE"
|
||||
exit 4
|
||||
fi
|
||||
done
|
||||
compile_assets
|
||||
if ! docker-compose run --rm "$SERVICE" bundle exec rake db:migrate; then
|
||||
if ! docker-compose run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake db:migrate; then
|
||||
restore_tag
|
||||
printf "\e[91m[ ❌ ] Something went wrong while migrating the database, please check the logs above.\e[39m\nExiting...\n"
|
||||
exit 4
|
||||
fi
|
||||
for COMMAND in "${COMMANDS[@]}"; do
|
||||
printf "\e[91m::\e[0m \e[1mRunning command %s...\e[0m\n" "$COMMAND"
|
||||
if ! docker-compose run --rm "$SERVICE" bundle exec "$COMMAND" </dev/tty; then
|
||||
if ! docker-compose run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec "$COMMAND" </dev/tty; then
|
||||
restore_tag
|
||||
printf "\e[91m[ ❌ ] Something went wrong while running \"%s\", please check the logs above.\e[39m\nExiting...\n" "$COMMAND"
|
||||
exit 4
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user