Dockerize private packagist

.dockerignore

@@ -0,0 +1,15 @@
+/.git
+/.gitignore
+/.env.local
+/.env.local.php
+/.env.*.local
+/config/secrets/prod/prod.decrypt.private.php
+/public/bundles/
+/var/
+/vendor/
+
+/.vscode
+/.idea
+/.phan
+/docs
+.DS_Store

.env

@@ -15,7 +15,7 @@
 # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
 
 ###> symfony/framework-bundle ###
-APP_ENV=dev
+APP_ENV=prod
 APP_SECRET=09aea01942e85d3bbe0ecf727bfc3bd5
 ###< symfony/framework-bundle ###
 

Dockerfile

@@ -0,0 +1,72 @@
+FROM php:8.1-fpm-alpine
+
+RUN apk --no-cache add nginx openssl supervisor curl \
+    git subversion mercurial patch bash nano sudo icu openssh-client zip unzip redis shadow && \
+    curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
+    printf "Host *\n    StrictHostKeyChecking no" > /etc/ssh/ssh_config
+
+RUN set -eux; \
+	apk add --no-cache --virtual .build-deps \
+		$PHPIZE_DEPS \
+		postgresql-dev \
+		icu-dev \
+		coreutils \
+		libxml2-dev \
+		bzip2-dev libzip-dev \
+		libxslt-dev \
+        oniguruma-dev \
+	; \
+	\
+	export CFLAGS="$PHP_CFLAGS" \
+		CPPFLAGS="$PHP_CPPFLAGS" \
+		LDFLAGS="$PHP_LDFLAGS"; \
+	\
+	pecl install -o -f redis apcu; \
+	docker-php-ext-enable redis apcu; \
+    docker-php-ext-install xsl zip sockets pdo pdo_pgsql pdo_mysql intl sysvsem opcache \
+        bz2 mbstring pcntl; \
+    runDeps="$( \
+		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+			| tr ',' '\n' \
+			| sort -u \
+			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+	)"; \
+	echo $runDeps; \
+	apk add --no-cache $runDeps; \
+	\
+	apk del --no-network .build-deps;
+
+WORKDIR /var/www/packagist
+
+COPY composer.json composer.lock /var/www/packagist/
+
+RUN composer install --no-interaction --no-suggest --no-dev --no-scripts && \
+    chown www-data:www-data -R /var/www && \
+    rm -rf /root/.composer
+
+COPY --chown=82:82 . /var/www/packagist/
+
+RUN composer run-script auto-scripts && \
+    mkdir var/composer var/zipball && \
+    chown www-data:www-data -R public var && \
+    rm -rf /root/.composer var/cache
+
+RUN set -eux; \
+    cp docker/php/www.conf /usr/local/etc/php-fpm.d/zzz-docker.conf; \
+    cp docker/php/php.ini /usr/local/etc/php/conf.d/90-php.ini; \
+    mkdir /etc/supervisor.d/; cp docker/supervisor/* /etc/supervisor.d/; \
+    cp docker/php/supervisord.conf /etc/; \
+    cp docker/nginx/nginx.conf /etc/nginx/nginx.conf; \
+    cp docker/php/index.php public/index.php; \
+    cp docker/php/app /usr/local/bin/app; \
+    cp docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh; \
+    mkdir -p /run/php/; \
+    chmod +x /usr/local/bin/app /usr/local/bin/docker-entrypoint.sh; \
+    usermod -d /var/www www-data; \
+    chown www-data:www-data /var/lib/nginx /var/lib/nginx/tmp
+
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+
+EXPOSE 80
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]

README.md

@@ -1,20 +1,19 @@
 Packeton - Private PHP package repository for vendors
 ======================================================
 
+[![PHP Version Require](http://poser.pugx.org/okvpn/packeton/require/php)](https://packagist.org/packages/okvpn/packeton)
 [![Docker pulls](https://img.shields.io/docker/pulls/okvpn/packeton.svg?label=docker+pulls)](https://hub.docker.com/r/okvpn/packeton)
 [![Docker stars](https://img.shields.io/docker/stars/okvpn/packeton.svg?label=docker+stars)](https://hub.docker.com/r/okvpn/packeton)
-[![Docker version](https://images.microbadger.com/badges/version/okvpn/packeton.svg)](https://hub.docker.com/r/okvpn/packeton)
-[![Docker layers](https://images.microbadger.com/badges/image/okvpn/packeton.svg)](https://hub.docker.com/r/okvpn/packeton)
+[![License](http://poser.pugx.org/okvpn/packeton/license)](https://packagist.org/packages/okvpn/packeton)
 
 Fork of [Packagist](https://github.com/composer/packagist). 
 The Open Source alternative of [Private Packagist for vendors](https://packagist.com), that based on [Satis](https://github.com/composer/satis) and [Packagist](https://github.com/composer/packagist).
 
 Features
 --------
 
-- Compatible with composer.
-- Support update webhook for GitHub, Bitbucket and GitLab.
-- Support custom webhook format.
+- Compatible with composer v2.
+- Support update webhook for GitHub, Bitbucket and GitLab or custom format.
 - Customers user and groups.
 - Generic Packeton [webhooks](docs/webhook.md)
 - Limit access by vendor and versions.
@@ -24,7 +23,7 @@ Features
 
 What was changed in this fork?
 -----------------------------
-- Disable anonymously access, registrations, spam/antispam, added groups and permissions.
+- Disable anonymously access, registrations, spam/antispam, added ACL permissions.
 - Support MySQL and PostgresSQL.
 - Removed HWIOBundle, Algolia, GoogleAnalytics and other not used dependencies.
 

config/bundles.php

@@ -1,6 +1,6 @@
 <?php
 
-return [
+$bundles =  [
     Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
     Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
     Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
@@ -13,6 +13,15 @@
     Okvpn\Bundle\CronBundle\OkvpnCronBundle::class => ['all' => true],
     Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
     Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true],
-    Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
+    Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true,],
     BabDev\PagerfantaBundle\BabDevPagerfantaBundle::class => ['all' => true],
 ];
+
+if (!class_exists(Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class)) {
+    unset(
+        $bundles[Symfony\Bundle\MakerBundle\MakerBundle::class],
+        $bundles[Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class],
+    );
+}
+
+return $bundles;

docker-compose.yml

@@ -0,0 +1,24 @@
+version: '3.6'
+
+services:
+    packagist:
+        build:
+            context: .
+        image: okvpn/packeton:latest
+        container_name: packagist
+        hostname: packagist
+        environment:
+            PRIVATE_REPO_DOMAIN_LIST: bitbucket.org gitlab.com github.com
+            PACKAGIST_DIST_HOST: https://pkg.okvpn.org
+            DATABASE_HOST: postgres
+            DATABASE_PORT: 5432
+            DATABASE_DRIVER: pdo_pgsql
+            DATABASE_USER: postgres
+            DATABASE_NAME: packagist
+            DATABASE_PASSWORD: 123456
+            ADMIN_USER: admin
+            ADMIN_PASSWORD: composer
+            ADMIN_EMAIL: [email protected]
+            GITHUB_NO_API: 'true'
+        ports:
+            - '127.0.0.1:8088:80'

docker-entrypoint.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -x
+
+touch /var/www/.ssh/known_hosts
+chmod -R 600 /var/www/.ssh/*
+
+echo " >> Creating the correct known_hosts file"
+for _DOMAIN in $PRIVATE_REPO_DOMAIN_LIST ; do
+    IFS=':' read -a arr <<< "${_DOMAIN}"
+    if [[ "${#arr[@]}" == "2" ]]; then
+        port="${arr[1]}"
+        ssh-keyscan -t rsa,dsa -p "${port}" ${arr[0]} >> /var/www/.ssh/known_hosts
+    else
+        ssh-keyscan -t rsa,dsa $_DOMAIN >> /var/www/.ssh/known_hosts
+    fi
+done
+
+cp -r /var/www/.ssh/* /root/.ssh && chmod -R 600 /root/.ssh/*
+chown www-data:www-data -R /var/www/.ssh
+
+# Additional script handler
+if [ -f /var/tmp/data/handler.sh ]; then
+    bash /var/tmp/data/handler.sh
+fi
+
+echo 'Updating parameters.yml'
+
+rm -rf var/cache/*
+app cache:clear --env=prod
+app doctrine:schema:update --force -v
+
+if [[ -n ${ADMIN_USER} ]]; then
+  app packagist:user:manager "$ADMIN_USER" --email="$ADMIN_EMAIL" --password="$ADMIN_PASSWORD" --admin
+fi
+
+chown www-data:www-data -R var
+
+exec "$@"

docker/nginx/nginx.conf

@@ -0,0 +1,68 @@
+daemon off;
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+}
+
+http {
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+
+	default_type application/octet-stream;
+	include /etc/nginx/mime.types;
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	error_log /dev/stderr;
+    access_log off;
+
+	gzip on;
+	gzip_disable "msie6";
+	client_max_body_size 10M;
+    server {
+        listen 80 default_server;
+        root /var/www/packagist/public;
+
+        location / {
+            try_files $uri @rewriteapp;
+        }
+
+        location @rewriteapp {
+            rewrite ^(.*)$ /index.php/$1 last;
+        }
+
+        location ~* \.(?:css|js)$ {
+            access_log off;
+        }
+
+        fastcgi_buffers 128 128k;
+        fastcgi_buffer_size 256k;
+        location ~ ^/(index.php)\.php(/|$) {
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            include fastcgi_params;
+            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_index index.php;
+            send_timeout 600;
+            fastcgi_read_timeout 600;
+            fastcgi_pass unix:/var/run/php.sock;
+        }
+
+        location ~ \.php$ {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/var/run/php.sock;
+            fastcgi_index index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+        error_log /dev/stderr;
+        access_log off;
+    }
+}

docker/php/app

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+START=`date +%s`
+
+if [ -f bin/console ]; then
+    php bin/console "$@"
+else
+    echo "Not found symfony project"
+    exit 1
+fi
+
+END=`date +%s`
+SECONDS=$(($END-$START))
+
+echo "Execution time - $(($SECONDS/60)) minutes $(($SECONDS%60)) seconds"

docker/php/index.php

@@ -0,0 +1,14 @@
+<?php
+
+use Packeton\Kernel;
+
+require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
+
+// X_FORWARDED_PROTO is always trusted
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+    $_SERVER['HTTPS']='on';
+}
+
+return function (array $context) {
+    return new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
+};

docker/php/php.ini

@@ -0,0 +1,4 @@
+date.timezone="UTC"
+memory_limit=1024M
+max_execution_time=180
+short_open_tag=Off

docker/php/supervisord.conf

@@ -0,0 +1,14 @@
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisord.log
+pidfile=/run/supervisord.pid
+
+[include]
+files = /etc/supervisor.d/*.conf
+
+[unix_http_server]
+file=/var/run/supervisor.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket

docker/php/www.conf

@@ -0,0 +1,58 @@
+[global]
+; Log to stderr
+error_log = /dev/stderr
+
+[www]
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /var/run/php.sock
+user = www-data
+group = www-data
+listen.owner = www-data
+listen.group = www-data
+
+; Enable status page
+pm.status_path = /fpm-status
+
+; Ondemand process manager
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 6
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 1000
+
+; Make sure the FPM workers can reach the environment variables for configuration
+clear_env = no
+
+; Catch output from PHP
+catch_workers_output = yes
+
+; Enable ping page to use in healthcheck
+ping.path = /fpm-ping
+access.log = /dev/null