From 0ee099a365a0f38e6fa606fa01bf846b9aa67437 Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Fri, 12 Apr 2024 11:41:17 +0100 Subject: [PATCH 01/25] Remove MQ web server workaround --- scripts/docker/ibmmq/Dockerfile | 10 +--------- scripts/docker/ibmmq/run.sh | 12 ------------ scripts/docker/ibmmq/tini | Bin 24064 -> 0 bytes 3 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 scripts/docker/ibmmq/run.sh delete mode 100644 scripts/docker/ibmmq/tini diff --git a/scripts/docker/ibmmq/Dockerfile b/scripts/docker/ibmmq/Dockerfile index bb05321..49ac333 100644 --- a/scripts/docker/ibmmq/Dockerfile +++ b/scripts/docker/ibmmq/Dockerfile @@ -1,4 +1,4 @@ -FROM icr.io/ibm-messaging/mq:9.3.3.0-r2 +FROM icr.io/ibm-messaging/mq:9.3.5.0-r2 # Auto-accept the license # Create default users and channels @@ -7,13 +7,5 @@ ENV LICENSE=accept \ MQ_ENABLE_METRICS=false \ MQ_QMGR_NAME=LOCAL_QM -# Add a special run script that stops the web server manually when stop signal received -# Due to https://github.com/ibm-messaging/mq-container/issues/523 -COPY tini run.sh /tmp/ -USER 0 -RUN chmod +x /tmp/tini && chmod +x /tmp/run.sh -USER 1001 -ENTRYPOINT ["/tmp/tini", "-g", "--", "/tmp/run.sh"] - # For persistence VOLUME /mnt/mqm diff --git a/scripts/docker/ibmmq/run.sh b/scripts/docker/ibmmq/run.sh deleted file mode 100644 index 50445fb..0000000 --- a/scripts/docker/ibmmq/run.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -cleanup() { - /opt/mqm/bin/endmqweb - exit -} - -trap cleanup INT TERM - -rm -rf /var/mqm/web/installations/Installation1/servers/.pid -rm -rf /var/mqm/web/installations/Installation1/servers/mqweb/workarea -runmqdevserver diff --git a/scripts/docker/ibmmq/tini b/scripts/docker/ibmmq/tini deleted file mode 100644 index 03af82f09e6484df819313cf9fec158d6b4a879d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24064 zcmeHve|!|xx%VU_2mv+$L8H=o!q#N{<`HuEer$$? zd~V;*{k(s?pAVy(GtckmJm)#joS8Yy?VhHF+?*Uu9l6?-8bMtPT^uF;YTD#_4oY0L zHd}LPpU@U-Gl9v+&&4U!iZj(7m#S4eOY+S?n}=U@u0T}hy7-A|7Yj5jh(mcuE!mqo zT=G=3^;Zc{wVK8_g5=28qGk@F?cyh@{qz|UuN;(e8<=IQ5Nw zKG{ECt_u*sE^4%T{&%V+UOHO;VD{4a_B9+t>*6P>eNdn^)hfAbAV+@wy+@H`Y?Jn; zi^~z&Kh;W5yL2$ny=vv9gT3X0fnan~`KIbs<*QaYBO&K<-fz-Ryp7Er+>(kT14KSA z#E)`-=+#ejZ`!o*WzSbP?R~eg=<(m)z4kNf=YzHcKjNjB7EKhfbvbvZFZvBThpZ}9Xf4*w`=G*VTZTXY$FL-SH&yF8Ge%%YJzEvJOaLaXz_udlU`>$(X zpG>~~<=dWm{)^wdl_rbRx`R4lz=B>GRPU$D^T6~>mP?HY%_i@ys_LAhWW zd?|u|D*oPS_&dPQPNDzBY4|Cgr_ygtga6Vr`21=7TssZ_U#7udHx2&mY4jhMroZ*m z=%IW%Re#&2!Bak+ihs^D_(Rj+*);y&I}QIYros1M0y5CDk0=nQ@^kMr_-{;u|F3EA zw@rhen8u&KO~X&ufm8YUV;&!e#+JIkp=m3imyYFV7ibQxYmtk?6h}I?Nc^F5TpWH$ z;xFTR3bng05qM6-pV{D_ubrd0uIb{awN#LBERc357PvV4jMTFT(0uJ&?K>S^9530m z^SIqP+NL5G$E!b^q@E+^3p~w3I_{PDt|cx4wIt-}xDag-^e3c#fz`CNl7B+#*&qoY z06!lR+hxC$KNmOXXzi^IMAucrM9_#(tdlkt&g ztwrjYl>Eh#@I8qiJIlo}{|tFLZjpMj`}JLE_u<7Z&i6dz>G&yr6z5492f9YkQ7-u> zWPc^QHY)A5Uf|+<1=4N;EsgI=>A#B4e96zG9)nA1+H+FBS|8E1hK`5vBYz&w^5;Ln z&rT7a&rAO8S^SpN-zxiiEh)#bQTbEs;_wf_#}8bGd+4&eN{g7`NT5IHAJjs_W+2$B z^@YMWYd{T$Lp?+O2tV%&3=T#NQ|mX(;Xto;Ge8nFLxWn6e{e9=qYa09OyC0j#?Y|2 znRq)pjc_;^>IBtq20}p+h6&*NhQooN+1J@K0Oe+HC~9hb!%?$GGkYL7+#ep+cneFA zF@huHnm^o6%+N_zdJXQ6vB~He8P@tn!vWJEyuXK=8ubUbqrjMfA)}XIa=2#*s?9Kz zgu-xyqR<(EYO{059|&sQ{)iFu4;j3lY0ib^<6qJ4H)cn1@ zoyMkNqsJta8I8cn7M%75f}PQb(W|W6`-m=LkPKu(XJ>aLA{B>?h#9guM&5Vc8XD>j z81RzD6VdE3f)NbEuzxhDbzVKv*(O6#H|UQ6;e7^{x@}|Ff^B^&ehozj!G3_b8P>e2-zug zZl}_@fN5TdbE<9PFwY6hrWNZBI6=7Rxdi8GPm)tOj<K)vYXx;YY{Q?WkZ5<< z@MqiblQz7%wi0=-4S%kUf1eG1o(;d>hFAC6L_TE0f5OIZ+3=sV;g8tx%!WU1!(U*- z>#?_H>52U4RZP>jPMZ1FQDmtzrqrP{j-@vc zOsSvR$Kf`DDdkg>9KM=hO7+yk9IhppQarVt!)pkpX_cDb@N$AF)l*{}zL;Q2@zgMf zmk>;;o$BK7xdc;6r&>9@fM81Hl#9a!1XBv9Dma`=Fr{vaarlEP0aMDRia7i(!IY{g zjl*veOeH0Cn&9w{2&NQFjdA#U1XJpzhB^FAf+^)vT^zojU@QR9e-3|{U`oA|i^HEMm{KlP z!QsymOsSS)91hnot#1M_KlD4^+J?c?$D2wP>f^qW;yv{xJT7P#(kNRWAlAs3xd|Zj zJDw!&-IbHpZiE!*Gj+#=6 zw6CNB;P{r3N#Yv6t;D6r>r0q*CE~tyGWz{Q)z4~~w)L2K<4*2FA3TS#R_o^FB9`O?j%C`5SX_RQrozjszRSr z!M`AShknO9T*0o7XF!1-KcerluF`X!)}Q^@T$Ir^M`&c7%uPgJ0NHU z5#xdpW8`O&oVeZdI4}nz@0_7Yb5VC0BnHqF|?Ys7Fc9l9$d=GxH}L< zYc9x%YHKUbldel$Ncmmhei1cCCFTtv>4~b{K#Acx2O@mdY}nm5VIBT}>wggBEd3Xd z{(l7-`j?XaBBB5A1Biq5h>#mRSuO?rmMP@k#(8o;$fbG^srJfam1*lCpb?gB?@$lD z04me*r>$0wjqf%?RuyTF?@nm3mc{AYGua2_n_tQKdF4RJ}s0IJ*x*lgrs!^$cXn(aGw0B=thc4 zgOVrz`d7oh!aEy)w#tOMr!cdj&hBG3cVyo8K}phzQ}{SRK3*n#oB&A#VJ5Vsj$z7A zxI5fFZ~UWx;@J5tTBBF@A zRbrX^Z)O_cPlg45xq!a&3v&zwu|KR#8xV-VnWUj53AM^fK^@Ah=`EzKD?@wJuHG$Vd zDDxuzbg>xUUT>-a zI}TM-V!UHjLp$cr%lfX@^AcaNfQ>Ku8ETA}intPCp4lcJt{PMM1{=jmTGY_8W0sCp z8@~&*7E-XVNST$Sva4e$wRG%CEz0zoG~m%t76BiM_Ib$sYxus^gS?&Ie$Jb!c~uKc$lG`L0yT}e60dEC53n1NE7EqVeI{t+?f4-aZjO00k^dFYz?HIY zfD#1!OyO{y?VfCccV!+Gq~tQpEaB_+%iycQNmaiENyK0!X`xE0?jvRhwOGBjBQ}K5iSw1;WIJjEQGSB>$k3X{oZzddI!q-QkTNbNlf3qjucg z@1qc$1>apPCj-foyT82s^i(fr}@QKLrq0t)h+2OsD7NLqPbr)Kk&~(xf+R-rCem`plN3i@L&V~kU#&2ItV@KE z-(%iq%}+lxS#Q0?$JM}jax3&>RN>O2;8xXYjWGBvpoGD{LWEnAR&561-{YV{gL$&O zKMPN8AWAA3v?cCuIHk&!G4WMWa;iQ}SQ~`?g(vI(60}&0K}Pkx2j|K4qCcrikbP>s zV4WxA|2L{iRy?lZUd&5^Vhj2MP?EY6lUn3Ydy-w#rC|vjdvZ*VzhS+6SgtA(h<{>b zN$lhK=FPF1-(NzvV4r&kS6Kg{bu}EoL~gfkA<=3)kU%MYit=F$ z2!w9+$*w(0y}I1mi6*&eB_E~3oqXLDtJy3}y$%g@cl6d6-K%QWnWRkIA?KNI#E#D~ zU$f2^2KJ+rWc9s67`TxPlnMjzgzAw>gB2j5On)6Hkp}O+2?WfEq*HYyk^kn!RHzEK zgs5Qu8!;tn`h-P$v3i~RGOr1gB$Yu?tXg5)+QCUxl^Ii?gBDzU&nJx=gvR%rybty| z^(CS4B~X$@8IAieepa8*xDzDde3f**a+0D&^JIq5`}LFcu7)t~9IbB%j$6S&weK}3 zR>3(-=zW3Vs4OkJs4Dbc;PIN78wZHp*&*a5mJ>DE!=Oa0O{!gljX_m~wq-ecz%iEg6C<#UhFw^-=2U8k+D zK}fAL{)sE7IaVgd=sQR!HAZ2f`yfc7pOvKXr2c&PNACCCV8bBW{jTH+=G_X4&F?du z@O!4v-I>w-0%@`7&ODE_{!!>(DfHX(_gT@ybBThxNa$6r|CCdzw2b-@C_y4@eIMzS zz?0zkzSyDL3%7oeC(FP^SRIaBV^s=E&!9e_C-#Rg{m@tVXj92N4AA#MPVTeC>1tu@ zE5M65&4wN_Quyf8@h9BzypmlX2=$L-)X#>h)C@k6 zU7Gt^tYG44y4`FVU;5i63=fyb%c;c^v18u&3r)-ZK=;-9u8(F|7ySWU-TJo4Di5l7 zG{xU+iXW?ohV;Uh`Azrg!_ha9D)OP0`$l)?Zrl3t=x&;H&<75jYV;m@LxbDrZerNe z5n!cD1IsotwX1^l`2&MS?;5r=qHU=6)OIwUz?IpBVdtY=A$FK{UO?WC+Td+&XkjO) z0z>K2$g%>hE;KZRy$cN6J`F}2O+vxQnt}q2vGTz+tbHIf3KHKwz=+M*6fm6ynkP6C z2#110M$lv<{&0Y{QgAV!x7pj--cj4;akqNfG!Cx!wAHq>dwtgnaILqgsk61MrOwmd z-r3mJ($R|8H|l80%SR0CdBKj9rI7-yIbJkwDPP90t|Ff!Ud zXskgTeQoYK&k3DZyB~~R=8rJGfq_l!``B=;yRG@eXkpWb+-Q>t>qSc=7ftPVv7rMT zt@h~H2;gtv!^_MN!!8nR+F6jC(9)r`89hc|1df8UPH(E$TCrgx5bS4SAIciW z{b&x!UO+S7QDaBY-VW%&o|az8H5xDn7`6+MG~D%IOrdg(qz)h^G|bq90;Aq$A2ru> zczKJlBM>p=qvoz{NEEBM?^ZR-g3c|=>+ zB8;{BTDW#!yN|aWZH>fsU0rJjZyVZgpmsfGkq|^SH4x@nZ*!eaC+*j_^YVp$)9x4w zm>g!leTUKZsS}4ru-o{dg@%R=AngZ@a2EHJUe4FjF%93zQ#Kf4rn#AwhHj=jpgb{* z-euDK)JCg}J@7}OJp-)Q7{NT8POhD{_GAW_YmG#BaxgX8Vz8wlUVP+iV-?QIYG(y2 zXZ@JmeMZlURn;pbUkB|1qAA5TwBU7LOLO~1hG;jox!1Asa<;+U)(FgPIG4&$I_U7A z3Pnu=6Bxeqhy6n=8pIAPW)2wW4z^c~1ZbkOP+w+_)AlA24|vXt6I7uLDb2DPDW`4K z2=>4?AQ{YoK!gn#gTrjdh>-jC!Uev_8m0;WO@HoT4>+ev04og}w?qTjS;d-YH$1zt zhGApVG88_@4>JsTv%6^x^MwQb{pgf{+30`~WY~2^MX?vVugaL=?02#yLV_m65@-+y z^o*=wjYiN2V-pn{qGEuab%!FT!ch~O?ws&)7<<`RbeIxl1u7W&qZB}XbPa2z?Oo^r zcAW(&$At%!Qnag!!4-ymdNjEi-{IA(#Hk;c@a@=4CM!vVjL_)td2&%CGZOvbP;}TX zXE4uoUSDTjOTC98IpiOnLa@@laA=5Ckh0}fRm-TYAYq0S`k%#}yC?bB7#N++{MsXG2yOb4g;#5B>umQR7`nHq ze(Ji%kb%*le+1>8u8a(c&a-kDJLYf=8*(x?hGugp%A&lO+p~;bmT0yMg4%p{ic1y0 z)N%F``2DKRXRc|?Z<^siHzuSK=?IG5hbS3*&m{{4DG@SzGFAWTXm=m-D}wq1y*$C> zHb=@TaTS6KC+Ryir&6nVXrm|8VY$PvSfq@u?zk#tVoN<+huxpDbc<^e!*z2AV}lCH z3!B(I$!i-G(UbWFmni#EL;!T<%+%eJ<;a_8@aAA>G)R*tf>j9)c^wt|D>HLMmDrl4 z0b;^2l}Ff=N>flVeR3H+(2qd{b7t@npqU7R5?M-$T z+`u>Zssu!>AH~jZuC?2Mbh$`3h@$|L%`z4VF`2b=Dd1O&5Sbdq{e!c>7h-*ZO}x0` zf{mIrREFAQa71}Tt-moPD4pptfqm5{-2t!@SN~*Nb%Z-{%D$8_XhkS896T1zQ^bx? zkCwSO1y54=(Tv+{I%qcz9UT&$AwX@Tg!3faD`9%zOvj*v=|MCdriAG!H65RpFg=^5 zG)8>iv_6VUFzaz=Sw)}ycw6%voY@Pi|O4(v>*V5@j1fxBU_F=RYNPwc>;dUMEk>7(4Z7Xiy_o96m4*-s! zoy3!YVkE{Go|sLbox~&2y#(XUhYR+Ppxq`DMa3`Y);29?Q&G-&bI+JHk#j~7;i+%O z_overqgBVL`8BNs48%X{1>v*iC~9yNUtKt7bk>-5)w!2nyrN_Y=^(y({I(+o41Lnv zj-ps@ZexLCmOdwUBbqv%Qlx7Tzxxm){%>sr-@Tj<_$K`B!ms${bejL0l3GX6cy6tu z_^uiC4t8gr+ff?JzuHle8!m8^x*g2zCKKR+J6Nu(z)=hg z^fb(=cN8~dRFb|=L2eV|t|dA2BDc*ki*%U4PXf>X4UxxD^o3lHqj-Eqt%Kc_SMMmj zGr!(Z5u2HNjp!+2AbMIqC-)wpU^atloYR_xsh1O&?7vL?L2hjj_KR}YJ7&>%y$Adl z@ciF+HPU!_#c+KV4Ue82f8^ed*VAeKZcO`ixy%1;7<~N# zjobJP5A_G*Ci~Oq7|WfZ=M*?98u$oiI?*sEw+C2oVq7y=&m0OsHgBz}Pc$w+gIx=A zg#TMRo=n5Bv@I?Fp&g!UhKFGZXxg&Vm$p1|l{Jo3v;!eu5SY88C z?9l=TtK;K}{A!$&yE_X;!cEcF3Xdqin=mK$KA%oMgZOHVj*0vrBIOoznj?dtS7YuP zIM-nJixj6XP@Kl|Y8|C_ew0U9ImjV+RdYayvRg_|9j;hLr)j7;^r={iSFa+Q1riioDLCuU#^Rq%s1aAXA4+8 zf1Q{iVD&t8pS(F&&nwh3CG|X$bkTuZd2zIM@mAf_)At?dpyxPrsOP%sdFSLj*9mxC z!piSWoQm%T$yV9NhEm?2V#%MDu!<)hC35=2T%liz|37ckckHqaJz6CEcv`kE%JvP} z9+U0N`GW5(*-H)MNEwlfz<`?9@I zwyR{@Alvn_?UU_@Y_t2F4Xg1{c!JmFDG1;5!>f&TULW53i#<=J0G1UL)P;sO<7NMV z$x3^cvE>z&Rm?XK!Y&fl5)R$k6Jl4G9CU>^=f$;)x@>j@_P@jp{ z{bExC_5y`^0(eQ?%X&jSQQD5hzvzQ^IoOZIO6f(-l6EPvWEnSt_qc-v0eT^g?MF%( zy}-n_1H7)mM|cAKQ$1yPCEPO@#RqAyuRxLq14996fy8-4A_edquZqgJpJmv}&>QI6 zjMm`Y8jf}k1|kDx*bzah=^ZrQMG=w*xQt$UUCQ4p4GtEdr`R_^QL%f+c_==J4eZMh z@eK>3i24b&*v} zzdJO7T@aZ8$D2CZcSGAv#5??{QI({~0NzJ4ymu1;gWW)|fKaMCcxx8z#*6Bp8SoFX z;ZT^{%kHMLpunelSbIx@4?EC2%-c>oZPt71J@ssfyB+Y7GIp)kr?+(Y7&zM8&A#hd zO9OK^U(eQho9oN452LjWyXsg=TY-07Ym?Ul9JWL?b<}&C8(A&nnp=?DUL-Y?`dSzn zl&ZWQ$ThHap0+w2n%%YDCT!U&D`@cgnn`CvOB-{uR(G4vTi4O#Zey(-ZLKZs9+-BBe_UB`IOH;iE$XX9P zbJsR`gei2YuF36PSH|ky>)egxT^nnGmbL<76W+0Fbq}G)o*Vzy(H14@25lw7zCT|X zdfDd7h+gY$_mnYro41_;($LnjuB?E<2?=P2638`sgcb@l4^U=Az(N7*K&O>2tlr~p zf-VeC^9jS}ENHB&Tf<5_x}!le%Bq|zofYM)q8zIHOyw$P#Y*SuWdctHWmUzhiq)Ft zj0|9!nEr0fiLE^bzI5e8mKjcTxZL#jOQ=5>b#_OwGow7vt2qh6ro92p*}FLy**qj# zGb|`_ztjmpCum_~&`$#LYH!^^$bMwYuLKeQ+&84`-&LW>&e zyOLMyng-yARmrRM*`!mpIW?*S8q~z85XF@J8w@5kl{$25@mfo?^+DgG{ zeN`+Mq!m&=+kc7HZo&!0RLQILoG#@zNk(NqyZ@$?ua$gieK;xQ)q0ZTDQ4O7^yvYL zi41dQJ-w+2NE~XNEFj^lI;VCses=loa$UAv${)%KxI|~ZYew<4%a1K^0fYCH3wV?9 zS3pz#D|j3yc6s$Z%n2!XTzmg@d?jP>HL~y8ewBpas|F21THGb+lm)oWM z2_ItvFH?$S`wg_@e@1?di&ND1mmlQN)SqnoKLE)tuV3!s%=+a*=5LuB4FRk17ZAQn zgcI7!q1e>@lKLKVHh(t!6l4o+^6Gx7m?jpEZ2oNcS@4km%07MGh7R_3%D)I+%3UR| z?kCjuviFg494fz+eU%5>K(pId-_bkX!o{ZbU+H-@OI~a35`wLw;mYMHHA+sk7I1d^ z+BIFohVPk*CXqGZOrSG=-@zH_QvFxo`%82PmNC&}{<6%OI5~=j>{n#rl|0pV`ys=b W>DCFp+ZcCB`+u|H=v2uo^#1{xm}Ef! From 5e2fb163a1d159b336cf7dff03b1d078a12da8b3 Mon Sep 17 00:00:00 2001 From: james-c-HMLR-dev <167765186+james-c-HMLR-dev@users.noreply.github.com> Date: Mon, 22 Apr 2024 12:02:56 +0100 Subject: [PATCH 02/25] Update Elastic serach to 5.6.16 --- scripts/docker/elasticsearch5/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/docker/elasticsearch5/Dockerfile b/scripts/docker/elasticsearch5/Dockerfile index 1653166..fa88022 100644 --- a/scripts/docker/elasticsearch5/Dockerfile +++ b/scripts/docker/elasticsearch5/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/elasticsearch:5.2.1 +FROM docker.io/elasticsearch:5.6.16 ENV ES_JAVA_OPTS -Xms1024m -Xmx1024m @@ -7,4 +7,4 @@ RUN echo "bootstrap.memory_lock: true" >> /usr/share/elasticsearch/config/elasti echo "indices.fielddata.cache.size: 50%" >> /usr/share/elasticsearch/config/elasticsearch.yml && \ echo "indices.memory.index_buffer_size: 50%" >> /usr/share/elasticsearch/config/elasticsearch.yml && \ sed -i -e 's/.*Xms2g.*//' /etc/elasticsearch/jvm.options && \ - sed -i -e 's/.*Xmx2g.*//' /etc/elasticsearch/jvm.options \ No newline at end of file + sed -i -e 's/.*Xmx2g.*//' /etc/elasticsearch/jvm.options From cd8591769375848dfb01ec7de8677c1246d242dd Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Wed, 8 May 2024 15:37:00 +0100 Subject: [PATCH 03/25] Use fixed UID/GID for Git Bash --- scripts/docker_prepare.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/docker_prepare.sh b/scripts/docker_prepare.sh index 0ad5ee5..38f2c31 100755 --- a/scripts/docker_prepare.sh +++ b/scripts/docker_prepare.sh @@ -13,8 +13,15 @@ export COMPOSE_PROJECT_NAME=dv # Set environment variables for compose files to send to Dockerfiles as arguments, # should the Dockerfile wish to create a matching user to run the container as -export OUTSIDE_UID=$(id -u) -export OUTSIDE_GID=$(id -g) +# However Git Bash does not care about file system permissions, and uses weirdly high UIDs, so +# just use 1000 in that case +if [[ "$OSTYPE" == "msys"* || "$OSTYPE" == "win"* || "$OSTYPE" == "cygwin"* ]] ; then + export OUTSIDE_UID=1000 + export OUTSIDE_GID=1000 +else + export OUTSIDE_UID=$(id -u) + export OUTSIDE_GID=$(id -g) +fi # Load all the docker compose file references that were saved earlier dockerfilelist=$(<./.docker-compose-file-list) From e747e5a7af3e9be491e31a124c7cd04e459ff6e5 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Wed, 12 Jun 2024 10:48:54 +0100 Subject: [PATCH 04/25] update image and conf --- scripts/docker/nginx/Dockerfile | 9 ++++----- scripts/docker/nginx/{server.conf => nginx.conf} | 13 ++++++------- 2 files changed, 10 insertions(+), 12 deletions(-) rename scripts/docker/nginx/{server.conf => nginx.conf} (78%) diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile index 824780c..62c8b8f 100644 --- a/scripts/docker/nginx/Dockerfile +++ b/scripts/docker/nginx/Dockerfile @@ -1,13 +1,12 @@ -FROM docker.io/nginx:1.22 +FROM nginx:1.26 -RUN apt-get update && apt-get install openssl && \ - rm /etc/nginx/conf.d/default.conf && \ +RUN rm /etc/nginx/conf.d/default.conf && \ mkdir /etc/nginx/ssl && \ mkdir /etc/nginx/configs && \ - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/ssl.key -out /etc/nginx/ssl/ssl.crt -subj "/C=GB/ST=devon/L=plymouth/O=land_registry/OU=seaton_court/CN=testsslkey/emailAddress=testsslkey@landregistry.gov.uk" + openssl req -x509 -noenc -newkey rsa:4096 -keyout /etc/nginx/ssl/key.pem -out /etc/nginx/ssl/req.pem -days 365 -subj "/C=GB/ST=Devon/L=Plymouth/O=HM Land Registry/OU=DDaT/CN=localhost" # The base server config, which sets up the SSL etc. -COPY server.conf /etc/nginx/conf.d/server.conf +COPY nginx.conf /etc/nginx/conf.d # To ensure our changes and config fragments we copy in are actually persisted in between container recreates. # This has to go at the end as the data is frozen once the volume is declared diff --git a/scripts/docker/nginx/server.conf b/scripts/docker/nginx/nginx.conf similarity index 78% rename from scripts/docker/nginx/server.conf rename to scripts/docker/nginx/nginx.conf index 87329ea..c30b540 100644 --- a/scripts/docker/nginx/server.conf +++ b/scripts/docker/nginx/nginx.conf @@ -1,21 +1,20 @@ server { - listen *:80; - server_name _; + # listen on port 80 (http) + listen 80; + server_name _; if ($ssl_protocol = "") { return 301 https://$host$request_uri; } - index index.html index.htm index.php; - } server { - listen *:443 ssl; + listen 443 ssl; server_name _; # We generated these during docker image creation (see dockerfile) - ssl_certificate /etc/nginx/ssl/ssl.crt; - ssl_certificate_key /etc/nginx/ssl/ssl.key; + ssl_certificate /etc/nginx/ssl/req.pem; + ssl_certificate_key /etc/nginx/ssl/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; From 9fcdd9eb1faf3dd28dbf4c9dd2fb75c9d85a9fdc Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Wed, 12 Jun 2024 11:03:39 +0100 Subject: [PATCH 05/25] update compose fragment default name --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3ad3e4f..745e886 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ Working on your first Pull Request? You can learn how from this *free* series, [ Please use the `develop` branch as starting point for your own branch, and the target for any pull requests. -If you're adding a commodity, at the very minimum it will need a `docker-compose-fragment.yml` and a README entry. If there is support for extra functionality such as provisioning snippets, then a working example should be placed in the snippets directory and linked to from the README. +If you're adding a commodity, at the very minimum it will need a `compose-fragment.yml` and a README entry. If there is support for extra functionality such as provisioning snippets, then a working example should be placed in the snippets directory and linked to from the README. ## Code of Conduct From f43e6e8a028ee8f129ce3cc1e0eeb5706a577be4 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Wed, 12 Jun 2024 11:09:24 +0100 Subject: [PATCH 06/25] markdown linting --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c5573ca..2aa3287 100644 --- a/README.md +++ b/README.md @@ -322,8 +322,9 @@ From the host system: [Cadence Web](https://github.com/uber/cadence-web) is a web-based user interface which is used to view workflows from Cadence, see what's running, and explore and debug workflow executions. This also comes with a RESTful API that allows us query cadence core services. -*Running Cadence web locally* -- In a web browser enter +_Running Cadence web locally_ + +* In a web browser enter ###### Localstack From ff18392a4e4e780095faf5516b128c3729e8beaa Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Wed, 12 Jun 2024 15:27:34 +0100 Subject: [PATCH 07/25] update docs --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2aa3287..89769ab 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ The list of allowable commodity values is: 1. postgres-13 2. db2_community 4. elasticsearch5 -5. nginx +5. NGINX 6. rabbitmq 7. redis 8. swagger @@ -192,15 +192,15 @@ The ports 9300 and 9302 are exposed on the host. [Example](snippets/elasticsearch5-fragment.sh) -##### Nginx +##### NGINX **`/fragments/nginx-fragment.conf`** This file forms part of an NGINX configration file. It will be merged into the server directive of the main configuration file. -Important - if your app is adding itself as a proxied location{} behind NGINX, NGINX must start AFTER your app, otherwise it will error with a host not found. So your app's docker-compose-fragment.yml must actually specify NGINX as a service and set the depends_on variable with your app's name. +Important - if your app is adding itself as a proxied location{} behind NGINX, NGINX must start AFTER your app, otherwise it will error with a host not found. So your app's compose-fragment.yml must actually specify NGINX as a service and set the depends_on variable with your app's name. -Compose will automatically merge this with the dev-env's own NGINX fragment. See the end of the [example Compose fragment](snippets/docker-compose-fragment.yml) for the exact code. +Compose will automatically merge this with the dev-env's own NGINX fragment. See the end of the [example Compose fragment](snippets/compose-fragment.yml) for the exact code. [Example](snippets/nginx-fragment.conf) From 73ce5df04b7a65605e968050e5a36df47ac605d7 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Wed, 12 Jun 2024 15:28:23 +0100 Subject: [PATCH 08/25] use mozilla guideline ssl config --- scripts/docker/nginx/Dockerfile | 3 ++- scripts/docker/nginx/nginx.conf | 36 ++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile index 62c8b8f..a3ae65f 100644 --- a/scripts/docker/nginx/Dockerfile +++ b/scripts/docker/nginx/Dockerfile @@ -3,7 +3,8 @@ FROM nginx:1.26 RUN rm /etc/nginx/conf.d/default.conf && \ mkdir /etc/nginx/ssl && \ mkdir /etc/nginx/configs && \ - openssl req -x509 -noenc -newkey rsa:4096 -keyout /etc/nginx/ssl/key.pem -out /etc/nginx/ssl/req.pem -days 365 -subj "/C=GB/ST=Devon/L=Plymouth/O=HM Land Registry/OU=DDaT/CN=localhost" + openssl req -x509 -noenc -newkey rsa:2048 -keyout /etc/nginx/ssl/key.pem -out /etc/nginx/ssl/req.pem -days 90 -subj "/C=GB/ST=Devon/L=Plymouth/O=HM Land Registry/OU=DDaT/CN=localhost" && \ + openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 # The base server config, which sets up the SSL etc. COPY nginx.conf /etc/nginx/conf.d diff --git a/scripts/docker/nginx/nginx.conf b/scripts/docker/nginx/nginx.conf index c30b540..fad7b89 100644 --- a/scripts/docker/nginx/nginx.conf +++ b/scripts/docker/nginx/nginx.conf @@ -1,30 +1,34 @@ +# generated 2024-06-12, Mozilla Guideline v5.7, nginx 1.26, OpenSSL 3.0.11, intermediate configuration, no OCSP +# https://ssl-config.mozilla.org/#server=nginx&version=1.26&config=intermediate&openssl=3.0.11&ocsp=false&guideline=5.7 server { - # listen on port 80 (http) - listen 80; - server_name _; + listen 80 default_server; + listen [::]:80 default_server; - if ($ssl_protocol = "") { - return 301 https://$host$request_uri; + location / { + return 301 https://$host$request_uri; } } server { - listen 443 ssl; - server_name _; + listen 443 ssl; + listen [::]:443 ssl; + http2 on; - # We generated these during docker image creation (see dockerfile) - ssl_certificate /etc/nginx/ssl/req.pem; - ssl_certificate_key /etc/nginx/ssl/key.pem; + ssl_certificate /etc/nginx/ssl/req.pem; + ssl_certificate_key /etc/nginx/ssl/key.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; + ssl_prefer_server_ciphers off; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # As part of the provisioning process, files containing apps /location directives will be placed in here include /etc/nginx/configs/*.conf; - } From 88e8b2709a06591934ad2c1209fa0418e587372e Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Wed, 12 Jun 2024 15:48:06 +0100 Subject: [PATCH 09/25] update snippet example --- snippets/nginx-fragment.conf | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/snippets/nginx-fragment.conf b/snippets/nginx-fragment.conf index a58327e..34a3ae6 100644 --- a/snippets/nginx-fragment.conf +++ b/snippets/nginx-fragment.conf @@ -1,12 +1,12 @@ -location /backend-api { - - # As this is a container to container connection, we use the comoose service name and internally exposed port - proxy_pass http://backend-api:8080/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_redirect off; - proxy_set_header X-Forwarded-Host $host/flask-skeleton-api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } \ No newline at end of file +location / { + # As this is a container to container connection, we use the service name and internally exposed port + proxy_pass http://backend-api:8080/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host/backend-api; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header X-Real-IP $remote_addr; +} \ No newline at end of file From dc8bd11511cf08f2bdfeb726b028e8f883c7e202 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Thu, 13 Jun 2024 08:32:04 +0100 Subject: [PATCH 10/25] lowercase --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 89769ab..0c95074 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ The list of allowable commodity values is: 1. postgres-13 2. db2_community 4. elasticsearch5 -5. NGINX +5. nginx 6. rabbitmq 7. redis 8. swagger @@ -192,7 +192,7 @@ The ports 9300 and 9302 are exposed on the host. [Example](snippets/elasticsearch5-fragment.sh) -##### NGINX +##### nginx **`/fragments/nginx-fragment.conf`** From 6531c3ddd2564314e83c2c3aaa594f2c700c2724 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Thu, 13 Jun 2024 08:33:01 +0100 Subject: [PATCH 11/25] include registry url --- scripts/docker/nginx/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile index a3ae65f..8bfafda 100644 --- a/scripts/docker/nginx/Dockerfile +++ b/scripts/docker/nginx/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.26 +FROM docker.io/nginx:1.26 RUN rm /etc/nginx/conf.d/default.conf && \ mkdir /etc/nginx/ssl && \ From f9f1019c84870383f4f1e16d7a95b96ed40c134b Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Thu, 13 Jun 2024 08:35:51 +0100 Subject: [PATCH 12/25] formatting --- snippets/nginx-fragment.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/snippets/nginx-fragment.conf b/snippets/nginx-fragment.conf index 34a3ae6..5f6534e 100644 --- a/snippets/nginx-fragment.conf +++ b/snippets/nginx-fragment.conf @@ -4,9 +4,9 @@ location / { proxy_read_timeout 90; proxy_connect_timeout 90; proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host/backend-api; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host/backend-api; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header X-Real-IP $remote_addr; } \ No newline at end of file From 047a661fa037447e9be005bbe39aa724a909ce8e Mon Sep 17 00:00:00 2001 From: Ian Harvey Date: Thu, 13 Jun 2024 11:36:58 +0100 Subject: [PATCH 13/25] Updates to Wiremock - only rename file that exists, and update Wiremock itself --- scripts/docker/wiremock/Dockerfile | 8 ++++---- scripts/provision_wiremock.rb | 12 +++++++----- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/scripts/docker/wiremock/Dockerfile b/scripts/docker/wiremock/Dockerfile index 392bd5b..0010cdb 100644 --- a/scripts/docker/wiremock/Dockerfile +++ b/scripts/docker/wiremock/Dockerfile @@ -1,9 +1,9 @@ -FROM docker.io/openjdk:11-jre-slim +FROM docker.io/eclipse-temurin:21-jre-ubi9-minimal -ARG WM_VERSION=2.32.0 +ARG WM_VERSION=3.6.0 -RUN apt-get update && apt-get -y install curl && mkdir -p /wiremock/mappings && cd /wiremock && \ - curl -sSL -o wiremock.jar https://repo1.maven.org/maven2/com/github/tomakehurst/wiremock-jre8-standalone/$WM_VERSION/wiremock-jre8-standalone-$WM_VERSION.jar +RUN mkdir -p /wiremock/mappings && cd /wiremock && \ + curl -sSL -o wiremock.jar https://repo1.maven.org/maven2/org/wiremock/wiremock-standalone/$WM_VERSION/wiremock-standalone-$WM_VERSION.jar WORKDIR /wiremock diff --git a/scripts/provision_wiremock.rb b/scripts/provision_wiremock.rb index 33dd041..8528d52 100644 --- a/scripts/provision_wiremock.rb +++ b/scripts/provision_wiremock.rb @@ -57,11 +57,13 @@ def build_wiremock(root_loc, appname, already_started, new_container) ' | docker cp - wiremock:/wiremock/mappings/') end - # Rename the file so it is unique and wont get overwritten by any others we copy up - # Also, GitBash needs the inner quotes to be doubles - run_command('docker exec wiremock bash -c "' \ - "mv /wiremock/mappings/wiremock-fragment.json /wiremock/mappings/#{appname}-wiremock-fragment.json" \ - '"') + if wiremock_file + # Rename the file so it is unique and wont get overwritten by any others we copy up + # Also, GitBash needs the inner quotes to be doubles + run_command('docker exec wiremock bash -c "' \ + "mv /wiremock/mappings/wiremock-fragment.json /wiremock/mappings/#{appname}-wiremock-fragment.json" \ + '"') + end # Update the .commodities.yml to indicate that Wiremock has now been provisioned set_commodity_provision_status(root_loc, appname, 'wiremock', true) From 29f98d127478b828251a62a1d792406c9de56042 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Thu, 13 Jun 2024 15:24:14 +0100 Subject: [PATCH 14/25] headers are overriden in fragments --- scripts/docker/nginx/nginx.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/docker/nginx/nginx.conf b/scripts/docker/nginx/nginx.conf index fad7b89..cabca99 100644 --- a/scripts/docker/nginx/nginx.conf +++ b/scripts/docker/nginx/nginx.conf @@ -26,9 +26,6 @@ server { ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; - # HSTS (ngx_http_headers_module is required) (63072000 seconds) - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; - # As part of the provisioning process, files containing apps /location directives will be placed in here include /etc/nginx/configs/*.conf; } From 0081622efae9ad4da1b87c81f9961890bddd18d0 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Mon, 17 Jun 2024 23:24:46 +0100 Subject: [PATCH 15/25] mozilla guideline modern config --- scripts/docker/nginx/Dockerfile | 3 +-- scripts/docker/nginx/nginx.conf | 10 ++++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/scripts/docker/nginx/Dockerfile b/scripts/docker/nginx/Dockerfile index 8bfafda..81da9ce 100644 --- a/scripts/docker/nginx/Dockerfile +++ b/scripts/docker/nginx/Dockerfile @@ -3,8 +3,7 @@ FROM docker.io/nginx:1.26 RUN rm /etc/nginx/conf.d/default.conf && \ mkdir /etc/nginx/ssl && \ mkdir /etc/nginx/configs && \ - openssl req -x509 -noenc -newkey rsa:2048 -keyout /etc/nginx/ssl/key.pem -out /etc/nginx/ssl/req.pem -days 90 -subj "/C=GB/ST=Devon/L=Plymouth/O=HM Land Registry/OU=DDaT/CN=localhost" && \ - openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 + openssl req -x509 -noenc -newkey rsa:2048 -keyout /etc/nginx/ssl/key.pem -out /etc/nginx/ssl/req.pem -days 90 -subj "/C=GB/ST=Devon/L=Plymouth/O=HM Land Registry/OU=DDaT/CN=localhost" # The base server config, which sets up the SSL etc. COPY nginx.conf /etc/nginx/conf.d diff --git a/scripts/docker/nginx/nginx.conf b/scripts/docker/nginx/nginx.conf index cabca99..39b565c 100644 --- a/scripts/docker/nginx/nginx.conf +++ b/scripts/docker/nginx/nginx.conf @@ -1,5 +1,5 @@ -# generated 2024-06-12, Mozilla Guideline v5.7, nginx 1.26, OpenSSL 3.0.11, intermediate configuration, no OCSP -# https://ssl-config.mozilla.org/#server=nginx&version=1.26&config=intermediate&openssl=3.0.11&ocsp=false&guideline=5.7 +# generated 2024-06-17, Mozilla Guideline v5.7, nginx 1.26.1, OpenSSL 3.0.11, modern configuration, no OCSP +# https://ssl-config.mozilla.org/#server=nginx&version=1.26.1&config=modern&openssl=3.0.11&ocsp=false&guideline=5.7 server { listen 80 default_server; listen [::]:80 default_server; @@ -19,11 +19,9 @@ server { ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; - ssl_dhparam /etc/nginx/ssl/dhparam.pem; - # intermediate configuration - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; + # modern configuration + ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; # As part of the provisioning process, files containing apps /location directives will be placed in here From 3eacfd9cb3427a762fd0c18e26562adb5a64d294 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Mon, 17 Jun 2024 23:32:25 +0100 Subject: [PATCH 16/25] add HSTS to snippet --- snippets/nginx-fragment.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/snippets/nginx-fragment.conf b/snippets/nginx-fragment.conf index 5f6534e..72e67ac 100644 --- a/snippets/nginx-fragment.conf +++ b/snippets/nginx-fragment.conf @@ -1,3 +1,5 @@ +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + location / { # As this is a container to container connection, we use the service name and internally exposed port proxy_pass http://backend-api:8080/; From 8eb045065ef96610a6a98f8676115b680af31281 Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Thu, 20 Jun 2024 09:17:06 +0100 Subject: [PATCH 17/25] ui and api specific fragments --- snippets/nginx-api-fragment.conf | 22 +++++++++++++++++++ snippets/nginx-fragment.conf | 14 ------------ snippets/nginx-ui-fragment.conf | 37 ++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 14 deletions(-) create mode 100644 snippets/nginx-api-fragment.conf delete mode 100644 snippets/nginx-fragment.conf create mode 100644 snippets/nginx-ui-fragment.conf diff --git a/snippets/nginx-api-fragment.conf b/snippets/nginx-api-fragment.conf new file mode 100644 index 0000000..cb6191f --- /dev/null +++ b/snippets/nginx-api-fragment.conf @@ -0,0 +1,22 @@ +# add security headers +add_header Content-Security-Policy "default-src 'none';" always; +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + +# enable gzip compression +gzip on; +gzip_comp_level 6; +gzip_proxied any; +gzip_types application/json application/xml text/csv text/xml; + +location / { + # As this is a container to container connection, we use the service name and internally exposed port + proxy_pass http://flask-skeleton-api:8080/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host/flask-skeleton-ui; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header X-Real-IP $remote_addr; +} \ No newline at end of file diff --git a/snippets/nginx-fragment.conf b/snippets/nginx-fragment.conf deleted file mode 100644 index 72e67ac..0000000 --- a/snippets/nginx-fragment.conf +++ /dev/null @@ -1,14 +0,0 @@ -add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; - -location / { - # As this is a container to container connection, we use the service name and internally exposed port - proxy_pass http://backend-api:8080/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host/backend-api; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header X-Real-IP $remote_addr; -} \ No newline at end of file diff --git a/snippets/nginx-ui-fragment.conf b/snippets/nginx-ui-fragment.conf new file mode 100644 index 0000000..6579759 --- /dev/null +++ b/snippets/nginx-ui-fragment.conf @@ -0,0 +1,37 @@ +# add security headers +add_header Content-Security-Policy "script-src 'self' 'sha256-GUQ5ad8JK5KmEWmROf3LZd9ge94daqNvd8xy9YS1iDw='; object-src 'none'; base-uri 'none';" always; +add_header Cross-Origin-Embedder-Policy "require-corp" always; +add_header Cross-Origin-Opener-Policy "same-origin" always; +add_header Cross-Origin-Resource-Policy "same-origin" always; +add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), unload=(), window-placement=(), vertical-scroll=()" always; +add_header Referrer-Policy "strict-origin-when-cross-origin" always; +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-Frame-Options "DENY" always; +add_header X-Xss-Protection "1; mode=block" always; + +# enable gzip compression +gzip on; +gzip_comp_level 6; +gzip_proxied any; +gzip_types application/javascript application/json application/xml font/otf font/ttf font/woff font/woff2 image/gif image/jpeg image/png image/svg+xml image/webp text/css text/csv text/javascript text/xml; + +location / { + # As this is a container to container connection, we use the service name and internally exposed port + proxy_pass http://flask-skeleton-ui:8080/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host/flask-skeleton-ui; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header X-Real-IP $remote_addr; +} + +location /assets/ { + # serve static files directly, without forwarding to the application + alias /src/server/assets/dist/; + # set far future expires header + expires 10y; +} \ No newline at end of file From 95a4dfac296a38af0abd20fae18d83646d906ecc Mon Sep 17 00:00:00 2001 From: Matt Shaw Date: Thu, 20 Jun 2024 11:41:20 +0100 Subject: [PATCH 18/25] optimise static file performance --- snippets/nginx-ui-fragment.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/snippets/nginx-ui-fragment.conf b/snippets/nginx-ui-fragment.conf index 6579759..c5b58d8 100644 --- a/snippets/nginx-ui-fragment.conf +++ b/snippets/nginx-ui-fragment.conf @@ -32,6 +32,10 @@ location / { location /assets/ { # serve static files directly, without forwarding to the application alias /src/server/assets/dist/; + + sendfile on; + tcp_nopush on; + # set far future expires header expires 10y; } \ No newline at end of file From 2b9b526dc3bd416c66bcee09406fc8c2da95548e Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Mon, 19 Aug 2024 11:36:46 +0100 Subject: [PATCH 19/25] Bump MQ version --- scripts/docker/ibmmq/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/ibmmq/Dockerfile b/scripts/docker/ibmmq/Dockerfile index 49ac333..3f92f68 100644 --- a/scripts/docker/ibmmq/Dockerfile +++ b/scripts/docker/ibmmq/Dockerfile @@ -1,4 +1,4 @@ -FROM icr.io/ibm-messaging/mq:9.3.5.0-r2 +FROM icr.io/ibm-messaging/mq:9.3.5.1-r2 # Auto-accept the license # Create default users and channels From 529d14c3cbab4d9f9f22348aed02199bdf1a2a4f Mon Sep 17 00:00:00 2001 From: james-r-hmlr Date: Mon, 23 Sep 2024 12:24:00 +0000 Subject: [PATCH 20/25] Added elasticsearch7 commodity --- README.md | 38 +++++++++---- scripts/commodities.rb | 3 + scripts/docker/elasticsearch7/Dockerfile | 9 +++ .../elasticsearch7/compose-fragment.yml | 18 ++++++ .../docker-compose-fragment.3.7.yml | 18 ++++++ .../docker-compose-fragment.yml | 19 +++++++ scripts/provision_elasticsearch7.rb | 56 +++++++++++++++++++ 7 files changed, 149 insertions(+), 12 deletions(-) create mode 100644 scripts/docker/elasticsearch7/Dockerfile create mode 100644 scripts/docker/elasticsearch7/compose-fragment.yml create mode 100644 scripts/docker/elasticsearch7/docker-compose-fragment.3.7.yml create mode 100644 scripts/docker/elasticsearch7/docker-compose-fragment.yml create mode 100644 scripts/provision_elasticsearch7.rb diff --git a/README.md b/README.md index c5573ca..a4896e4 100644 --- a/README.md +++ b/README.md @@ -127,18 +127,19 @@ The list of allowable commodity values is: 1. postgres-13 2. db2_community 4. elasticsearch5 -5. nginx -6. rabbitmq -7. redis -8. swagger -9. wiremock -10. squid -11. auth -12. cadence -13. cadence-web -14. activemq -15. ibmmq -16. localstack +5. elasticsearch7 +6. nginx +7. rabbitmq +8. redis +9. swagger +10. wiremock +11. squid +12. auth +13. cadence +14. cadence-web +15. activemq +16. ibmmq +17. localstack The file may optionally also indicate that one or more services are resource intensive ("expensive") when starting up. The dev env will start those containers seperately - 3 at a time - and wait until each are declared healthy (or crash and get restarted 10 times) before starting any more. @@ -192,6 +193,19 @@ The ports 9300 and 9302 are exposed on the host. [Example](snippets/elasticsearch5-fragment.sh) +##### ElasticSearch 7 + +The ports 9207 and 9307 are exposed on the host. + +If the ElasticSearch 7 container is returning the follow error log message: +``` +max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] +``` +Run the following command in a terminal to set the system's max map count. +``` +sysctl -w vm.max_map_count=262144 +``` + ##### Nginx **`/fragments/nginx-fragment.conf`** diff --git a/scripts/commodities.rb b/scripts/commodities.rb index e986d91..7256e49 100644 --- a/scripts/commodities.rb +++ b/scripts/commodities.rb @@ -6,6 +6,7 @@ require_relative 'provision_db2_community' require_relative 'provision_nginx' require_relative 'provision_elasticsearch5' +require_relative 'provision_elasticsearch7' require_relative 'provision_wiremock' require_relative 'provision_localstack' @@ -145,6 +146,8 @@ def provision_commodities(root_loc, new_containers) provision_nginx(root_loc, new_containers) # Elasticsearch5 provision_elasticsearch5(root_loc) + # Elasticsearch7 + provision_elasticsearch7(root_loc) # Auth provision_auth(root_loc, new_containers) # Wiremock mappings diff --git a/scripts/docker/elasticsearch7/Dockerfile b/scripts/docker/elasticsearch7/Dockerfile new file mode 100644 index 0000000..88a7a94 --- /dev/null +++ b/scripts/docker/elasticsearch7/Dockerfile @@ -0,0 +1,9 @@ +FROM docker.elastic.co/elasticsearch/elasticsearch:7.17.24 + +ENV ES_JAVA_OPTS -Xms1024m -Xmx1024m +ENV discovery.type single-node + +# Remove default heap size and add low-memory optimisations +RUN echo "bootstrap.memory_lock: true" >> /usr/share/elasticsearch/config/elasticsearch.yml && \ + echo "indices.fielddata.cache.size: 50%" >> /usr/share/elasticsearch/config/elasticsearch.yml && \ + echo "indices.memory.index_buffer_size: 50%" >> /usr/share/elasticsearch/config/elasticsearch.yml diff --git a/scripts/docker/elasticsearch7/compose-fragment.yml b/scripts/docker/elasticsearch7/compose-fragment.yml new file mode 100644 index 0000000..b496b22 --- /dev/null +++ b/scripts/docker/elasticsearch7/compose-fragment.yml @@ -0,0 +1,18 @@ +services: + elasticsearch7: + container_name: elasticsearch7 + build: ../scripts/docker/elasticsearch7 + ports: + - "9207:9200" + - "9307:9300" + # restart: on-failure + platform: "linux/amd64" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + cap_add: + - IPC_LOCK diff --git a/scripts/docker/elasticsearch7/docker-compose-fragment.3.7.yml b/scripts/docker/elasticsearch7/docker-compose-fragment.3.7.yml new file mode 100644 index 0000000..8cd45cd --- /dev/null +++ b/scripts/docker/elasticsearch7/docker-compose-fragment.3.7.yml @@ -0,0 +1,18 @@ +version: '3.7' +services: + elasticsearch7: + container_name: elasticsearch7 + build: ../scripts/docker/elasticsearch7 + ports: + - "9207:9200" + - "9307:9300" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + cap_add: + - IPC_LOCK + restart: on-failure diff --git a/scripts/docker/elasticsearch7/docker-compose-fragment.yml b/scripts/docker/elasticsearch7/docker-compose-fragment.yml new file mode 100644 index 0000000..28cd476 --- /dev/null +++ b/scripts/docker/elasticsearch7/docker-compose-fragment.yml @@ -0,0 +1,19 @@ +version: '2' +services: + elasticsearch7: + container_name: elasticsearch7 + build: ../scripts/docker/elasticsearch7 + ports: + - "9207:9200" + - "9307:9300" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: 2048m + cap_add: + - IPC_LOCK + restart: on-failure diff --git a/scripts/provision_elasticsearch7.rb b/scripts/provision_elasticsearch7.rb new file mode 100644 index 0000000..3083ccb --- /dev/null +++ b/scripts/provision_elasticsearch7.rb @@ -0,0 +1,56 @@ +require_relative 'utilities' +require_relative 'commodities' +require 'yaml' + +def provision_elasticsearch7(root_loc) + puts colorize_lightblue('Searching for elasticsearch7 initialisation scripts in the apps') + + # Load configuration.yml into a Hash + config = YAML.load_file("#{root_loc}/dev-env-config/configuration.yml") + started = false + return unless config['applications'] + + config['applications'].each_key do |appname| + # To help enforce the accuracy of the app's dependency file, only search for init scripts + # if the app specifically specifies elasticsearch in it's commodity list + next unless File.exist?("#{root_loc}/apps/#{appname}/configuration.yml") + next unless commodity_required?(root_loc, appname, 'elasticsearch7') + + # Run any script contained in the app + if File.exist?("#{root_loc}/apps/#{appname}/fragments/elasticsearch7-fragment.sh") + started = start_elasticsearch7(root_loc, appname, started) + else + puts colorize_yellow("#{appname} says it uses Elasticsearch 7 but doesn't contain an init script. Oh well, " \ + 'onwards we go!') + end + end +end + +def start_elasticsearch7(root_loc, appname, started) + puts colorize_pink("Found some in #{appname}") + if commodity_provisioned?(root_loc, appname, 'elasticsearch7') + puts colorize_yellow("Elasticsearch7 has previously been provisioned for #{appname}, skipping") + else + unless started + run_command("#{ENV['DC_CMD']} up -d elasticsearch7") + # Better not run anything until elasticsearch is ready to accept connections... + puts colorize_lightblue('Waiting for Elasticsearch 7 to finish initialising') + + loop do + cmd_output = [] + run_command('curl --write-out "%{http_code}" --silent --output /dev/null http://localhost:9202', cmd_output) + break if cmd_output.include? '200' + + puts colorize_yellow('Elasticsearch 7 is unavailable - sleeping') + sleep(3) + end + + puts colorize_green('Elasticsearch 7 is ready') + started = true + end + run_command("sh #{root_loc}/apps/#{appname}/fragments/elasticsearch7-fragment.sh http://localhost:9202") + # Update the .commodities.yml to indicate that elasticsearch7 has now been provisioned + set_commodity_provision_status(root_loc, appname, 'elasticsearch7', true) + end + started +end From 151f5a6882eab82bb3777c484e41d24edc267f89 Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Mon, 7 Oct 2024 16:07:44 +0100 Subject: [PATCH 21/25] Add pg17 --- README.md | 5 +++-- scripts/add-aliases.sh | 2 ++ scripts/commodities.rb | 2 +- scripts/docker/postgres-17/Dockerfile | 17 +++++++++++++++++ scripts/docker/postgres-17/compose-fragment.yml | 6 ++++++ .../postgres-17/docker-compose-fragment.3.7.yml | 7 +++++++ .../postgres-17/docker-compose-fragment.yml | 7 +++++++ scripts/provision_postgres.rb | 2 ++ scripts/remove-aliases.sh | 1 + snippets/app_configuration.yml | 2 +- 10 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 scripts/docker/postgres-17/Dockerfile create mode 100644 scripts/docker/postgres-17/compose-fragment.yml create mode 100644 scripts/docker/postgres-17/docker-compose-fragment.3.7.yml create mode 100644 scripts/docker/postgres-17/docker-compose-fragment.yml diff --git a/README.md b/README.md index 0c95074..378d6fb 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,8 @@ This file specifies which commodities the dev-env should create and launch for t The list of allowable commodity values is: 1. postgres-13 -2. db2_community +2. postgres-17 +3. db2_community 4. elasticsearch5 5. nginx 6. rabbitmq @@ -166,7 +167,7 @@ If you want to spatially enable your database see the following example: [Example - Spatial](snippets/spatial_postgres-init-fragment.sql) -The default Postgres port 5432 will be available for connections from other containers. Port 5434 is exposed for external connections from the host. +The default Postgres port 5432 will be available for connections from other containers, hostname `postgres-13` or `postgres-17`. Port `5434` (for PG13) or `5435` (for PG17) is exposed for external connections from the host. **`/manage.py`** diff --git a/scripts/add-aliases.sh b/scripts/add-aliases.sh index 18b9bff..0429525 100755 --- a/scripts/add-aliases.sh +++ b/scripts/add-aliases.sh @@ -16,6 +16,7 @@ alias ex="$DC_CMD exec" alias status="$DC_CMD ps" alias run="$DC_CMD run --rm" alias psql13="$DC_CMD exec postgres-13 psql -h postgres-13 -U root -d" +alias psql17="$DC_CMD exec postgres-17 psql -h postgres-17 -U root -d" alias db2co="$DC_CMD exec --user db2inst1 db2_community bash -c '~/sqllib/bin/db2'" alias gitlist="bash $DEV_ENV_ROOT_DIR/scripts/git_list.sh" alias gitpull="bash $DEV_ENV_ROOT_DIR/scripts/git_pull.sh" @@ -212,6 +213,7 @@ function devenv-help(){ if you add -f it will automatically fix issues where possible (flags can be combined) psql13 - run psql in the postgres-13 container + psql17 - run psql in the postgres-17 container db2co - run db2 command line in the db2_community container manage - run manage.py commands in a container alembic - run an alembic db command in a container, with the appropriate environment variables preset diff --git a/scripts/commodities.rb b/scripts/commodities.rb index e986d91..22d2a17 100644 --- a/scripts/commodities.rb +++ b/scripts/commodities.rb @@ -133,7 +133,7 @@ def provision_commodities(root_loc, new_containers) # If you later modify .commodities to allow this to run again (e.g. if you've added new apps to your group), # you'll need to delete the postgres container and it's volume else you'll get errors. # Do a fullreset, or docker-compose rm -v -f postgres-13 - ['13'].each do |postgres_version| + ['13', '17'].each do |postgres_version| provision_postgres(root_loc, new_containers, postgres_version) # Alembic, too provision_alembic(root_loc, postgres_version) diff --git a/scripts/docker/postgres-17/Dockerfile b/scripts/docker/postgres-17/Dockerfile new file mode 100644 index 0000000..67d70eb --- /dev/null +++ b/scripts/docker/postgres-17/Dockerfile @@ -0,0 +1,17 @@ +FROM docker.io/postgres:17 + +# Install the PostGIS extension +RUN apt-get update && \ + apt-get install -y postgresql-17-postgis-3 && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# This user will be created as the superuser +# PG* are for dev use - while in the container psql will just work (useful for the provisioning) +ENV POSTGRES_USER=root \ + POSTGRES_PASSWORD=superroot \ + PGUSER=root \ + PGPASSWORD=superroot + + HEALTHCHECK --interval=10s --retries=20 \ + CMD pg_isready -h localhost || exit 1 diff --git a/scripts/docker/postgres-17/compose-fragment.yml b/scripts/docker/postgres-17/compose-fragment.yml new file mode 100644 index 0000000..cc2b1f5 --- /dev/null +++ b/scripts/docker/postgres-17/compose-fragment.yml @@ -0,0 +1,6 @@ +services: + postgres-17: + container_name: postgres-17 + build: ../scripts/docker/postgres-17/ + ports: + - "5435:5432" diff --git a/scripts/docker/postgres-17/docker-compose-fragment.3.7.yml b/scripts/docker/postgres-17/docker-compose-fragment.3.7.yml new file mode 100644 index 0000000..4593728 --- /dev/null +++ b/scripts/docker/postgres-17/docker-compose-fragment.3.7.yml @@ -0,0 +1,7 @@ +version: '3.7' +services: + postgres-17: + container_name: postgres-17 + build: ../scripts/docker/postgres-17/ + ports: + - "5435:5432" diff --git a/scripts/docker/postgres-17/docker-compose-fragment.yml b/scripts/docker/postgres-17/docker-compose-fragment.yml new file mode 100644 index 0000000..8782262 --- /dev/null +++ b/scripts/docker/postgres-17/docker-compose-fragment.yml @@ -0,0 +1,7 @@ +version: '2' +services: + postgres-17: + container_name: postgres-17 + build: ../scripts/docker/postgres-17/ + ports: + - "5435:5432" diff --git a/scripts/provision_postgres.rb b/scripts/provision_postgres.rb index e81fea9..c53b618 100644 --- a/scripts/provision_postgres.rb +++ b/scripts/provision_postgres.rb @@ -5,6 +5,8 @@ def postgres_container(postgres_version) case postgres_version when '13' 'postgres-13' + when '17' + 'postgres-17' else puts colorize_red("Unknown PostgreSQL version (#{postgres_version}) specified.") '' diff --git a/scripts/remove-aliases.sh b/scripts/remove-aliases.sh index caac730..0c2075e 100755 --- a/scripts/remove-aliases.sh +++ b/scripts/remove-aliases.sh @@ -11,6 +11,7 @@ unalias ex unalias status unalias run unalias psql13 +unalias psql17 unalias db2co unalias cadence-cli diff --git a/snippets/app_configuration.yml b/snippets/app_configuration.yml index c79b760..0d6469b 100644 --- a/snippets/app_configuration.yml +++ b/snippets/app_configuration.yml @@ -1,5 +1,5 @@ --- -commodities: ["postgres-13", "elasticsearch5", "rabbitmq", "db2_community"] +commodities: ["postgres-17", "elasticsearch5", "rabbitmq", "db2_community"] # Optional expensive_startup: - compose_service: name-of-service-from-compose-fragment From f28c512fb981df85526b3957be88cc29762d8603 Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Mon, 7 Oct 2024 16:18:35 +0100 Subject: [PATCH 22/25] Fix linting errors --- README.md | 9 +++++---- scripts/commodities.rb | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7913251..bc96bbd 100644 --- a/README.md +++ b/README.md @@ -199,11 +199,12 @@ The ports 9300 and 9302 are exposed on the host. The ports 9207 and 9307 are exposed on the host. If the ElasticSearch 7 container is returning the follow error log message: -``` -max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] -``` + +`max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]` + Run the following command in a terminal to set the system's max map count. -``` + +```bash sysctl -w vm.max_map_count=262144 ``` diff --git a/scripts/commodities.rb b/scripts/commodities.rb index 8955bce..c80b0db 100644 --- a/scripts/commodities.rb +++ b/scripts/commodities.rb @@ -134,7 +134,7 @@ def provision_commodities(root_loc, new_containers) # If you later modify .commodities to allow this to run again (e.g. if you've added new apps to your group), # you'll need to delete the postgres container and it's volume else you'll get errors. # Do a fullreset, or docker-compose rm -v -f postgres-13 - ['13', '17'].each do |postgres_version| + %w(13, 17).each do |postgres_version| provision_postgres(root_loc, new_containers, postgres_version) # Alembic, too provision_alembic(root_loc, postgres_version) From b0848cb962111218d7e93ba75ba9d643c8f3651b Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Mon, 7 Oct 2024 16:22:02 +0100 Subject: [PATCH 23/25] Fix linting errors --- scripts/commodities.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/commodities.rb b/scripts/commodities.rb index c80b0db..06d5b92 100644 --- a/scripts/commodities.rb +++ b/scripts/commodities.rb @@ -134,7 +134,7 @@ def provision_commodities(root_loc, new_containers) # If you later modify .commodities to allow this to run again (e.g. if you've added new apps to your group), # you'll need to delete the postgres container and it's volume else you'll get errors. # Do a fullreset, or docker-compose rm -v -f postgres-13 - %w(13, 17).each do |postgres_version| + %w[13 17].each do |postgres_version| provision_postgres(root_loc, new_containers, postgres_version) # Alembic, too provision_alembic(root_loc, postgres_version) From dcf184ab86927598c1d351a4d0063cf1abb27a41 Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Wed, 16 Oct 2024 11:52:27 +0100 Subject: [PATCH 24/25] Update DB2 to 11.5.9.0 --- scripts/docker/db2_community/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/db2_community/Dockerfile b/scripts/docker/db2_community/Dockerfile index e2c5ddf..08b3a46 100644 --- a/scripts/docker/db2_community/Dockerfile +++ b/scripts/docker/db2_community/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/hmlandregistry/db2-cgroupaware:11.5.8.0 +FROM docker.io/hmlandregistry/db2-cgroupaware:11.5.9.0 EXPOSE 50000 55000 From 6f28bf1eaf09be284b5699032024c88b6337f0d3 Mon Sep 17 00:00:00 2001 From: Simon Chapman Date: Thu, 17 Oct 2024 09:34:11 +0100 Subject: [PATCH 25/25] 2.4.0 --- logic.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic.rb b/logic.rb index 88ad889..05f4d02 100644 --- a/logic.rb +++ b/logic.rb @@ -75,7 +75,7 @@ # Does a version check and self-update if required if options['self_update'] - this_version = '2.3.0' + this_version = '2.4.0' puts colorize_lightblue("This is a universal dev env (version #{this_version})") # Skip version check if not on master (prevents infinite loops if you're in a branch that isn't up to date with the # latest release code yet)