feat: standalone image improvement & associated doc

MAIF · Dec 28, 2024 · 180696e · 180696e
1 parent 67f237a
commit 180696e
Show file tree

Hide file tree

Showing 16 changed files with 482 additions and 340 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -71,4 +71,6 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           file: {context}/demo-docker-image/Dockerfile-pg-embeded
-          tags: maif/izanami-test-standalone:${{ github.event.inputs.releaseVersion }}
+          tags: |
+            maif/izanami-test-standalone:${{ github.event.inputs.releaseVersion }}
+            maif/izanami-test-standalone:latest
diff --git a/app/fr/maif/izanami/env/env.scala b/app/fr/maif/izanami/env/env.scala
@@ -65,7 +65,7 @@ class Env(val configuration: Configuration, val environment: Environment, val Ws
   val secret = configuration.get[String]("app.secret")
 
   if(defaultSecret == secret) {
-    logger.warn("You're using Izanami default secret, which is not safe for production. Please generate a new secret and provide it to Izanami.")
+    logger.warn("You're using Izanami default secret, which is not safe for production. Please generate a new secret and provide it to Izanami (see https://maif.github.io/izanami/docs/guides/configuration#secret for details).")
   }
 
   lazy val encryptionKey = new SecretKeySpec(
@@ -99,8 +99,6 @@ class Env(val configuration: Configuration, val environment: Environment, val Ws
   val jobs = new Jobs(this)
 
   def onStart(): Future[Unit] = {
-    logger.info(s"Postgres url ${postgresql.getHost}:${postgresql.getPort}")
-
     for {
       _ <- postgresql.onStart()
       _ <- datastores.onStart()

diff --git a/app/fr/maif/izanami/env/postgresql.scala b/app/fr/maif/izanami/env/postgresql.scala
@@ -35,80 +35,83 @@ class Postgresql(env: Env) {
     val opts = PgConnectOptions.fromUri(configuration.get[String]("app.pg.uri"))
     opts
   } else {
-    val ssl        = configuration.getOptional[Configuration]("app.pg.ssl").getOrElse(Configuration.empty)
-    val sslEnabled = ssl.getOptional[Boolean]("enabled").getOrElse(false)
-    new PgConnectOptions()
-      .applyOnWithOpt(configuration.getOptional[Int]("connect-timeout"))((p, v) => p.setConnectTimeout(v))
-      .applyOnWithOpt(configuration.getOptional[Int]("idle-timeout"))((p, v) => p.setIdleTimeout(v))
-      .applyOnWithOpt(configuration.getOptional[Boolean]("log-activity"))((p, v) => p.setLogActivity(v))
-      .applyOnWithOpt(configuration.getOptional[Int]("pipelining-limit"))((p, v) => p.setPipeliningLimit(v))
-      .setPort(getPort)
-      .setHost(getHost)
-      .setDatabase(configuration.getOptional[String]("app.pg.database").getOrElse("postgres"))
-      .setUser(configuration.getOptional[String]("app.pg.user").getOrElse("postgres"))
-      .setPassword(configuration.getOptional[String]("app.pg.password").getOrElse("postgres"))
-      .applyOnIf(sslEnabled) { pgopt =>
-        val mode              = SslMode.of(ssl.getOptional[String]("mode").getOrElse("VERIFY_CA"))
-        val pemTrustOptions   = new PemTrustOptions()
-        val pemKeyCertOptions = new PemKeyCertOptions()
-        pgopt.setSslMode(mode)
-        pgopt.applyOnWithOpt(ssl.getOptional[Int]("ssl-handshake-timeout"))((p, v) => p.setSslHandshakeTimeout(v))
-        ssl.getOptional[Seq[String]]("trustedCertsPath").map { pathes =>
-          pathes.map(p => pemTrustOptions.addCertPath(p))
-          pgopt.setPemTrustOptions(pemTrustOptions)
-        }
-        ssl.getOptional[String]("trusted-cert-path").map { path =>
-          pemTrustOptions.addCertPath(path)
-          pgopt.setPemTrustOptions(pemTrustOptions)
-        }
-        ssl.getOptional[Seq[String]]("trusted-certs").map { certs =>
-          certs.map(p => pemTrustOptions.addCertValue(Buffer.buffer(p)))
-          pgopt.setPemTrustOptions(pemTrustOptions)
-        }
-        ssl.getOptional[String]("trusted-cert").map { path =>
-          pemTrustOptions.addCertValue(Buffer.buffer(path))
-          pgopt.setPemTrustOptions(pemTrustOptions)
-        }
-        ssl.getOptional[Seq[String]]("client-certs-path").map { pathes =>
-          pathes.map(p => pemKeyCertOptions.addCertPath(p))
-          pgopt.setPemKeyCertOptions(pemKeyCertOptions)
-        }
-        ssl.getOptional[Seq[String]]("client-certs").map { certs =>
-          certs.map(p => pemKeyCertOptions.addCertValue(Buffer.buffer(p)))
-          pgopt.setPemKeyCertOptions(pemKeyCertOptions)
-        }
-        ssl.getOptional[String]("client-cert-path").map { path =>
-          pemKeyCertOptions.addCertPath(path)
-          pgopt.setPemKeyCertOptions(pemKeyCertOptions)
-        }
-        ssl.getOptional[String]("client-cert").map { path =>
-          pemKeyCertOptions.addCertValue(Buffer.buffer(path))
-          pgopt.setPemKeyCertOptions(pemKeyCertOptions)
-        }
-        ssl.getOptional[Boolean]("trust-all").map { v =>
-          pgopt.setTrustAll(v)
+
+    val maybePgConfig = for(
+      database <- configuration.getOptional[String]("app.pg.database");
+      user <- configuration.getOptional[String]("app.pg.user");
+      password <- configuration.getOptional[String]("app.pg.password");
+      host <- configuration.getOptional[String]("app.pg.host");
+      port <- configuration.getOptional[Int]("app.pg.port")
+    ) yield {
+      val ssl        = configuration.getOptional[Configuration]("app.pg.ssl").getOrElse(Configuration.empty)
+      val sslEnabled = ssl.getOptional[Boolean]("enabled").getOrElse(false)
+      new PgConnectOptions()
+        .applyOnWithOpt(configuration.getOptional[Int]("connect-timeout"))((p, v) => p.setConnectTimeout(v))
+        .applyOnWithOpt(configuration.getOptional[Int]("idle-timeout"))((p, v) => p.setIdleTimeout(v))
+        .applyOnWithOpt(configuration.getOptional[Boolean]("log-activity"))((p, v) => p.setLogActivity(v))
+        .applyOnWithOpt(configuration.getOptional[Int]("pipelining-limit"))((p, v) => p.setPipeliningLimit(v))
+        .setPort(port)
+        .setHost(host)
+        .setDatabase(database)
+        .setUser(user)
+        .setPassword(password)
+        .applyOnIf(sslEnabled) { pgopt =>
+          val mode              = SslMode.of(ssl.getOptional[String]("mode").getOrElse("VERIFY_CA"))
+          val pemTrustOptions   = new PemTrustOptions()
+          val pemKeyCertOptions = new PemKeyCertOptions()
+          pgopt.setSslMode(mode)
+          pgopt.applyOnWithOpt(ssl.getOptional[Int]("ssl-handshake-timeout"))((p, v) => p.setSslHandshakeTimeout(v))
+          ssl.getOptional[Seq[String]]("trustedCertsPath").map { pathes =>
+            pathes.map(p => pemTrustOptions.addCertPath(p))
+            pgopt.setPemTrustOptions(pemTrustOptions)
+          }
+          ssl.getOptional[String]("trusted-cert-path").map { path =>
+            pemTrustOptions.addCertPath(path)
+            pgopt.setPemTrustOptions(pemTrustOptions)
+          }
+          ssl.getOptional[Seq[String]]("trusted-certs").map { certs =>
+            certs.map(p => pemTrustOptions.addCertValue(Buffer.buffer(p)))
+            pgopt.setPemTrustOptions(pemTrustOptions)
+          }
+          ssl.getOptional[String]("trusted-cert").map { path =>
+            pemTrustOptions.addCertValue(Buffer.buffer(path))
+            pgopt.setPemTrustOptions(pemTrustOptions)
+          }
+          ssl.getOptional[Seq[String]]("client-certs-path").map { pathes =>
+            pathes.map(p => pemKeyCertOptions.addCertPath(p))
+            pgopt.setPemKeyCertOptions(pemKeyCertOptions)
+          }
+          ssl.getOptional[Seq[String]]("client-certs").map { certs =>
+            certs.map(p => pemKeyCertOptions.addCertValue(Buffer.buffer(p)))
+            pgopt.setPemKeyCertOptions(pemKeyCertOptions)
+          }
+          ssl.getOptional[String]("client-cert-path").map { path =>
+            pemKeyCertOptions.addCertPath(path)
+            pgopt.setPemKeyCertOptions(pemKeyCertOptions)
+          }
+          ssl.getOptional[String]("client-cert").map { path =>
+            pemKeyCertOptions.addCertValue(Buffer.buffer(path))
+            pgopt.setPemKeyCertOptions(pemKeyCertOptions)
+          }
+          ssl.getOptional[Boolean]("trust-all").map { v =>
+            pgopt.setTrustAll(v)
+          }
+          pgopt
         }
-        pgopt
-      }
+    }
+
+    maybePgConfig.getOrElse(throw new IllegalArgumentException("No suitable postgres configuration provided, you need to provide either Postgres URI or Postgres database, user and password (see https://maif.github.io/izanami/docs/guides/configuration#database for details)"))
   }
   lazy val vertx               = Vertx.vertx()
   private lazy val poolOptions = new PoolOptions()
-    .setMaxSize(configuration.getOptional[Int]("app.pg.pool-size").getOrElse(100))
+    .setMaxSize(configuration.getOptional[Int]("app.pg.pool-size").getOrElse(20))
     .applyOnWithOpt(configuration.getOptional[Int]("idle-timeout"))((p, v) => p.setIdleTimeout(v))
     .applyOnWithOpt(configuration.getOptional[Int]("max-lifetime"))((p, v) => p.setMaxLifetime(v))
 
   private lazy val pool = PgPool.pool(connectOptions, poolOptions)
 
   private val configuration = env.configuration
 
-  def getHost = {
-    configuration.getOptional[String]("app.pg.host").getOrElse("localhost")
-  }
-
-  def getPort = {
-    configuration.getOptional[Int]("app.pg.port").getOrElse(5432)
-  }
-
   def onStart(): Future[Unit] = {
     updateSchema()
   }

diff --git a/conf/application.conf b/conf/application.conf
@@ -68,16 +68,16 @@ app {
     port = 5432
     port = ${?IZANAMI_PG_PORT}
     port = ${?POSTGRESQL_ADDON_PORT}
-    //host = "localhost"
+    host = "localhost"
     host = ${?IZANAMI_PG_HOST}
     host = ${?POSTGRESQL_ADDON_HOST}
-    //database = "postgres"
+    password = "postgres"
     database = ${?IZANAMI_PG_DATABASE}
     database = ${?POSTGRESQL_ADDON_DB}
-    //user = "postgres"
+    password = "postgres"
     user = ${?IZANAMI_PG_USER}
     user = ${?POSTGRESQL_ADDON_USER}
-    //password = "postgres"
+    password = "postgres"
     password = ${?IZANAMI_PG_PASSWORD}
     password = ${?POSTGRESQL_ADDON_PASSWORD}
     connect-timeout = ${?IZANAMI_PG_CONNECT_TIMEOUT}

diff --git a/conf/json-logger.xml b/conf/json-logger.xml
@@ -3,6 +3,7 @@
 
     <conversionRule conversionWord="coloredLevel" converterClass="play.api.libs.logback.ColoredLevel" />
 
+
     <logger name="jsonEncoderLogger" level="TRACE">
         <appender-ref ref="jsonEncoder" />
     </logger>
@@ -26,6 +27,7 @@
     <logger name="play" level="INFO" />
     <logger name="application" level="INFO" />
     <logger name="izanami-wasm" level="WARN" />
+    <logger name="org.flywaydb.core.internal.scanner.filesystem.FileSystemScanner" level="OFF"/>
 
     <root level="INFO">
         <!--<appender-ref ref="ASYNCFILE" />-->

diff --git a/conf/logback.xml b/conf/logback.xml
@@ -34,6 +34,7 @@
   <logger name="play" level="INFO" />
   <logger name="application" level="INFO" />
   <logger name="izanami-wasm" level="WARN" />
+  <logger name="org.flywaydb.core.internal.scanner.filesystem.FileSystemScanner" level="OFF"/>
 
 
   <root level="INFO">

diff --git a/demo-docker-image/Dockerfile-pg-embeded b/demo-docker-image/Dockerfile-pg-embeded
@@ -6,7 +6,18 @@ RUN set -eux; \
 
 RUN mkdir /app
 #RUN groupadd -g 10001 javauser && useradd -u 10000 -g javauser javauser
+ENV POSTGRES_PASSWORD=password
+
 ENV IZANAMI_CONTAINERIZED=true
+ENV IZANAMI_PG_DATABASE=postgres
+ENV IZANAMI_PG_USER=postgres
+ENV IZANAMI_PG_PASSWORD=password
+
+ENV IZANAMI_ADMIN_DEFAULT_USERNAME=izanami
+ENV IZANAMI_ADMIN_DEFAULT_PASSWORD=password
+
+EXPOSE 9000
+
 COPY ./target/izanami.jar /app/izanami.jar
 COPY ./demo-docker-image/script.sh /app/script.sh
 RUN chmod +x /app/script.sh

diff --git a/manual/.docusaurus/@easyops-cn/docusaurus-search-local/default/generated.js b/manual/.docusaurus/@easyops-cn/docusaurus-search-local/default/generated.js
@@ -1,12 +1,12 @@
-import lunr from "/home/runner/work/izanami/izanami/manual/node_modules/lunr/lunr.js";
-require("/home/runner/work/izanami/izanami/manual/node_modules/lunr-languages/lunr.stemmer.support.js")(lunr);
+import lunr from "/Users/77199M/workspaces/oss/izanami/manual/node_modules/lunr/lunr.js";
+require("/Users/77199M/workspaces/oss/izanami/manual/node_modules/lunr-languages/lunr.stemmer.support.js")(lunr);
 require("@easyops-cn/docusaurus-search-local/dist/client/shared/lunrLanguageZh").lunrLanguageZh(lunr);
-require("/home/runner/work/izanami/izanami/manual/node_modules/lunr-languages/lunr.multi.js")(lunr);
+require("/Users/77199M/workspaces/oss/izanami/manual/node_modules/lunr-languages/lunr.multi.js")(lunr);
 export const language = ["en","zh"];
 export const removeDefaultStopWordFilter = false;
 export const removeDefaultStemmer = false;
-export { default as Mark } from "/home/runner/work/izanami/izanami/manual/node_modules/mark.js/dist/mark.js"
-export const searchIndexUrl = "search-index{dir}.json?_=cebd2ca6";
+export { default as Mark } from "/Users/77199M/workspaces/oss/izanami/manual/node_modules/mark.js/dist/mark.js"
+export const searchIndexUrl = "search-index{dir}.json?_=9cbfd789";
 export const searchResultLimits = 8;
 export const searchResultContextMaxLength = 50;
 export const explicitSearchResultPath = true;

diff --git a/manual/.docusaurus/client-modules.js b/manual/.docusaurus/client-modules.js
@@ -1,6 +1,6 @@
 export default [
-  require("/home/runner/work/izanami/izanami/manual/node_modules/infima/dist/css/default/default.css"),
-  require("/home/runner/work/izanami/izanami/manual/node_modules/@docusaurus/theme-classic/lib/prism-include-languages"),
-  require("/home/runner/work/izanami/izanami/manual/node_modules/@docusaurus/theme-classic/lib/nprogress"),
-  require("/home/runner/work/izanami/izanami/manual/src/css/custom.css"),
+  require("/Users/77199M/workspaces/oss/izanami/manual/node_modules/infima/dist/css/default/default.css"),
+  require("/Users/77199M/workspaces/oss/izanami/manual/node_modules/@docusaurus/theme-classic/lib/prism-include-languages"),
+  require("/Users/77199M/workspaces/oss/izanami/manual/node_modules/@docusaurus/theme-classic/lib/nprogress"),
+  require("/Users/77199M/workspaces/oss/izanami/manual/src/css/custom.css"),
 ];