Merge pull request #5560 from BacLuc/use-api-prod-build-for-e2e-tests

use api prod image for e2e tests

.github/workflows/reusable-e2e-tests-build.yml

@@ -23,7 +23,7 @@ jobs:
           context: './api'
           push: false
           load: true
-          target: frankenphp_dev
+          target: frankenphp_prod
           builder: ${{ steps.buildx.outputs.name }}
           tags: ecamp/ecamp3-dev-api
           cache-from: type=gha,scope=api

.github/workflows/reusable-e2e-tests-run.yml

@@ -48,9 +48,23 @@ jobs:
           key: docker-compose-${{ hashFiles('frontend/package-lock.json', 'print/package-lock.json', 'api/composer.lock') }}-${{ matrix.browser }}
           restore-keys: |
             docker-compose-
+            
+      - run: |
+          jwt_passphrase=${JWT_PASSPHRASE:-$(grep ''^JWT_PASSPHRASE='' .env | cut -f 2 -d ''='')}
+          echo "Generating public / private keys for JWT"
+          mkdir -p config/jwt
+          echo "$jwt_passphrase" | openssl genpkey -out config/jwt/private.pem -pass stdin -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096
+          echo "$jwt_passphrase" | openssl pkey -in config/jwt/private.pem -passin stdin -out config/jwt/public.pem -pubout
+          setfacl -R -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt
+          setfacl -dR -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt
+        working-directory: api
+
+      - run: docker compose up --wait -d database
+
+      - run: docker compose -f docker-compose.yml run --rm api migrate-database
 
       # start necessary containers
-      - run: docker compose up -d api frontend pdf print browserless database docker-host http-cache mail
+      - run: docker compose -f docker-compose.yml up -d api frontend pdf print browserless database docker-host http-cache mail reverse-proxy
 
       # pull cypress while container are starting up
       - run: docker compose pull e2e

.helm/ecamp3/templates/api_deployment.yaml

@@ -51,6 +51,8 @@ spec:
           env:
             - name: SERVER_NAME
               value: :3001
+            - name: COOKIE_SECURE
+              value: 'true'
             - name: APP_SECRET
               valueFrom:
                 secretKeyRef:

api/.env

@@ -17,6 +17,7 @@
 TRUSTED_PROXIES=::1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
 ADDITIONAL_TRUSTED_HOSTS=localhost
 COOKIE_PREFIX=localhost_
+COOKIE_SECURE=false
 VARNISH_API_URL=http://http-cache:8081
 API_CACHE_ENABLED=true
 

api/Dockerfile

@@ -48,6 +48,8 @@ RUN set -eux; \
 ###< recipes ###
 
 COPY --link docker/php/conf.d/api-platform.ini $PHP_INI_DIR/conf.d/
+ENV LOG_LEVEL=info
+COPY --link docker/caddy/Caddyfile /etc/caddy/Caddyfile
 COPY --link --chmod=755 docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
 COPY --link --chmod=755 docker/php/migrate-database.sh /usr/local/bin/migrate-database
 
@@ -63,7 +65,6 @@ ENV APP_ENV=dev XDEBUG_MODE=off
 RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
 
 COPY --link docker/php/conf.d/api-platform.dev.ini $PHP_INI_DIR/conf.d/
-COPY --link docker/caddy/Caddyfile /etc/caddy/Caddyfile
 
 # renovate: datasource=github-tags depName=xdebug/xdebug
 ARG XDEBUG_VERSION=3.3.2
@@ -84,7 +85,6 @@ ENV APP_ENV=prod
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 COPY --link docker/php/conf.d/api-platform.prod.ini $PHP_INI_DIR/conf.d/
-COPY --link docker/caddy/Caddyfile.prod /etc/caddy/Caddyfile
 #COPY --link docker/caddy/worker.Caddyfile /etc/caddy/worker.Caddyfile
 
 # prevent the reinstallation of vendors at every changes in the source code

api/config/packages/lexik_jwt_authentication.yaml

@@ -1,5 +1,6 @@
 parameters:
     env(COOKIE_PREFIX): ""
+    env(COOKIE_SECURE): "true"
 
 lexik_jwt_authentication:
     secret_key: '%env(resolve:JWT_SECRET_KEY)%'
@@ -31,10 +32,12 @@ lexik_jwt_authentication:
             split:
                 - header
                 - payload
+            secure: '%env(bool:COOKIE_SECURE)%'
         '%env(COOKIE_PREFIX)%jwt_s':
             lifetime: null
             samesite: strict
             path: /
             httpOnly: true
             split:
                 - signature
+            secure: '%env(bool:COOKIE_SECURE)%'

api/docker/caddy/Caddyfile

@@ -1,4 +1,7 @@
 {
+	log {
+		level {$LOG_LEVEL}
+	}
 	{$CADDY_GLOBAL_OPTIONS}
 
 	frankenphp {
@@ -8,7 +11,9 @@
 	# https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm
 	order php_server before file_server
 
-	auto_https disable_redirects
+	http_port 3001
+	https_port 3443
+	auto_https off
 	# make it possible to connect from remote host to admin endpoint
 	# https://caddyserver.com/docs/caddyfile/options#admin
 	# note, restricting to specific origins is not possible with the wildcard interface
@@ -22,62 +27,35 @@
 
 {$CADDY_EXTRA_CONFIG}
 
-:3000 {
-	log {
-		level DEBUG
-	}
-
-	handle_path /api* {
-		# rewriting the uri used for php-fcgi did not work
-		# so we make a hop more to localhost:3001 with the rewritten url where the fcgi happens
-		# this may slow down the request
-
-		reverse_proxy localhost:3001 {
-			header_up X-Forwarded-Prefix "/api"
+{$SERVER_NAME:localhost} {
+	log
+
+	root * /app/public
+
+	encode {
+		zstd
+		br
+		gzip
+
+		match {
+			header Content-Type text/*
+			header Content-Type application/json*
+			header Content-Type application/javascript*
+			header Content-Type application/xhtml+xml*
+			header Content-Type application/atom+xml*
+			header Content-Type application/rss+xml*
+			header Content-Type image/svg+xml*
+			# Custom formats supported
+			header Content-Type application/ld+json*
+			header Content-Type application/hal+json*
 		}
 	}
 
-	handle /print* {
-		reverse_proxy print:3003
-	}
-
-	handle /mail* {
-		reverse_proxy mail:1080
-	}
-
-	handle {
-		reverse_proxy frontend:3000
-	}
-}
+	# Add links to the API docs if not set explicitly (e.g. the PWA)
+	header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"`
 
-:3001 {
-	route {
-		root * /app/public
+	# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
+	header ?Permissions-Policy "browsing-topics=()"
 
-		encode {
-			zstd
-			br
-			gzip
-
-			match {
-				header Content-Type text/*
-				header Content-Type application/json*
-				header Content-Type application/javascript*
-				header Content-Type application/xhtml+xml*
-				header Content-Type application/atom+xml*
-				header Content-Type application/rss+xml*
-				header Content-Type image/svg+xml*
-				# Custom formats supported
-				header Content-Type application/ld+json*
-			}
-		}
-
-		# Add links to the API docs if not set explicitly (e.g. the PWA)
-		header ?Link `</docs.jsonld>; rel="www.w3.org/ns/hydra/core#apiDocumentation"`
-
-		# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
-		header ?Permissions-Policy "browsing-topics=()"
-
-		php_server
-	}
+	php_server
 }

api/docker/varnish/vcl/_config.vcl

@@ -1,4 +1,4 @@
 backend default {
   .host = "api";
-  .port = "3000";
+  .port = "3001";
 }

api/docker/varnish/vcl/default.vcl

@@ -20,11 +20,6 @@ sub vcl_recv {
   # Support xkey purge requests
   # see https://raw.githubusercontent.com/varnish/varnish-modules/master/src/vmod_xkey.vcc
   call fos_tags_xkey_recv;
-
-  # exclude other services (frontend, print, etc.)
-  if (var.get("originalUrl") !~ "^/api") {
-    return(pass);
-  }
 
   # exclude API documentation, profiler and graphql endpoint
   if (var.get("originalUrl") ~ "^/api/docs" 
@@ -100,4 +95,3 @@ sub vcl_deliver {
     set resp.http.Cache-Control = "no-cache, private";
   }
 }
-

docker-compose.override.yml

@@ -0,0 +1,26 @@
+services:
+  api:
+    build:
+      target: frankenphp_dev
+    volumes:
+      - ./api:/app:rw,delegated
+      - caddy_data:/data
+      - caddy_config:/config
+      - ./api/docker/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./api/docker/php/conf.d/api-platform.dev.ini:/usr/local/etc/php/conf.d/api-platform.ini:delegated
+      - ./api/docker/php/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint:delegated
+      - ./.cache/composer:/tmp/composer/cache:delegated
+    environment:
+      # See https://docs.docker.com/docker-for-mac/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host
+      # See https://github.com/docker/for-linux/issues/264
+      # The `remote_host` below may optionally be replaced with `remote_connect_back`
+      # XDEBUG_MODE required for step debugging
+      XDEBUG_MODE: ${XDEBUG_MODE:-off}
+      # default port for Xdebug 3 is 9003
+      # idekey=VSCODE if you are debugging with VSCode
+      XDEBUG_CONFIG: ${XDEBUG_CONFIG}
+      # This should correspond to the server declared in PHPStorm `Preferences | Languages & Frameworks | PHP | Servers`
+      # Then PHPStorm will use the corresponding path mappings
+      PHP_IDE_CONFIG: serverName=localhost
+      PERFORMANCE_TEST_DEBUG_OUTPUT: ${PERFORMANCE_TEST_DEBUG_OUTPUT:-}
+    user: ${USER_ID:-1000}