From 47a12ce1e502eb8c0989b844b137502aee432fdb Mon Sep 17 00:00:00 2001 From: Sean Hamlin Date: Sat, 13 Apr 2024 13:25:35 +1200 Subject: [PATCH 1/4] Increased test coverage for Drupal nginx images. Depends on another PR to pass. --- TESTING_dockercompose.md | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/TESTING_dockercompose.md b/TESTING_dockercompose.md index 9386006..2003484 100644 --- a/TESTING_dockercompose.md +++ b/TESTING_dockercompose.md @@ -67,7 +67,42 @@ docker-compose exec -T cli bash -c "node --version" docker-compose exec -T cli bash -c "yarn --version" # Should have a running Drupal 10 site served by nginx on port 8080 -docker-compose exec -T cli bash -c "curl -kL http://nginx:8080" | grep "Drush Site-Install" +docker-compose exec -T cli bash -c "curl -skL http://nginx:8080" | grep "Drush Site-Install" + +# Should have index.php redirection rules +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/index.php/node" | grep "HTTP/1.1 301" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/index.php/node" | grep "Location: http://nginx/node" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/index.php/node/1" | grep "HTTP/1.1 301" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/index.php/node/1" | grep "Location: http://nginx/node/1" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/index.php/node/1?query=true" | grep "HTTP/1.1 301" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/index.php/node/1?query=true" | grep "Location: http://nginx/node/1?query=true" + +# Should block random text files +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/INSTALL.txt" | grep "HTTP/1.1 404" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/README.md" | grep "HTTP/1.1 404" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/sites/README.txt" | grep "HTTP/1.1 404" + +# Should not block text files in public files +docker-compose exec -T nginx bash -c "echo banana > /app/web/sites/default/files/test.txt" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/sites/default/files/test.txt" | grep "HTTP/1.1 200" + +# Should allow .well-known static files +docker-compose exec -T nginx bash -c "mkdir -p /app/web/.well-known/" +docker-compose exec -T nginx bash -c "echo banana > /app/web/.well-known/apple-developer-merchantid-domain-association" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/.well-known/apple-developer-merchantid-domain-association" | grep "HTTP/1.1 200" + +# Should block other dot files. +docker-compose exec -T nginx bash -c "mkdir -p /app/web/.aws/" +docker-compose exec -T nginx bash -c "echo banana > /app/web/.aws/credentials.yml" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/.aws/credentials.yml" | grep "HTTP/1.1 404" + +# Should block database dump downloads +docker-compose exec -T nginx bash -c "echo banana > /app/web/dumpy.sql" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/dumpy.sql" | grep "HTTP/1.1 404" + +# Should block random PHP files from executing +docker-compose exec -T nginx bash -c "echo '' > /app/web/info.php" +docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/info.php" | grep "HTTP/1.1 404" # Should be able to db-export and db-import the database docker-compose exec -T cli bash -c "drush sql-dump --result-file /app/test.sql" From ec0cfdaa970e92b06ab2d58b292459ad3377a6ad Mon Sep 17 00:00:00 2001 From: Sean Hamlin Date: Sat, 13 Apr 2024 13:26:07 +1200 Subject: [PATCH 2/4] Trust discovery composer package. --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index dd3ba1b..49c9e8a 100644 --- a/composer.json +++ b/composer.json @@ -44,7 +44,8 @@ "drupal/core-composer-scaffold": true, "drupal/core-project-message": true, "phpstan/extension-installer": true, - "dealerdirect/phpcodesniffer-composer-installer": true + "dealerdirect/phpcodesniffer-composer-installer": true, + "php-http/discovery": true } }, "extra": { From 09106f20a1dfa7445f7b0e53b1dbe75aa52609d0 Mon Sep 17 00:00:00 2001 From: Sean Hamlin Date: Sat, 13 Apr 2024 13:26:58 +1200 Subject: [PATCH 3/4] PHP 8.3 bump. Drupal 10.2 supports this now. --- README.md | 8 ++++---- TESTING_dockercompose.md | 6 +++--- TESTING_lando.md | 6 +++--- lagoon/cli.dockerfile | 2 +- lagoon/php.dockerfile | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 5de8a99..ac8285f 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ This template includes everything necessary to run on [Lagoon](https://www.github.com/uselagoon/lagoon) (in both the local development environments or on hosted Lagoon clusters.) This project template should provide a kickstart for managing your site -dependencies with [Composer](https://getcomposer.org/). It is based on the [original Drupal Composer Template](https://github.com/drupal-composer/drupal-project), +dependencies with [Composer](https://getcomposer.org/). It is based on the [original Drupal Composer Template](https://github.com/drupal-composer/drupal-project), ## Included Services This example contains the following services: * Drupal 10 (prerelease versions) -* PHP 8.1 +* PHP 8.3 * NGINX * MariaDB 10.6 @@ -73,7 +73,7 @@ lando drush si -y ``` 6. Visit the new site @ `http://drupal10-base.lndo.site` - + 7. For more information on how to configure your site, check out the [documentation](https://docs.lando.dev/config/lagoon.html). ## What does the template do? @@ -93,7 +93,7 @@ When installing the given `composer.json` some tasks are taken care of: ## Updating Drupal Core -Follow the steps below to update your core files. Scaffolding is managed by Drupal core. See the `assets/` directory for more information. +Follow the steps below to update your core files. Scaffolding is managed by Drupal core. See the `assets/` directory for more information. 1. Run `composer update drupal/core-recommended drupal/core-dev-pinned --with-dependencies` diff --git a/TESTING_dockercompose.md b/TESTING_dockercompose.md index 2003484..8b005a2 100644 --- a/TESTING_dockercompose.md +++ b/TESTING_dockercompose.md @@ -1,4 +1,4 @@ -Docker Compose Drupal 10 base - php8.1, nginx, mariadb +Docker Compose Drupal 10 base - php8.3, nginx, mariadb ====================================================== This is a docker-compose version of the Lando example tests: @@ -45,8 +45,8 @@ docker-compose exec -T cli bash -c "env | grep LAGOON=" | grep cli-drupal docker-compose exec -T cli bash -c "env" | grep LAGOON_ROUTE | grep drupal10-base.docker.amazee.io docker-compose exec -T cli bash -c "env" | grep LAGOON_ENVIRONMENT_TYPE | grep development -# Should be running PHP 8 -docker-compose exec -T cli bash -c "php -v" | grep "PHP 8" +# Should be running PHP 8.3 +docker-compose exec -T cli bash -c "php -v" | grep "PHP 8.3" # Should have composer docker-compose exec -T cli bash -c "composer --version" diff --git a/TESTING_lando.md b/TESTING_lando.md index 2090683..a271c36 100644 --- a/TESTING_lando.md +++ b/TESTING_lando.md @@ -1,4 +1,4 @@ -Lando Drupal 10 base - php8.1, nginx, mariadb +Lando Drupal 10 base - php8.3, nginx, mariadb ============================================= This example exists primarily to test the following documentation: @@ -46,8 +46,8 @@ lando ssh -c "env | grep LAGOON=" | grep cli-drupal lando ssh -c "env" | grep LAGOON_ROUTE | grep drupal10-base.lndo.site lando ssh -c "env" | grep LAGOON_ENVIRONMENT_TYPE | grep development -# Should be running PHP 8.1 -lando ssh -c "php -v" | grep "PHP 8.1" +# Should be running PHP 8.3 +lando ssh -c "php -v" | grep "PHP 8.3" # Should have composer lando composer --version diff --git a/lagoon/cli.dockerfile b/lagoon/cli.dockerfile index 34e2af8..eba950a 100644 --- a/lagoon/cli.dockerfile +++ b/lagoon/cli.dockerfile @@ -1,4 +1,4 @@ -FROM uselagoon/php-8.1-cli-drupal:latest +FROM uselagoon/php-8.3-cli-drupal:latest COPY composer.* /app/ COPY assets /app/assets diff --git a/lagoon/php.dockerfile b/lagoon/php.dockerfile index 8ed4b05..2b50501 100644 --- a/lagoon/php.dockerfile +++ b/lagoon/php.dockerfile @@ -1,6 +1,6 @@ ARG CLI_IMAGE FROM ${CLI_IMAGE} as cli -FROM uselagoon/php-8.1-fpm:latest +FROM uselagoon/php-8.3-fpm:latest COPY --from=cli /app /app From 5bd9dc629831589ecf41247073f96bb4e291614d Mon Sep 17 00:00:00 2001 From: Sean Hamlin Date: Sun, 14 Apr 2024 12:33:55 +1200 Subject: [PATCH 4/4] quoting is hard, use base64 --- TESTING_dockercompose.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TESTING_dockercompose.md b/TESTING_dockercompose.md index 8b005a2..cb61518 100644 --- a/TESTING_dockercompose.md +++ b/TESTING_dockercompose.md @@ -101,7 +101,7 @@ docker-compose exec -T nginx bash -c "echo banana > /app/web/dumpy.sql" docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/dumpy.sql" | grep "HTTP/1.1 404" # Should block random PHP files from executing -docker-compose exec -T nginx bash -c "echo '' > /app/web/info.php" +docker-compose exec -T nginx bash -c "echo PD9waHAgcGhwaW5mbygpOz8+ | base64 -d > /app/web/info.php" docker-compose exec -T cli bash -c "curl -sIk http://nginx:8080/info.php" | grep "HTTP/1.1 404" # Should be able to db-export and db-import the database