While this repository has been inactive for some time, this formal notice, issued on December 10, 2024, serves as the official declaration to clarify the situation. Consequently, this repository and all associated resources (including related projects, code, documentation, and distributed packages such as Docker images, PyPI packages, etc.) are now explicitly declared unmaintained and abandoned.
I would like to remind everyone that this project’s free license has always been based on the principle that the software is provided "AS-IS", without any warranty or expectation of liability or maintenance from the maintainer. As such, it is used solely at the user's own risk, with no warranty or liability from the maintainer, including but not limited to any damages arising from its use.
Due to the enactment of the Cyber Resilience Act (EU Regulation 2024/2847), which significantly alters the regulatory framework, including penalties of up to €15M, combined with its demands for unpaid and indefinite liability, it has become untenable for me to continue maintaining all my Open Source Projects as a natural person. The new regulations impose personal liability risks and create an unacceptable burden, regardless of my personal situation now or in the future, particularly when the work is done voluntarily and without compensation.
No further technical support, updates (including security patches), or maintenance, of any kind, will be provided.
These resources may remain online, but solely for public archiving, documentation, and educational purposes.
Users are strongly advised not to use these resources in any active or production-related projects, and to seek alternative solutions that comply with the new legal requirements (EU CRA).
Using these resources outside of these contexts is strictly prohibited and is done at your own risk.
Regarding the potential transfer of the project to another entity, discussions are ongoing, but no final decision has been made yet. As a last resort, if the project and its associated resources are not transferred, I may begin removing any published resources related to this project (e.g., from PyPI, Docker Hub, GitHub, etc.) starting March 15, 2025, especially if the CRA’s risks remain disproportionate.
Idea is to create it with a wonderful python tool called cookiecutter
if ! ( virtualenv 2>&1 >/dev/null );then echo "ERROR: install venv, on debian/ubuntu: apt install -y virtualenv,fi";fi
virtualenv --python=python3 ~/tools/cookiecutter
~/tools/cookiecutter/bin/pip install cookiecutter
Install gnu-sed with brew install gsed
and use it as default with export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"
for the focllowing commands.
-
create on gitlab your project (empty)
-
then locally generate the base files (replace with your values)
# If you already played with cookiecutter you have this directory with the # old project templates. You may need to refresh it. # ignore this step on first exec (you do not have it yet) cd ~/.cookiecutters/cookiecutter-symfony \ && git fetch origin && git reset --hard origin/master \ && cd - # activate cookiecutter env . ~/tools/cookiecutter/bin/activate # And launch the new 'foobar' project generation! # check most variables in cookiecutter.json file cookiecutter --no-input -f -o ~/out_dir \ https://github.com/corpusops/cookiecutter-symfony.git \ name=foobar \ tld_domain=zorg.com \ git_server=gitlab.makina-corpus.net \ docker_registry= registry.makina-corpus.net \ git_ns=zorg \ local_http_port=8009 \ maintenance_no_503="y" \ dev_port=40001 staging_port=40003 qa_host="" prod_port=40010 cd ~/out_dir # review before commit # for relative checkout to work, we need remote objects locally git commit local -m "Add deploy"
-
Read cookiecutter.json for all options
-
notable options behaviors:
use_submodule_for_deploy_code=
: copy deploy submodule inside project for a standalone deployment (no common deploy)local_http_port=NNNN
: local port use by devs to access the project after /etc/hosts edition to map 127.0.0.1 to thelocal_domain
variable (something like http://project_name.local:local_http_port)php_ver=X.Y
: php version to useSymfony_ver=X.Y
: Symfony version to useremove_cron=y
: will remove cron image and related configurationenable_cron=
: will soft disable (comment crontab) without removing cron.(qa|staging)_host=
: will disable generation for this envtests_(staging|tests)=
: will disable those specific tests in CIregistry_is_gitlab_registry=y
: act that registry is gitlab based and use token to register image against and autofillregister_user
andregistry_password
.db_mode=<mode>
: one ofpostgres|postgis|mysql
haproxy=y
: generate haproxy related jobs
-
Push the generated files (here on
~/out_dir
) to your new project
We provide a basic app/composer.json
file. NNo doubt that you may have to
complement it.
If you need access to one or more private git repositories for composer, you may
also need to add some private ssh keys in keys/
directory and build a
./sys/sbin/pre-composer.sh
script (it should look almost like the other
sys/sbin/composer scripts, but at the end you can add some ssh-keyscan and ssh
specifc configurations like this:)
(
# && $GOSU_CMD ssh-keyscan 37.58.212.66 >> /home/$APP_USER/.ssh/known_hosts \
$GOSU_CMD ssh-keyscan foo.example.com >> /home/$APP_USER/.ssh/known_hosts \
&& chown $APP_USER:$APP_USER /home/$APP_USER/.ssh/known_hosts \
&& $GOSU_CMD printf 'Host foo.example.com\n Preferredauthentications publickey\n IdentityFile ...\n' > /home/$APP_USER/.ssh/config \
&& chown $APP_USER:$APP_USER /home/$APP_USER/.ssh/config
)
Check also the symfony migrate commands or anything needed in the created database.
./control.sh init # init conf files
./control.sh build symfony
./control.sh build # will be faster as many images are based on symfony
Note that you can also read the generated README.md of the generated project for details on how to deploy the project locally (like docker dependencies, debugging problems, etc).
If you launch a up
action on dev local environement the application is not yet installed. Shared directories with your local installation, containing things like the vendors, are empty, and the database may also be empty. A first test may needs commands like these ones :
./control.sh up
./control.sh userexec bin/composerinstall
./control.sh console doctrine:migrations:migrate --allow-no-migration
cd local
ssh-keygen -t rsa -b 2048 -N '' -C deploy -f deploy
export CORPUSOPS_VAULT_PASSWORD=SuperVerySecretPassword
.ansible/scripts/setup_vaults.sh
- Also add that variable
CORPUSOPS_VAULT_PASSWORD
in the gitlab CI/CD variables - You would certainly also add
REGISTRY_USER
®ISTRY_PASSWORD
.
For each file which needs to be encrypted
# to find them
find .ansible/inventory/group_vars/|grep encrypt
Also open and read both your project top README.md
and the .ansible/README.md
You need to
-
open in a editor:
$EDITOR .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml
-
In another window/shell, use Ansible vault to create/edit that file without the "encrypted" in the filename and copy/paste/adapt the content
.ansible/scripts/edit_vault.sh .ansible/inventory/group_vars/dev/default.yml
-
Delete the original file
rm -f .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml
- Wash, rince, repeat for each needing-to-be-encrypted vault.
⚠️ Please note⚠️ : that you will need to put the previously generated ssh deploy key inall/default.yml
- Push to gitlab and run the dev job until it succeeds
- Trigger the dev image release job until it succeeds
-
Deploy manually one time to see everything is in place
Remember:- Your local copy is synced as the working directory on target env (with exclusions, see playbooks)
- The
cops_symfony_docker_tag
controls which docker image is deployed.
.ansible/scripts/call_ansible.sh .ansible/playbooks/deploy_key_setup.yml .ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/ping.yml -l dev # or staging .ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/app.yml \ -e "{cops_symfony_docker_tag: dev}" -l dev # or staging
You can regenerate at a later time the project
local/regen.sh # and verify new files and updates