diff --git a/.env b/.env index 6161cc7..5c4a951 100644 --- a/.env +++ b/.env @@ -27,7 +27,7 @@ TEST_CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore_test TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_test # CKAN core -CKAN_VERSION=2.10.0 +CKAN_VERSION=2.9.8 CKAN_SITE_ID=default CKAN_SITE_URL=http://localhost:5000 CKAN_PORT=5000 @@ -61,7 +61,7 @@ CKAN__RESOURCE_PROXY__TIMEOUT=10 CKAN__VIEWS__DEFAULT_VIEWS="image_view text_view recline_view harvest ckan_harvester wmts_view geojson_view geo_view shp_view pdf_view" # Solr -SOLR_IMAGE_VERSION=2.10-spatial +SOLR_IMAGE_VERSION=2.9-solr8-spatial CKAN_SOLR_URL=http://solr:8983/solr/ckan TEST_CKAN_SOLR_URL=http://solr:8983/solr/ckan diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..0eb6ca6 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,47 @@ +name: Docker + +on: + push: + branches: [ 'ckan-2.9.8' ] + tags: [ 'v*.*.*' ] + pull_request: + branches: [ 'ckan-2.9.8' ] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - + name: Checkout + uses: actions/checkout@v1 + - + name: Login to registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - + name: Build and push + uses: docker/build-push-action@v3 + with: + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/README.md b/README.md index 52484ff..777174f 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,8 @@ Information about extensions installed in the `main` image. More info described | **Element** | **Description** | **version** | **Status** | **DEV**[^1] | **PRO**[^2] | **Remarks** | |-------------|-----------------------------------------------------------------------------------------|-------------|------------------------------|---------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Core | [CKAN](https://github.com/mjanez/ckan-docker) | 2.10.0 | Completed | ✔️ | ✔️ | Stable installation for version 2.10.0 (Production & Dev images) via Docker Compose based on [official images](https://github.com/ckan/ckan-docker-base)). Initial configuration, basic customisation and operation guide. | -| Core + | [Datastore](https://github.com/mjanez/ckan-docker) | 2.10.0 | Completed | ✔️ | ✔️ | Stable installation (Production & Dev images) via Docker Compose. | +| Core | [CKAN](https://github.com/mjanez/ckan-docker) | 2.9.8 | Completed | ✔️ | ✔️ | Stable installation for version 2.9.7 (Production & Dev images) via Docker Compose based on [official images](https://github.com/ckan/ckan-docker-base)). Initial configuration, basic customisation and operation guide. | +| Core + | [Datastore](https://github.com/mjanez/ckan-docker) | 2.9.8 | Completed | ✔️ | ✔️ | Stable installation (Production & Dev images) via Docker Compose. | | Core + | [~~Datapusher~~](https://github.com/mjanez/ckan-docker) | 0.0.19 | Deprecated | ❌ | ❌ | Updated to [xloader](https://github.com/ckan/ckanext-xloader), an express Loader - quickly load data into DataStore. | | Extension | [ckanext-xloader](https://github.com/ckan/ckanext-xloader) | 0.12.2 | Completed | ✔️ | ❌ | Stable installation, a replacement for DataPusher because it offers ten times the speed and more robustness | | Extension | [ckanext-harvest](https://github.com/ckan/ckanext-harvest) | 1.5.0 | Completed | ✔️ | ✔️ | Stable installation, necessary for the implementation of the Collector ([ogc_ckan](#recollector-ckan)) | diff --git a/ckan/Dockerfile b/ckan/Dockerfile index 2e27be0..9741f50 100644 --- a/ckan/Dockerfile +++ b/ckan/Dockerfile @@ -1,12 +1,113 @@ -FROM ckan/ckan-base:2.9.7 +FROM alpine:3.13 -# Set up environment variables +# Internals, you probably don't need to change these ENV APP_DIR=/srv/app +ENV SRC_DIR=/srv/app/src +ENV CKAN_INI=${APP_DIR}/ckan.ini +ENV PIP_SRC=${SRC_DIR} +ENV CKAN_STORAGE_PATH=/var/lib/ckan +ENV GIT_URL=https://github.com/ckan/ckan.git ENV TZ=UTC RUN echo ${TZ} > /etc/timezone +# CKAN version to build +ENV GIT_BRANCH=ckan-2.9.8 +# Customize these on the .env file if needed +ENV CKAN_SITE_URL=http://localhost:5000 +ENV CKAN__PLUGINS image_view text_view recline_view datastore datapusher envvars -# Set up PROJ -RUN apk add geos-dev proj proj-util proj-dev +# UWSGI options +ENV UWSGI_HARAKIRI=50 + +WORKDIR ${APP_DIR} + +# Install necessary packages to run CKAN +RUN apk add --no-cache tzdata \ + git \ + gettext \ + postgresql-client \ + python3 \ + libxml2 \ + libxslt \ + musl-dev \ + uwsgi \ + uwsgi-http \ + uwsgi-corerouter \ + uwsgi-python \ + py3-gevent \ + uwsgi-gevent \ + libmagic \ + curl \ + patch \ + sudo && \ + # Packages to build CKAN requirements and plugins + apk add --no-cache --virtual .build-deps \ + postgresql-dev \ + gcc \ + make \ + g++ \ + autoconf \ + automake \ + libtool \ + python3-dev \ + libxml2-dev \ + libxslt-dev \ + linux-headers \ + openssl-dev \ + libffi-dev \ + cargo \ + # Set up PROJ + geos-dev \ + proj \ + proj-util \ + proj-dev && \ + # Create SRC_DIR + mkdir -p ${SRC_DIR} && \ + # Install pip, supervisord and uwsgi + curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \ + python3 ${SRC_DIR}/get-pip.py && \ + pip3 install supervisor && \ + mkdir /etc/supervisord.d && \ + #pip wheel --wheel-dir=/wheels uwsgi gevent && \ + rm -rf ${SRC_DIR}/get-pip.py + +COPY setup/supervisord.conf /etc + +# Install CKAN +RUN pip3 install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan && \ + cd ${SRC_DIR}/ckan && \ + cp who.ini ${APP_DIR} && \ + pip3 install -r requirement-setuptools.txt && \ + pip3 install --no-binary markdown -r requirements.txt && \ + # Install CKAN envvars to support loading config from environment variables + pip3 install -e git+https://github.com/okfn/ckanext-envvars.git#egg=ckanext-envvars && \ + # Create and update CKAN config + ckan generate config ${CKAN_INI} && \ + ckan config-tool ${CKAN_INI} "beaker.session.secret = " && \ + ckan config-tool ${CKAN_INI} "ckan.plugins = ${CKAN__PLUGINS}" + +# Create a local user and group to run the app +RUN addgroup -g 92 -S ckan && \ + adduser -u 92 -h /srv/app -s /bin/bash -D -G ckan ckan + +# Create local storage folder +RUN mkdir -p ${CKAN_STORAGE_PATH} && \ + chown -R ckan:ckan ${CKAN_STORAGE_PATH} + +COPY setup/prerun.py ${APP_DIR} +COPY setup/start_ckan.sh ${APP_DIR} +ADD https://raw.githubusercontent.com/ckan/ckan/${GIT_BRANCH}/wsgi.py ${APP_DIR} + +# Create entrypoint directory for children image scripts +ONBUILD RUN mkdir /docker-entrypoint.d + +RUN chown ckan -R /srv/app + +RUN addgroup sudo && \ + adduser ckan sudo + +EXPOSE 5000 + +HEALTHCHECK --interval=60s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1 # Make sure both files are not exactly the same RUN if ! [ /usr/share/zoneinfo/${TZ} -ef /etc/localtime ]; then \ diff --git a/ckan/Dockerfile.dev b/ckan/Dockerfile.dev index a4f79c6..1e7b26e 100644 --- a/ckan/Dockerfile.dev +++ b/ckan/Dockerfile.dev @@ -1,4 +1,5 @@ -FROM ckan/ckan-base:2.9.7-dev +# syntax = edrevo/dockerfile-plus +INCLUDE+ Dockerfile # Set up environment variables ENV APP_DIR=/srv/app diff --git a/ckan/setup/start_ckan.sh b/ckan/setup/start_ckan.sh index e1fb8e1..d6d437d 100755 --- a/ckan/setup/start_ckan.sh +++ b/ckan/setup/start_ckan.sh @@ -1,5 +1,16 @@ #!/bin/bash +# Set up the Secret key used by Beaker and Flask +# This can be overriden using a CKAN___BEAKER__SESSION__SECRET env var +if grep -E "beaker.session.secret ?= ?$" ckan.ini +then + echo "Setting beaker.session.secret in ini file" + ckan config-tool $CKAN_INI "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')" + JWT_SECRET=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())') + ckan config-tool $CKAN_INI "api_token.jwt.encode.secret=${JWT_SECRET}" + ckan config-tool $CKAN_INI "api_token.jwt.decode.secret=${JWT_SECRET}" +fi + # Run the prerun script to init CKAN and create the default admin user sudo -u ckan -EH python3 prerun.py diff --git a/docker-compose.yml b/docker-compose.yml index 75b2ede..b5d7b96 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,6 +26,7 @@ services: dockerfile: Dockerfile args: - TZ=${TZ} + image: ghcr.io/mjanez/ckan-docker:ckan-2.9.8 env_file: - .env depends_on: