Merge branch 'release/2.0.0'

Author: turegjorup

.docker/nginx.conf

@@ -1,6 +1,6 @@
 worker_processes  auto;
 
-error_log  /var/log/nginx/error.log notice;
+error_log  /dev/stderr notice;
 pid        /tmp/nginx.pid;
 
 events {
@@ -26,11 +26,9 @@ http {
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log  /var/log/nginx/access.log main;
+    access_log  /dev/stdout main;
 
     sendfile        on;
-    #tcp_nopush     on;
-
     keepalive_timeout  65;
 
     gzip  on;

.docker/templates/default.conf.template

@@ -0,0 +1,40 @@
+server {
+    listen ${NGINX_PORT};
+    server_name localhost;
+
+    root ${NGINX_WEB_ROOT};
+
+    location / {
+        # try to serve file directly, fallback to index.php
+        try_files $uri /index.php$is_args$args;
+    }
+
+    # Protect files and directories from prying eyes.
+    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+        deny all;
+        return 404;
+    }
+
+    location ~ ^/index\.php(/|$) {
+        fastcgi_buffers 16 32k;
+        fastcgi_buffer_size 64k;
+        fastcgi_busy_buffers_size 64k;
+
+        fastcgi_pass ${NGINX_FPM_SERVICE};
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        internal;
+    }
+
+    location ~ \.php$ {
+        return 404;
+    }
+
+    # Send log message to files symlinked to stdout/stderr.
+    error_log /dev/stderr;
+    access_log /dev/stdout main;
+}

.editorconfig

@@ -0,0 +1,20 @@
+# Drupal editor configuration normalization
+# @see http://editorconfig.org/
+
+# This is the top-most .editorconfig file; do not search in parent directories.
+root = true
+
+# All files.
+[*]
+end_of_line = LF
+indent_style = space
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{js,scss}]
+indent_size = 2
+
+[docker-compose*.yml]
+indent_size = 2

.env

@@ -27,7 +27,7 @@ TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
 # IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
 #
 # DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
-DATABASE_URL="mysql://db:db@mariadb:3306/db?serverVersion=mariadb-10.5.13"
+DATABASE_URL="mysql://db:db@mariadb:3306/db?serverVersion=10.11.5-MariaDB"
 #DATABASE_URL="postgresql://db_user:[email protected]:5432/db_name?serverVersion=13&charset=utf8"
 ###< doctrine/doctrine-bundle ###
 
@@ -40,6 +40,7 @@ CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 
 ###> App ###
 APP_DEFAULT_DATE_FORMAT='Y-m-d\TH:i:s.v\Z'
+APP_ACTIVATION_CODE_EXPIRE_INTERNAL=P2D
 ###< App ###
 
 ###> lexik/jwt-authentication-bundle ###
@@ -56,14 +57,27 @@ JWT_SCREEN_REFRESH_TOKEN_TTL=2592000 # 30 days
 ###< gesdinet/jwt-refresh-token-bundle ###
 
 ###> itk-dev/openid-connect-bundle ###
-# "admin" open id connect configuration variables (values provided by the OIDC IdP)
-OIDC_METADATA_URL=ADMIN_APP_METADATA_URL
-OIDC_CLIENT_ID=ADMIN_APP_CLIENT_ID
-OIDC_CLIENT_SECRET=ADMIN_APP_CLIENT_SECRET
-OIDC_REDIRECT_URI=ADMIN_APP_REDIRECT_URI
-OIDC_LEEWAY=30
+# internal provider
+INTERNAL_OIDC_METADATA_URL=INTERNAL_OIDC_METADATA_URL
+INTERNAL_OIDC_CLIENT_ID=INTERNAL_OIDC_CLIENT_ID
+INTERNAL_OIDC_CLIENT_SECRET=INTERNAL_OIDC_CLIENT_SECRET
+INTERNAL_OIDC_REDIRECT_URI=INTERNAL_OIDC_REDIRECT_URI
+INTERNAL_OIDC_LEEWAY=30
+INTERNAL_OIDC_CLAIM_NAME=navn
+INTERNAL_OIDC_CLAIM_EMAIL=email
+INTERNAL_OIDC_CLAIM_GROUPS=groups
 
-CLI_REDIRECT=APP_CLI_REDIRECT_URI
+# external provider
+EXTERNAL_OIDC_METADATA_URL=EXTERNAL_OIDC_METADATA_URL
+EXTERNAL_OIDC_CLIENT_ID=EXTERNAL_OIDC_CLIENT_ID
+EXTERNAL_OIDC_CLIENT_SECRET=EXTERNAL_OIDC_CLIENT_SECRET
+EXTERNAL_OIDC_REDIRECT_URI=EXTERNAL_OIDC_REDIRECT_URI
+EXTERNAL_OIDC_LEEWAY=30
+EXTERNAL_OIDC_HASH_SALT=
+EXTERNAL_OIDC_CLAIM_ID=signinname
+
+# cli redirect url
+OIDC_CLI_REDIRECT=APP_CLI_REDIRECT_URI
 ###< itk-dev/openid-connect-bundle ###
 
 ###> redis ###

.github/workflows/github_build_release.yml

@@ -16,7 +16,7 @@ jobs:
       APP_ENV: prod
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Composer install
         run: |

.github/workflows/itkdev_docker_build_develop.yml

@@ -15,23 +15,23 @@ jobs:
       COMPOSER_ALLOW_SUPERUSER: 1
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Build api
       - name: Docker meta (API)
         id: meta-api
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: itkdev/os2display-api-service
 
       - name: Build and push (API)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/itkdev/display-api-service/
           file: ./infrastructure/itkdev/display-api-service/Dockerfile
@@ -44,12 +44,12 @@ jobs:
       # Build nginx (depends on api build)
       - name: Docker meta (Nginx)
         id: meta-nginx
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: itkdev/os2display-api-service-nginx
 
       - name: Build and push (Nginx)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/itkdev/nginx/
           file: ./infrastructure/itkdev/nginx/Dockerfile

.github/workflows/itkdev_docker_build_tag.yml

@@ -14,23 +14,23 @@ jobs:
       COMPOSER_ALLOW_SUPERUSER: 1
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Build api
       - name: Docker meta (API)
         id: meta-api
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: itkdev/os2display-api-service
 
       - name: Build and push (API)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/itkdev/display-api-service/
           file: ./infrastructure/itkdev/display-api-service/Dockerfile
@@ -43,7 +43,7 @@ jobs:
       # Build nginx (depends on api build)
       - name: Docker meta (Nginx)
         id: meta-nginx
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: itkdev/os2display-api-service-nginx
 
@@ -52,7 +52,7 @@ jobs:
         run: echo ::set-output name=git_tag::$(echo $GITHUB_REF_NAME)
 
       - name: Build and push (Nginx)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/itkdev/nginx/
           file: ./infrastructure/itkdev/nginx/Dockerfile

.github/workflows/os2display_docker_build_develop.yml

@@ -15,23 +15,23 @@ jobs:
       COMPOSER_ALLOW_SUPERUSER: 1
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Build api
       - name: Docker meta (API)
         id: meta-api
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: os2display/display-api-service
 
       - name: Build and push (API)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/os2display/display-api-service/
           file: ./infrastructure/os2display/display-api-service/Dockerfile
@@ -44,12 +44,12 @@ jobs:
       # Build nginx (depends on api build)
       - name: Docker meta (Nginx)
         id: meta-nginx
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: os2display/display-api-service-nginx
 
       - name: Build and push (Nginx)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/os2display/nginx/
           file: ./infrastructure/os2display/nginx/Dockerfile

.github/workflows/os2display_docker_build_tag.yml

@@ -14,23 +14,23 @@ jobs:
       COMPOSER_ALLOW_SUPERUSER: 1
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Build api
       - name: Docker meta (API)
         id: meta-api
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: os2display/display-api-service
 
       - name: Build and push (API)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/os2display/display-api-service/
           file: ./infrastructure/os2display/display-api-service/Dockerfile
@@ -43,7 +43,7 @@ jobs:
       # Build nginx (depends on api build)
       - name: Docker meta (Nginx)
         id: meta-nginx
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: os2display/display-api-service-nginx
 
@@ -52,7 +52,7 @@ jobs:
         run: echo ::set-output name=git_tag::$(echo $GITHUB_REF_NAME)
 
       - name: Build and push (Nginx)
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infrastructure/os2display/nginx/
           file: ./infrastructure/os2display/nginx/Dockerfile