Merge pull request #215 from wunderio/feature/SLT-1041-node-22

SLT-1041: Add support for node 22

.github/dependabot.yml

@@ -47,6 +47,15 @@ updates:
         update-types:
           - "version-update:semver-major"
           - "version-update:semver-minor"
+  - package-ecosystem: "docker"
+    directory: "/silta-cicd/circleci-php8.2-node22-composer2"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "cimg/php"
+        update-types:
+          - "version-update:semver-major"
+          - "version-update:semver-minor"
 
   # silta-mailhog
   - package-ecosystem: "docker"
@@ -146,6 +155,13 @@ updates:
     ignore:
       - dependency-name: "node"
         update-types: ["version-update:semver-major"]
+  - package-ecosystem: "docker"
+    directory: "/silta-node/22-alpine"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "node"
+        update-types: [ "version-update:semver-major" ]
 
   # silta-php-fpm
   - package-ecosystem: "docker"

silta-cicd/circleci-php8.2-node22-composer2/Dockerfile

@@ -0,0 +1,72 @@
+FROM cimg/php:8.2.20
+
+# Make composer packages executable.
+ENV PATH="/home/circleci/.composer/vendor/bin:${PATH}"
+
+# Upgrade packages
+RUN sudo apt update && sudo apt upgrade && sudo apt clean
+
+# Install drush
+ENV DRUSH_LAUNCHER_VERSION 0.9.1
+RUN sudo wget -q https://github.com/drush-ops/drush-launcher/releases/download/${DRUSH_LAUNCHER_VERSION}/drush.phar -O /usr/local/bin/drush \
+  && sudo chmod +x /usr/local/bin/drush
+
+# Install vim based on popular demand.
+RUN sudo apt-get update && sudo apt-get install vim && sudo apt-get clean
+
+# Add gcloud CLI and kubectl
+RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
+  && sudo apt-get install apt-transport-https ca-certificates \
+  && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
+  && sudo apt-get update && sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin kubectl \
+  && sudo apt-get clean
+
+# Install AWS cli and aws-iam-authenticator, git, python
+RUN sudo apt install -y git python3 \
+  && sudo apt-get install -y unzip curl \
+  && sudo apt-get clean \
+  && sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+  && sudo  unzip awscliv2.zip \
+  && sudo ./aws/install \
+  && sudo  rm -rf awscliv2.zip \
+  && sudo  rm -rf ./aws
+
+# Install Helm 3
+ENV HELM_VERSION v3.14.0
+ENV FILENAME helm-${HELM_VERSION}-linux-amd64.tar.gz
+ENV HELM_URL https://get.helm.sh/${FILENAME}
+
+RUN curl -o /tmp/$FILENAME ${HELM_URL} \
+  && tar -zxvf /tmp/${FILENAME} -C /tmp \
+  && rm /tmp/${FILENAME} \
+  && sudo mv /tmp/linux-amd64/helm /bin/helm \
+  && helm repo add bitnami https://charts.bitnami.com/bitnami \
+  # && helm repo add minio https://helm.min.io/ \
+  && helm repo add wunderio https://storage.googleapis.com/charts.wdr.io \
+  && helm repo add percona https://percona.github.io/percona-helm-charts/ \
+  && helm plugin install https://github.com/quintush/helm-unittest --version 0.2.4
+
+# NOTE: quintush/helm-unittest v0.2.0 release breaks helm tests.
+
+# TODO: when https://github.com/lrills/helm-unittest/issues/87 is merged,
+# switch back to using https://github.com/lrills/helm-unittest as the source
+
+# Install Node.js and Yarn.
+# The following code is based on the CircleCI Node.js Dockerfile template:
+# https://github.com/CircleCI-Public/cimg-shared/blob/main/variants/node.Dockerfile.template
+ENV NODE_VERSION 22.3.0
+RUN echo "Installing Node.js version ${NODE_VERSION}"
+RUN curl -L -o node.tar.xz "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz" && \
+	sudo tar -xJf node.tar.xz -C /usr/local --strip-components=1 && \
+	rm node.tar.xz && \
+	sudo ln -s /usr/local/bin/node /usr/local/bin/nodejs
+
+ENV YARN_VERSION 1.22.22
+RUN curl -L -o yarn.tar.gz "https://yarnpkg.com/downloads/${YARN_VERSION}/yarn-v${YARN_VERSION}.tar.gz" && \
+	sudo tar -xzf yarn.tar.gz -C /opt/ && \
+	rm yarn.tar.gz && \
+	sudo ln -s /opt/yarn-v${YARN_VERSION}/bin/yarn /usr/local/bin/yarn && \
+	sudo ln -s /opt/yarn-v${YARN_VERSION}/bin/yarnpkg /usr/local/bin/yarnpkg
+
+# Add custom php config and lift memory limit.
+COPY conf/php/memory.ini /usr/local/etc/php/conf.d/memory.ini

silta-cicd/circleci-php8.2-node22-composer2/README.md

@@ -0,0 +1,16 @@
+# silta-circleci
+A docker image used circleCI, based on `cimg/php:8.2.20` with the following additions:
+
+- Composer configured correctly
+- Drush-launcher and coder pre-installed
+- Vim, useful for debugging
+- kubernetes and helm
+- Node.js
+- Yarn
+
+## Versions
+- PHP: 8.2.20
+- Composer: 2.5.1
+- Node: 22.3.0
+- Yarn: 1.22.22
+- Helm: v3.14.0

silta-cicd/circleci-php8.2-node22-composer2/TAGS

@@ -0,0 +1,3 @@
+circleci-php8.2-node22-composer2-v1
+circleci-php8.2-node22-composer2-v1.0
+circleci-php8.2-node22-composer2-v1.0.0

silta-cicd/circleci-php8.2-node22-composer2/conf/php/memory.ini

@@ -0,0 +1 @@
+memory_limit = -1

silta-node/22-alpine/Dockerfile

@@ -0,0 +1,18 @@
+FROM node:22.3-alpine
+
+RUN apk add --no-cache openssh bash rsync curl tzdata
+
+EXPOSE 22
+
+RUN mkdir /etc/ssh/keys
+
+# Copy scripts
+COPY gitauth_keys.sh /etc/ssh/
+COPY entrypoint.sh /
+COPY silta /silta
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+WORKDIR /app
+
+CMD npm run start

silta-node/22-alpine/TAGS

@@ -0,0 +1,3 @@
+22-alpine-v1
+22-alpine-v1.0
+22-alpine-v1.0.0

silta-node/22-alpine/entrypoint.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Trigger silta entrypoint scripts if present.
+if [ -f /silta/entrypoint.sh ] ; then /silta/entrypoint.sh ; fi
+
+if [[ -v GITAUTH_URL ]]; then
+
+    if [[ ! -f /etc/ssh/keys/ssh_host_rsa_key ]]; then
+        # Generate new SSH fingerprint
+        ssh-keygen -f /etc/ssh/keys/ssh_host_rsa_key -N '' -t rsa
+        ssh-keygen -f /etc/ssh/keys/ssh_host_dsa_key -N '' -t dsa
+        ssh-keygen -f /etc/ssh/keys/ssh_host_ecdsa_key -N '' -t ecdsa
+        ssh-keygen -f /etc/ssh/keys/ssh_host_ed25519_key -N '' -t ed25519
+    fi
+
+    # SSHD settings
+    sed -i 's/^PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
+    sed -i 's/^#UseDNS .*/UseDNS no/' /etc/ssh/sshd_config
+    sed -i 's/^#PrintMotd .*/PrintMotd no/' /etc/ssh/sshd_config
+    sed -i 's/^#PermitUserEnvironment .*/PermitUserEnvironment yes/' /etc/ssh/sshd_config
+    sed -i 's/^#ChallengeResponseAuthentication .*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+    sed -i 's/^#ClientAliveInterval .*/ClientAliveInterval 120/' /etc/ssh/sshd_config
+    sed -i 's/^#ClientAliveCountMax .*/ClientAliveCountMax 30/' /etc/ssh/sshd_config
+    sed -i 's/^AllowTcpForwarding .*/AllowTcpForwarding yes/' /etc/ssh/sshd_config
+    sed -i 's/^#PermitTunnel .*/PermitTunnel yes/' /etc/ssh/sshd_config
+
+    sed -i 's/^#HostKey \/etc\/ssh\/ssh_host_rsa_key/HostKey \/etc\/ssh\/keys\/ssh_host_rsa_key/' /etc/ssh/sshd_config
+    sed -i 's/^#HostKey \/etc\/ssh\/ssh_host_dsa_key/HostKey \/etc\/ssh\/keys\/ssh_host_dsa_key/' /etc/ssh/sshd_config
+    sed -i 's/^#HostKey \/etc\/ssh\/ssh_host_ecdsa_key/HostKey \/etc\/ssh\/keys\/ssh_host_ecdsa_key/' /etc/ssh/sshd_config
+    sed -i 's/^#HostKey \/etc\/ssh\/ssh_host_ed25519_key/HostKey \/etc\/ssh\/keys\/ssh_host_ed25519_key/' /etc/ssh/sshd_config
+
+    sed -i 's/^#AuthorizedKeysCommandUser .*/AuthorizedKeysCommandUser nobody/' /etc/ssh/sshd_config
+    sed -i 's/^#AuthorizedKeysCommand .*/AuthorizedKeysCommand \/etc\/ssh\/gitauth_keys.sh %f/' /etc/ssh/sshd_config
+
+    # AuthorizedKeysCommand does not read environment variables, so we use them with `source`
+    cat > /etc/ssh/gitauth_keys.env << EOF
+GITAUTH_URL=${GITAUTH_URL}
+GITAUTH_SCOPE=${GITAUTH_SCOPE}
+GITAUTH_USERNAME=${GITAUTH_USERNAME}
+GITAUTH_PASSWORD=${GITAUTH_PASSWORD}
+OUTSIDE_COLLABORATORS=${OUTSIDE_COLLABORATORS}
+EOF
+
+    env > /etc/environment
+    # We add -D to make it non-interactive, but then the user is locked out.
+    adduser www-admin -D -G node -s /bin/bash -h /app
+    # So set an empty password after the user is created.
+    echo "www-admin:" | chpasswd
+
+    # Pass environment variables down to container, so SSH can pick it up and drush commands work too.
+    mkdir ~www-admin/.ssh/
+    env | grep -v HOME > ~www-admin/.ssh/environment
+
+    echo "umask 0002" >> ~www-admin/.profile
+
+    # run SSH server
+    /usr/sbin/sshd -E /proc/self/fd/2
+fi
+
+# Call the CMD instruction of the Dockerfile.
+exec "$@"

silta-node/22-alpine/gitauth_keys.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# AuthorizedKeysCommand does not have environment variables, so we use them with `source`
+source "${0%/*}/gitauth_keys.env"
+
+echo "$(curl -s -u ${GITAUTH_USERNAME}:${GITAUTH_PASSWORD} ${GITAUTH_URL}\?scope=${GITAUTH_SCOPE}\&outside_collaborators=${OUTSIDE_COLLABORATORS}\&fingerprint=${1})"

silta-node/22-alpine/silta/.bashrc

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+source /silta/entrypoints/00-umask.sh
+
+if [ "${PS1-}" ]; then
+    PS1="\w$ "
+fi

silta-node/22-alpine/silta/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+set -e
+
+## Run startup scripts
+for f in $(dirname "$0")/entrypoints/*.sh; do
+  if [ -r $f ]; then
+    . "$f"
+  fi
+done

silta-node/22-alpine/silta/entrypoints/00-umask.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+umask 002