npm - @fishawack/lab-env - Versions diffs - 4.20.0 → 4.22.0 - Mend

@fishawack/lab-env 4.20.0 → 4.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,20 @@
 ## Changelog
+### 4.22.0 (2023-08-09)
+* [Feature] Added newly setup AWS accounts to the client prompts on @fishawack/core and @fishawack/lab-env have mismatching versions.
+* [Feature] added drupal configs
+* [Feature] laravel now ships with elasticsearch container
+* [Feature] added security header template for nginx builds
+* [Feature] added new cloudfront function template for response headers
+* [Feature] use newer ciphers in nginx conf
+* [Feature] added nginx and laravel aws configs
+* [Bug] added apache security_headers conf
+### 4.21.0 (2023-05-22)
+* [Feature] added elastic beanstalk config stubs
+* [Change] wp command now prepends vendor path in wordpress@1 and no longer passes path as its found in wp-cli yml
+* [Change] Bumped fishawack/lab-env-wordpress-1-php to 1.1.0
 ### 4.20.0 (2023-05-19)
 * [Feature] added new clients

package/commands/create/libs/aws-cloudfront-response.js ADDED Viewed

@@ -0,0 +1,12 @@
+function handler(event) {
+    // Add security headers
+    var response = event.response;
+    var headers = response.headers;
+    headers['strict-transport-security'] = { value: 'max-age=31536000; includeSubDomains'};
+    headers['content-security-policy'] = { value: "default-src 'self' https: data: 'unsafe-inline';"};
+    headers['x-content-type-options'] = { value: 'nosniff'};
+    headers['x-frame-options'] = {value: 'sameorigin'};
+    return response;
+}

package/commands/create/services/aws/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ module.exports.iam = require("./iam.js");
 module.exports.slug = (repo, client, branch) => s3Safe(`${branch}-${repo}-${client}`);
-module.exports.clients = ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'ptc', 'jazz', 'pfizer', 'heron', 'novartis', 'training', 'merck', 'acadia', 'travere', 'roche', 'utc', 'bayer', 'alcon', 'uhc', 'chiesi', '3m', 'sarepta', 'ipsen', 'novocure', 'anthem', 'kyowakirin', 'optum', 'rally', 'menarini', 'childrensminnesota'];
+module.exports.clients = ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'ptc', 'jazz', 'pfizer', 'heron', 'novartis', 'training', 'merck', 'acadia', 'travere', 'roche', 'utc', 'bayer', 'alcon', 'uhc', 'chiesi', '3m', 'sarepta', 'ipsen', 'novocure', 'anthem', 'kyowakirin', 'optum', 'rally', 'menarini', 'childrensminnesota', 'gore'];
 module.exports.static = async (name, account, tags = [], credentials = []) => {
     let s3 = await module.exports.s3.createS3Bucket(name, account, tags);

package/commands/create/templates/elasticbeanstalk/.ebextensions/apache/auto-ssl.config ADDED Viewed

@@ -0,0 +1,24 @@
+files:
+  /etc/cron.d/certbot_renew:
+    content: "@weekly root certbot renew\n"
+    group: root
+    mode: "000644"
+    owner: root
+container_commands:
+  10_downloadepel:
+    command: "wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/"
+  20_installepel:
+    command: "rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm --force"
+  30_enableepl:
+    command: "yum-config-manager --enable epel*"
+  40_installcertbot:
+    command: "yum install -y certbot"
+  50_getcert:
+    command: "certbot certonly --debug --non-interactive --email ${EMAIL_LINK} --agree-tos --standalone --expand --domains ${DOMAIN_LINK} --keep-until-expiring --pre-hook \"service httpd stop\""
+  60_link:
+    command: "ln -sf /etc/letsencrypt/live/$(echo ${DOMAIN_LINK} | cut -d, -f1) /etc/letsencrypt/live/ebcert"
+  70_startserver:
+    command: "service httpd start"
+  80_cleanup:
+    command: "rm -rf dl.fedoraproject.org"

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/post-deploy.config ADDED Viewed

@@ -0,0 +1,14 @@
+container_commands:
+  01-db-import:
+    command: "if [ -f auto-ci-db.sql ]; then vendor/bin/drush sql:drop -y; vendor/bin/drush sql:cli < auto-ci-db.sql; rm -rf auto-ci-db.sql; fi"
+    leader_only: true
+  02-db-remove:
+    command: "rm -rf auto-ci-db.sql"
+  03-run-configs:
+    command: "for d in ./web/sites/*/ ; do vendor/bin/drush -l $(basename $d) config:import -y; vendor/bin/drush -l $(basename $d) cr; done"
+  04-run-sitemaps:
+    command: "for d in ./web/sites/*/ ; do vendor/bin/drush -l $(basename $d) simple-sitemap:generate -y; vendor/bin/drush -l $(basename $d) cr; done"
+  05-maintenance-off:
+    command: "vendor/bin/drush state:set system.maintenance_mode 0 --input-format=integer || true"
+  06-clear-cache:
+    command: vendor/bin/drush cr || true

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/pre-deploy.config ADDED Viewed

@@ -0,0 +1,10 @@
+commands:
+  01-setvars:
+    command: /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "export \(.key)=\"\(.value)\""' > /etc/profile.d/sh.local
+  02-maintenance-on:
+    command: vendor/bin/drush state:set system.maintenance_mode 1 --input-format=integer 2>/dev/null || true
+  03-clear-cache:
+    command: vendor/bin/drush cr 2>/dev/null || true
+packages:
+  yum:
+    jq: []

package/commands/create/templates/elasticbeanstalk/.ebextensions/drupal/software.config ADDED Viewed

@@ -0,0 +1,5 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /web
+  aws:elasticbeanstalk:environment:proxy:
+      ProxyServer: apache

package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/post-deploy.config ADDED Viewed

@@ -0,0 +1,6 @@
+container_commands:
+  10-db-import:
+    command: php artisan migrate --force
+    leader_only: true
+  20-clear-cache:
+    command: php artisan optimize:clear

package/commands/create/templates/elasticbeanstalk/.ebextensions/laravel/software.config ADDED Viewed

@@ -0,0 +1,16 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /public
+  aws:elasticbeanstalk:environment:proxy:
+    ProxyServer: nginx
+files:
+  "/etc/php.d/custom.ini":
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      memory_limit = 500M
+      upload_max_filesize = 500M
+      post_max_size = 500M
+      max_execution_time = 600

package/commands/create/templates/elasticbeanstalk/.ebextensions/misc/alb-http-to-https-redirection.config ADDED Viewed

@@ -0,0 +1,40 @@
+###################################################################################################
+#### Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+####
+#### Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file
+#### except in compliance with the License. A copy of the License is located at
+####
+####     http://aws.amazon.com/apache2.0/
+####
+#### or in the "license" file accompanying this file. This file is distributed on an "AS IS"
+#### BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#### License for the specific language governing permissions and limitations under the License.
+###################################################################################################
+###################################################################################################
+#### This configuration file modifies the default port 80 listener attached to an Application Load Balancer
+#### to automatically redirect incoming connections on HTTP to HTTPS.
+#### This will not work with an environment using the load balancer type Classic or Network.
+#### A prerequisite is that the 443 listener has already been created.
+#### Please use the below link for more information about creating an Application Load Balancer on
+#### the Elastic Beanstalk console.
+#### https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-alb.html#environments-cfg-alb-console
+###################################################################################################
+Resources:
+ AWSEBV2LoadBalancerListener:
+  Type: AWS::ElasticLoadBalancingV2::Listener
+  Properties:
+    LoadBalancerArn:
+      Ref: AWSEBV2LoadBalancer
+    Port: 80
+    Protocol: HTTP
+    DefaultActions:
+      - Type: redirect
+        RedirectConfig:
+          Host: "#{host}"
+          Path: "/#{path}"
+          Port: "443"
+          Protocol: "HTTPS"
+          Query: "#{query}"
+          StatusCode: "HTTP_301"

package/commands/create/templates/elasticbeanstalk/.ebextensions/misc/enable-https.config ADDED Viewed

@@ -0,0 +1,13 @@
+Resources:
+  sslSecurityGroupIngress:
+    Properties:
+      CidrIp: 0.0.0.0/0
+      FromPort: 443
+      GroupId:
+        ? "Fn::GetAtt"
+        :
+          - AWSEBSecurityGroup
+          - GroupId
+      IpProtocol: tcp
+      ToPort: 443
+    Type: "AWS::EC2::SecurityGroupIngress"

package/commands/create/templates/elasticbeanstalk/.ebextensions/misc/setvars.config ADDED Viewed

@@ -0,0 +1,6 @@
+commands:
+  setvars:
+    command: /opt/elasticbeanstalk/bin/get-config environment | jq -r 'to_entries | .[] | "export \(.key)=\"\(.value)\""' > /etc/profile.d/sh.local
+packages:
+  yum:
+    jq: []

package/commands/create/templates/elasticbeanstalk/.ebextensions/nginx/auto-ssl.config ADDED Viewed

@@ -0,0 +1,24 @@
+files:
+  /etc/cron.d/certbot_renew:
+    content: "@weekly root certbot renew\n"
+    group: root
+    mode: "000644"
+    owner: root
+container_commands:
+  10_downloadepel:
+    command: "wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/"
+  20_installepel:
+    command: "rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm --force"
+  30_enableepl:
+    command: "yum-config-manager --enable epel*"
+  40_installcertbot:
+    command: "yum install -y certbot"
+  50_getcert:
+    command: "certbot certonly --debug --non-interactive --email ${EMAIL_LINK} --agree-tos --standalone --expand --domains ${DOMAIN_LINK} --keep-until-expiring --pre-hook \"service nginx stop\""
+  60_link:
+    command: "ln -sf /etc/letsencrypt/live/$(echo ${DOMAIN_LINK} | cut -d, -f1) /etc/letsencrypt/live/ebcert"
+  70_startserver:
+    command: "service nginx start"
+  80_cleanup:
+    command: "rm -rf dl.fedoraproject.org"

package/commands/create/templates/elasticbeanstalk/.ebextensions/php/ini.config ADDED Viewed

@@ -0,0 +1,10 @@
+files:
+  "/etc/php.d/custom.ini":
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      memory_limit = 500M
+      upload_max_filesize = 500M
+      post_max_size = 500M
+      max_execution_time = 600

package/commands/create/templates/elasticbeanstalk/.ebextensions/wordpress/environment.config ADDED Viewed

@@ -0,0 +1,3 @@
+option_settings:
+  - option_name: WP_CLI_ALLOW_ROOT
+    value: true

package/commands/create/templates/elasticbeanstalk/.ebextensions/wordpress/post-deploy.config ADDED Viewed

@@ -0,0 +1,10 @@
+container_commands:
+  10-db-import:
+    command: if [ -f auto-ci-db.sql ]; then vendor/bin/wp db reset --yes; vendor/bin/wp db import auto-ci-db.sql; fi
+    leader_only: true
+  20-db-remove:
+    command: "rm -rf auto-ci-db.sql"
+  30-rewrite-flush:
+    command: "vendor/bin/wp rewrite flush --hard"
+  40-rewrite-flush:
+    command: "vendor/bin/wp cli cache clear"

package/commands/create/templates/elasticbeanstalk/.ebextensions/wordpress/software.config ADDED Viewed

@@ -0,0 +1,5 @@
+option_settings:
+  aws:elasticbeanstalk:container:php:phpini:
+    document_root: /wordpress
+  aws:elasticbeanstalk:environment:proxy:
+    ProxyServer: apache

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/443/ssl.conf ADDED Viewed

@@ -0,0 +1,4 @@
+SSLEngine on
+SSLCertificateFile /etc/letsencrypt/live/ebcert/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ebcert/privkey.pem
+SSLCertificateChainFile /etc/letsencrypt/live/ebcert/chain.pem

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/443/www-to-nonwww-redirection.conf ADDED Viewed

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
+RewriteRule ^(.*)$ https://%1$1 [R=301,L]

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/elasticbeanstalk/80/http-https-redirection.conf ADDED Viewed

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/security_headers.conf ADDED Viewed

@@ -0,0 +1,7 @@
+Header set X-Content-Type-Options "nosniff"
+Header set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline';"
+Header set X-Frame-Options 'sameorigin'
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+ServerSignature Off
+ServerTokens Prod

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/virtualhost-443.conf ADDED Viewed

@@ -0,0 +1,5 @@
+Listen 443
+<VirtualHost *:443>
+    IncludeOptional conf.d/elasticbeanstalk/443/*.conf
+</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/httpd/conf.d/virtualhost-80.conf ADDED Viewed

@@ -0,0 +1,3 @@
+<VirtualHost *:80>
+    IncludeOptional conf.d/elasticbeanstalk/80/*.conf
+</VirtualHost>

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/buffer_size.conf ADDED Viewed

@@ -0,0 +1,6 @@
+large_client_header_buffers 4 32k;
+fastcgi_buffers 16 32k;
+fastcgi_buffer_size 32k;
+proxy_buffer_size   128k;
+proxy_buffers   4 256k;
+proxy_busy_buffers_size   256k;

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/http-https-redirection.conf ADDED Viewed

@@ -0,0 +1,3 @@
+if ($ssl_protocol = "") {
+    rewrite ^ https://$host$request_uri? permanent;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/laravel.conf ADDED Viewed

@@ -0,0 +1,4 @@
+location / {
+    try_files $uri $uri/ /index.php?$query_string;
+    gzip_static on;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/elasticbeanstalk/www-to-nonwww-redirection.conf ADDED Viewed

@@ -0,0 +1,7 @@
+if ($http_x_forwarded_proto = '') {
+    set $http_x_forwarded_proto $scheme;
+}
+if ($host ~ ^www\.(?<domain>.+)$) {
+    return  301 $http_x_forwarded_proto://$domain$request_uri;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/security_headers.conf ADDED Viewed

@@ -0,0 +1,4 @@
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline';";
+add_header X-Frame-Options 'sameorigin';
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/ssl.conf ADDED Viewed

@@ -0,0 +1,21 @@
+server {
+    listen        443 default_server ssl;
+    access_log    /var/log/nginx/access.log main;
+    client_header_timeout 60;
+    client_body_timeout   60;
+    keepalive_timeout     60;
+    gzip                  off;
+    gzip_comp_level       4;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    # Include the Elastic Beanstalk generated locations
+    include conf.d/elasticbeanstalk/*.conf;
+    ssl_certificate      /etc/letsencrypt/live/ebcert/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/ebcert/privkey.pem;
+    ssl_session_timeout  5m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+}

package/commands/create/templates/elasticbeanstalk/.platform/nginx/conf.d/upload_size.conf ADDED Viewed

	@@ -0,0 +1 @@
1	+ client_max_body_size 500M;

package/commands/wp.js CHANGED Viewed

@@ -12,9 +12,9 @@ module.exports = [
             });
     },
     argv => _.up(() => {
-        const path = process.env.VERSION_WORDPRESS !== "0" ? '--path=./wordpress' : '';
         const container = process.env.VERSION_WORDPRESS !== "0" ? 'php' : 'wordpress';
+        const path = process.env.VERSION_WORDPRESS !== "0" ? 'vendor/bin/' : '';
-        _.command(container, `wp ${path} ${argv.command.join(' ')} --allow-root`);
+        _.command(container, `${path}wp ${argv.command.join(' ')} --allow-root`);
     })
 ];

package/globals.js CHANGED Viewed

@@ -231,7 +231,8 @@ if(platform === "wordpress" && process.env.VERSION_WORDPRESS !== "0"){
 if(platform === "laravel"){
     volumes.push(
-        'redis'
+        'redis',
+        'elasticsearch'
     );
 }
@@ -265,6 +266,7 @@ module.exports = {
                 if(platform === "laravel" || platform === "wordpress" || platform === "drupal" || platform === "craftcms"){
                     process.env.PORT_WEB = await getPort({port: getPort.makeRange(8000, 8100)});
                     process.env.PORT_DB = await getPort({port: getPort.makeRange(3306, 3406)});
+                    process.env.PORT_ES = await getPort({port: getPort.makeRange(9200, 9300)});
                 }
             }
         },
@@ -274,6 +276,7 @@ module.exports = {
                 if(+process.env.PORT_WEB) ports.web = {port: +process.env.PORT_WEB};
                 if(+process.env.PORT_DB) ports.db = {port: +process.env.PORT_DB};
+                if(+process.env.PORT_ES) ports.es = {port: +process.env.PORT_ES};
                 console.table(ports);
             }

package/laravel/9/docker-compose.yml CHANGED Viewed

@@ -45,6 +45,17 @@ services:
       - default
     volumes:
       - redis:/data
+  elasticsearch:
+    image: elasticsearch:8.8.1
+    environment:
+      - discovery.type=single-node
+      - xpack.security.enabled=false
+    networks:
+      - default
+    ports:
+      - "${PORT_ES:-9200}:9200"
+    volumes:
+      - elasticsearch:/usr/share/elasticsearch/data
 networks:
   default:
     driver: "bridge"
@@ -55,3 +66,5 @@ volumes:
     driver: "local"
   redis:
     driver: "local"
+  elasticsearch:
+    driver: "local"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fishawack/lab-env",
-  "version": "4.20.0",
+  "version": "4.22.0",
   "description": "Docker manager for FW",
   "main": "cli.js",
   "scripts": {

package/wordpress/1/php/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,7 @@
 ## Changelog
+### 1.1.0 (2023-05-22)
+* [Change] no longer install wp in image but through composer
 ### 1.0.0 (2023-03-22)
 * [Misc] initial commit

package/wordpress/1/php/Dockerfile CHANGED Viewed

@@ -18,11 +18,6 @@ COPY ./policy.xml /etc/ImageMagick-6/policy.xml
 # Add php user
 RUN useradd -m -G www-data -s /bin/bash php
-# Install wordpress cli
-RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
-    chmod +x wp-cli.phar && \
-    mv wp-cli.phar /usr/local/bin/wp
 # Cleanup apt-get install folders
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

package/wordpress/1/php/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "php",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "lab-env docker config for the php module",
   "scripts": {
     "preversion": "docker login",