Refactor some of the root files, that are there for building

.gitignore

@@ -83,6 +83,7 @@ docker-compose.yml
 #===================
 # User overrides for environment variables.
 docker-compose.env.yml
+docker-compose.override.yml
 
 #===================
 # User overrides for building custom image from the codebase directory.

Makefile

@@ -89,8 +89,8 @@ SERVICES := $(REQUIRED_SERVICES) $(FCREPO_SERVICE) $(WATCHTOWER_SERVICE) $(ETCD_
 default: download-default-certs docker-compose.yml pull
 
 .SILENT: docker-compose.yml
-docker-compose.yml: $(SERVICES:%=docker-compose.%.yml) .env
-	docker-compose $(SERVICES:%=-f docker-compose.%.yml) config > docker-compose.yml
+docker-compose.yml: $(SERVICES:%=build/docker-compose/docker-compose.%.yml) .env
+	docker-compose $(SERVICES:%=-f build/docker-compose/docker-compose.%.yml) config > docker-compose.yml
 
 .PHONY: pull
 ## Fetches the latest images from the registry.
@@ -301,7 +301,7 @@ generate-secrets:
 ifeq ($(USE_SECRETS), false)
 	docker run --rm -t \
 		-v "$(CURDIR)/secrets":/secrets \
-		-v "$(CURDIR)/scripts/generate-secrets.sh":/generate-secrets.sh \
+		-v "$(CURDIR)/build/scripts/generate-secrets.sh":/generate-secrets.sh \
 		-w / \
 		--entrypoint bash \
 		$(REPOSITORY)/drupal:$(TAG) -c "/generate-secrets.sh && chown -R `id -u`:`id -g` /secrets"
@@ -332,12 +332,12 @@ demo: generate-secrets
 	mkdir -p "$(CURDIR)/codebase"
 	docker-compose up -d
 	$(MAKE) update-settings-php ENVIROMENT=demo
-	$(MAKE) drupal-public-files-import SRC="$(CURDIR)/demo-data/public-files.tgz" ENVIROMENT=demo
+	$(MAKE) drupal-public-files-import SRC="$(CURDIR)/build/demo-data/public-files.tgz" ENVIROMENT=demo
 	$(MAKE) drupal-database ENVIROMENT=demo
-	$(MAKE) drupal-database-import SRC="$(CURDIR)/demo-data/drupal.sql" ENVIROMENT=demo
+	$(MAKE) drupal-database-import SRC="$(CURDIR)/build/demo-data/drupal.sql" ENVIROMENT=demo
 	$(MAKE) hydrate ENVIROMENT=demo
 	docker-compose exec -T drupal with-contenv bash -lc 'drush --root /var/www/drupal/web -l $${DRUPAL_DEFAULT_SITE_URL} upwd admin $${DRUPAL_DEFAULT_ACCOUNT_PASSWORD}'
-	$(MAKE) fcrepo-import SRC="$(CURDIR)/demo-data/fcrepo-export.tgz" ENVIROMENT=demo
+	$(MAKE) fcrepo-import SRC="$(CURDIR)/build/demo-data/fcrepo-export.tgz" ENVIROMENT=demo
 	$(MAKE) reindex-fcrepo-metadata ENVIROMENT=demo
 	$(MAKE) reindex-solr ENVIROMENT=demo
 	$(MAKE) reindex-triplestore ENVIROMENT=demo
@@ -489,8 +489,8 @@ help:
 .SILENT: secrets_warning
 ## Check to see if the secrets directory contains default secrets.
 secrets_warning:
-	@echo 'Starting scripts/check-secrets.sh'
-	@bash scripts/check-secrets.sh || (echo "check-secrets exited $$?"; exit 1)
+	@echo 'Starting build/scripts/check-secrets.sh'
+	@bash build/scripts/check-secrets.sh || (echo "check-secrets exited $$?"; exit 1)
 
 IS_DRUPAL_PSSWD_FILE_READABLE := $(shell test -r secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD -a -w secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD && echo 1 || echo 0)
 CMD := $(shell [ $(IS_DRUPAL_PSSWD_FILE_READABLE) -eq 1 ] && echo 'tee' || echo 'sudo -k tee')

docker-compose.acme.yml → build/docker-compose/docker-compose.acme.yml

@@ -29,7 +29,7 @@ services:
       - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
       - --certificatesResolvers.myresolver.acme.caServer=${ACME_SERVER-https://acme-v02.api.letsencrypt.org/directory}
     volumes:
-      - ./acme:/acme:rw
+      - ../../acme:/acme:rw
   cantaloupe:
     labels:
       - traefik.http.routers.${COMPOSE_PROJECT_NAME-isle-dc}-cantaloupe_https.tls.certresolver=myresolver

docker-compose.code-server.yml → build/docker-compose/docker-compose.code-server.yml

@@ -10,7 +10,7 @@ networks:
     external: true
 secrets:
   CODE_SERVER_PASSWORD:
-    file: "./secrets/live/CODE_SERVER_PASSWORD"
+    file: "../../secrets/live/CODE_SERVER_PASSWORD"
 services:
   code-server:
     environment:

docker-compose.custom.yml → build/docker-compose/docker-compose.custom.yml

@@ -12,7 +12,7 @@ services:
   # The service name is drupal that is the default host name used by micro-services etc.
   drupal:
     build:
-      context: ./
+      context: ../../
       dockerfile: ${PROJECT_DRUPAL_DOCKERFILE:-./Dockerfile}
     environment:
       #

docker-compose.local.yml → build/docker-compose/docker-compose.local.yml

@@ -18,7 +18,7 @@ services:
     restart: ${RESTART_POLICY:-unless-stopped}
     image: ${REPOSITORY:-islandora}/drupal:${TAG:-latest}
     volumes:
-      - ./codebase:/var/www/drupal:delegated
+      - ../../codebase:/var/www/drupal:delegated
       - drupal-sites-data:/var/www/drupal/web/sites/default/files
       - solr-data:/opt/solr/server/solr
     environment:

docker-compose.secrets.yml → build/docker-compose/docker-compose.secrets.yml

@@ -1,37 +1,37 @@
 version: "3.7"
 secrets:
   ACTIVEMQ_PASSWORD:
-    file: "./secrets/live/ACTIVEMQ_PASSWORD"
+    file: "../../secrets/live/ACTIVEMQ_PASSWORD"
   ACTIVEMQ_WEB_ADMIN_PASSWORD:
-    file: "./secrets/live/ACTIVEMQ_WEB_ADMIN_PASSWORD"
+    file: "../../secrets/live/ACTIVEMQ_WEB_ADMIN_PASSWORD"
   ALPACA_ACTIVEMQ_PASSWORD:
-    file: "./secrets/live/ALPACA_ACTIVEMQ_PASSWORD"
+    file: "../../secrets/live/ALPACA_ACTIVEMQ_PASSWORD"
   ALPACA_KARAF_ADMIN_PASSWORD:
-    file: "./secrets/live/ALPACA_KARAF_ADMIN_PASSWORD"
+    file: "../../secrets/live/ALPACA_KARAF_ADMIN_PASSWORD"
   DB_ROOT_PASSWORD:
-    file: "./secrets/live/DB_ROOT_PASSWORD"
+    file: "../../secrets/live/DB_ROOT_PASSWORD"
   DRUPAL_DEFAULT_ACCOUNT_PASSWORD:
-    file: "./secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD"
+    file: "../../secrets/live/DRUPAL_DEFAULT_ACCOUNT_PASSWORD"
   DRUPAL_DEFAULT_CONFIGDIR:
-    file: "./secrets/live/DRUPAL_DEFAULT_CONFIGDIR"
+    file: "../../secrets/live/DRUPAL_DEFAULT_CONFIGDIR"
   DRUPAL_DEFAULT_DB_PASSWORD:
-    file: "./secrets/live/DRUPAL_DEFAULT_DB_PASSWORD"
+    file: "../../secrets/live/DRUPAL_DEFAULT_DB_PASSWORD"
   DRUPAL_DEFAULT_SALT:
-    file: "./secrets/live/DRUPAL_DEFAULT_SALT"
+    file: "../../secrets/live/DRUPAL_DEFAULT_SALT"
   FCREPO_DB_PASSWORD:
-    file: "./secrets/live/FCREPO_DB_PASSWORD"
+    file: "../../secrets/live/FCREPO_DB_PASSWORD"
   JWT_ADMIN_TOKEN:
-    file: "./secrets/live/JWT_ADMIN_TOKEN"
+    file: "../../secrets/live/JWT_ADMIN_TOKEN"
   JWT_PUBLIC_KEY:
-    file: "./secrets/live/JWT_PUBLIC_KEY"
+    file: "../../secrets/live/JWT_PUBLIC_KEY"
   JWT_PRIVATE_KEY:
-    file: "./secrets/live/JWT_PRIVATE_KEY"
+    file: "../../secrets/live/JWT_PRIVATE_KEY"
   MATOMO_DB_PASSWORD:
-    file: "./secrets/live/MATOMO_DB_PASSWORD"
+    file: "../../secrets/live/MATOMO_DB_PASSWORD"
   MATOMO_USER_PASS:
-    file: "./secrets/live/MATOMO_USER_PASS"
+    file: "../../secrets/live/MATOMO_USER_PASS"
   TOMCAT_ADMIN_PASSWORD:
-    file: "./secrets/live/TOMCAT_ADMIN_PASSWORD"
+    file: "../../secrets/live/TOMCAT_ADMIN_PASSWORD"
 services:
   activemq:
     secrets:

docker-compose.traefik.yml → build/docker-compose/docker-compose.traefik.yml

@@ -53,8 +53,8 @@ services:
       - ${CODE_SERVER_PORT:-8443}:8443   # code-server
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./tls.yml:/etc/traefik/tls.yml
-      - ./certs:/etc/ssl/traefik
+      - ../../build/traefik-tls.yml:/etc/traefik/tls.yml
+      - ../../certs:/etc/ssl/traefik
     labels:
       # Do not expose in production.
       - traefik.http.routers.api.service=api@internal

scripts/check-secrets.sh → build/scripts/check-secrets.sh

@@ -76,7 +76,7 @@ function main() {
 		if [[ ${ans} == [yY] ]] ; then
 			docker run --rm -t \
 			-v $(pwd)/secrets:/secrets \
-			-v $(pwd)/scripts/generate-secrets.sh:/generate-secrets.sh \
+			-v $(pwd)/build/scripts/generate-secrets.sh:/generate-secrets.sh \
 			-w / \
 			--entrypoint bash \
 			${REPOSITORY}/drupal:${TAG} -c "/generate-secrets.sh && chown -R `id -u`:`id -g` /secrets"
@@ -158,7 +158,7 @@ function main() {
 if [[ $1 == 'yes' ]]; then
 	docker run --rm -t \
 	-v $(pwd)/secrets:/secrets \
-	-v $(pwd)/scripts/generate-secrets.sh:/generate-secrets.sh \
+	-v $(pwd)/build/scripts/generate-secrets.sh:/generate-secrets.sh \
 	-w / \
 	--entrypoint bash \
 	${REPOSITORY}/drupal:${TAG} -c "/generate-secrets.sh && chown -R `id -u`:`id -g` /secrets"

scripts/generate-secrets.sh → build/scripts/generate-secrets.sh

@@ -25,7 +25,7 @@ function random_secret() {
 
 function main() {
 	echo "Generating Secrets"
-	local secret_templates=($(find /secrets/template/* -exec basename {} \;))
+	local secret_templates=($(find ../secrets/template/* -exec basename {} \;))
 	generate_jwt_keys
 	for secret in "${secret_templates[@]}"; do
 		case "${secret}" in

sample.Dockerfile

@@ -1,15 +1,20 @@
 # syntax=docker/dockerfile:experimental
 ARG REPOSITORY=islandora
 ARG TAG=latest
-FROM ${REPOSITORY}/drupal:${TAG}
+FROM ${REPOSITORY}/drupal:${TAG} as step1
+
+COPY codebase /build
+
 
 # Remove runtime configuration and data (files, settings.php, etc) these will
 # either be mounted as volumes or generated on startup from environment variables.
-RUN --mount=type=bind,source=codebase,target=/build \
-    cp -r /build/* /var/www/drupal && \
+RUN cp -r /build/* /var/www/drupal && \
     rm -fr /var/www/drupal/web/sites/default/files/* && \
     bash -lc "remove_standard_profile_references_from_config" && \
     find /var/www/drupal/web/sites -name "settings.php" -exec rm {} \; && \
     chown -R nginx:nginx /var/www/drupal
 
-COPY rootfs /
+FROM ${REPOSITORY}/drupal:${TAG} as application
+COPY --from=step1 --chown=nginx:nginx /var/www/drupal /var/www/drupal
+
+COPY build/rootfs /