refactoring environment, updated composer dependencies

Author: DKravtsov

.circleci/config.yml

@@ -2,7 +2,8 @@ version: 2
 jobs:
   build:
     working_directory: ~/html
-    machine: true
+    machine:
+        image: ubuntu-2004:202101-01
     branches:
         ignore:
           - develop

.gitignore

@@ -8,7 +8,8 @@ reports/*
 /.env.*.local
 /config/secrets/prod/prod.decrypt.private.php
 /public/bundles/
-/var/
+/var/*
+!var/.gitkeep
 /vendor/
 /tools/**/vendor
 ###< symfony/framework-bundle ###

Dockerfile

@@ -6,6 +6,10 @@ ENV DEBUG_ENABLED=$BUILD_ARGUMENT_DEBUG_ENABLED
 ARG BUILD_ARGUMENT_ENV=dev
 ENV ENV=$BUILD_ARGUMENT_ENV
 ENV APP_HOME /var/www/html
+ARG UID=1000
+ARG GID=1000
+ENV USERNAME=www-data
+
 
 # check environment
 RUN if [ "$BUILD_ARGUMENT_ENV" = "default" ]; then echo "Set BUILD_ARGUMENT_ENV in docker build-args like --build-arg BUILD_ARGUMENT_ENV=dev" && exit 2; \
@@ -29,7 +33,9 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
       libreadline-dev \
       supervisor \
       cron \
+      sudo \
       libzip-dev \
+      wget \
       librabbitmq-dev \
     && pecl install amqp \
     && docker-php-ext-configure pdo_mysql --with-pdo-mysql=mysqlnd \
@@ -46,11 +52,12 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
     && rm -rf /var/lib/apt/lists/* \
     && apt-get clean
 
-# create document root
-RUN mkdir -p $APP_HOME/public
-
-# change owner
-RUN chown -R www-data:www-data $APP_HOME
+# create document root, fix permissions for www-data user and change owner to www-data
+RUN mkdir -p $APP_HOME/public && \
+    mkdir -p /home/$USERNAME && chown $USERNAME:$USERNAME /home/$USERNAME \
+    && usermod -u $UID $USERNAME -d /home/$USERNAME \
+    && groupmod -g $GID $USERNAME \
+    && chown -R ${USERNAME}:${USERNAME} $APP_HOME
 
 # put php config for Symfony
 COPY ./docker/$BUILD_ARGUMENT_ENV/www.conf /usr/local/etc/php-fpm.d/www.conf
@@ -61,6 +68,10 @@ COPY ./docker/general/do_we_need_xdebug.sh /tmp/
 COPY ./docker/dev/xdebug.ini /tmp/
 RUN chmod u+x /tmp/do_we_need_xdebug.sh && /tmp/do_we_need_xdebug.sh
 
+# install security-checker in case dev/test environment
+COPY ./docker/general/do_we_need_security-checker.sh /tmp/
+RUN chmod u+x /tmp/do_we_need_security-checker.sh && /tmp/do_we_need_security-checker.sh
+
 # install composer
 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
 RUN chmod +x /usr/bin/composer
@@ -69,19 +80,16 @@ ENV COMPOSER_ALLOW_SUPERUSER 1
 # add supervisor
 RUN mkdir -p /var/log/supervisor
 COPY --chown=root:root ./docker/general/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-COPY --chown=root:root ./docker/general/cron /var/spool/cron/crontabs/root
+COPY --chown=root:crontab ./docker/general/cron /var/spool/cron/crontabs/root
 RUN chmod 0600 /var/spool/cron/crontabs/root
 
 # set working directory
 WORKDIR $APP_HOME
 
-# create composer folder for user www-data
-RUN mkdir -p /var/www/.composer && chown -R www-data:www-data /var/www/.composer
-
-USER www-data
+USER ${USERNAME}
 
 # copy source files
-COPY --chown=www-data:www-data . $APP_HOME/
+COPY --chown=${USERNAME}:${USERNAME} . $APP_HOME/
 
 # install all PHP dependencies
 RUN if [ "$BUILD_ARGUMENT_ENV" = "dev" ] || [ "$BUILD_ARGUMENT_ENV" = "test" ]; then COMPOSER_MEMORY_LIMIT=-1 composer install --optimize-autoloader --no-interaction --no-progress; \

Makefile

@@ -8,6 +8,7 @@ ifndef APP_ENV
 	endif
 endif
 
+symfony_user=-u www-data
 project=-p ${COMPOSE_PROJECT_NAME}
 service=${COMPOSE_PROJECT_NAME}:latest
 openssl_bin:=$(shell which openssl)
@@ -68,7 +69,7 @@ env-staging:
 	@make exec cmd="composer dump-env staging"
 
 ssh:
-	@docker-compose $(project) exec $(optionT) symfony bash
+	@docker-compose $(project) exec $(optionT) $(symfony_user) symfony bash
 
 ssh-nginx:
 	@docker-compose $(project) exec nginx /bin/sh
@@ -83,10 +84,13 @@ ssh-rabbitmq:
 	@docker-compose $(project) exec rabbitmq /bin/sh
 
 exec:
-	@docker-compose $(project) exec $(optionT) symfony $$cmd
+	@docker-compose $(project) exec $(optionT) $(symfony_user) symfony $$cmd
 
 exec-bash:
-	@docker-compose $(project) exec $(optionT) symfony bash -c "$(cmd)"
+	@docker-compose $(project) exec $(optionT) $(symfony_user) symfony bash -c "$(cmd)"
+
+exec-by-root:
+	@docker-compose $(project) exec $(optionT) symfony $$cmd
 
 report-prepare:
 	mkdir -p $(dir)/reports/coverage
@@ -166,7 +170,7 @@ ecs-fix: ## Run The Easy Coding Standard to fix issues
 
 ###> phpmetrics ###
 phpmetrics:
-	@make exec cmd="make phpmetrics-process"
+	@make exec-by-root cmd="make phpmetrics-process"
 
 phpmetrics-process: ## Generates PhpMetrics static analysis, should be run inside symfony container
 	@mkdir -p reports/phpmetrics
@@ -176,7 +180,7 @@ phpmetrics-process: ## Generates PhpMetrics static analysis, should be run insid
 	fi;
 	@echo "\033[32mRunning PhpMetrics\033[39m"
 	@php ./vendor/bin/phpmetrics --version
-	@./vendor/bin/phpmetrics --junit=reports/junit.xml --report-html=reports/phpmetrics .
+	@php ./vendor/bin/phpmetrics --junit=reports/junit.xml --report-html=reports/phpmetrics .
 ###< phpmetrics ###
 
 ###> php copy/paste detector ###

composer.json

@@ -32,7 +32,7 @@
 		"ext-pdo": "*",
 		"ext-pdo_mysql": "*",
 		"doctrine/doctrine-migrations-bundle": "^3.0",
-		"easycorp/easy-log-handler": "1.0.*",
+		"systemsdk/easy-log-bundle": "1.10.*",
 		"jmose/command-scheduler-bundle": "^3.0",
 		"sensio/framework-extra-bundle": "^5.6",
 		"symfony/asset": "4.4.*",
@@ -76,7 +76,6 @@
 		"doctrine/doctrine-fixtures-bundle": "^3.4",
 		"ergebnis/composer-normalize": "^2.13",
 		"roave/security-advisories": "dev-master",
-		"sensiolabs/security-checker": "^6.0",
 		"symfony/debug-bundle": "4.4.*",
 		"symfony/maker-bundle": "^1.26",
 		"symfony/requirements-checker": "^2.0",
@@ -124,14 +123,14 @@
 	"scripts": {
 		"post-install-cmd": [
 			"if test -d vendor/symfony/requirements-checker; then ./vendor/bin/requirements-checker; fi",
-			"if test -d vendor/sensiolabs/security-checker; then ./vendor/bin/security-checker security:check; fi",
 			"if test -d vendor/bamarni/composer-bin-plugin; then composer bin all install; fi",
+			"if which local-php-security-checker; then local-php-security-checker --update-cache && local-php-security-checker; fi",
 			"@auto-scripts"
 		],
 		"post-update-cmd": [
 			"if test -d vendor/symfony/requirements-checker; then ./vendor/bin/requirements-checker; fi",
-			"if test -d vendor/sensiolabs/security-checker; then ./vendor/bin/security-checker security:check; fi",
 			"if test -d vendor/bamarni/composer-bin-plugin; then composer bin all update; fi",
+			"if which local-php-security-checker; then local-php-security-checker --update-cache && local-php-security-checker; fi",
 			"@auto-scripts"
 		],
 		"auto-scripts": {