Symfony upgrade EB

core/.env.ci.dist

@@ -1,2 +1,3 @@
 APP_ENV=ci
-SYMFONY_ENV=ci
+APP_DEBUG=true
+APP_SECRET=secret

core/README.md

@@ -84,3 +84,18 @@ To mount the code in multiple containers:
 `start-dev-env.sh profile:../../OpenConext-profile userlifecycle:../../OpenConext-user-lifecycle`
 You can add as many services+local code paths that you need.
 The recommended way is to use absolute paths and the script requires the name of the service and local code path to be separated by a `:`, for each service.
+
+# Tips
+
+To start engine in local development environment use from this directory;
+
+Ensure a file `.env` exists with:
+```shell
+APP_ENV=dev
+APP_DEBUG=true
+APP_SECRET=secret
+```
+```shell
+./start-dev-env.sh engine:../../OpenConext-engineblock/
+```
+To change the running env, just edit `APP_ENV=ci` for example and re-run `./start-dev-env.sh engine:../../OpenConext-engineblock/`. You do not have to recreate all services, only to reload engineblock.

core/docker-compose.yml

@@ -50,40 +50,49 @@ services:
       - 3306:3306
 
   mongo:
-    image: bitnami/mongodb:7.0
+    image: mongo:7
     environment:
-      MONGO_INITDB_ROOT_USERNAME: root
-      MONGO_INITDB_ROOT_PASSWORD: secret
-      MONGODB_ROOT_PASSWORD: secret
-      MONGODB_REPLICA_SET_NAME: openconext
-      MONGODB_REPLICA_SET_MODE: primary
-      MONGODB_REPLICA_SET_KEY: secretsecret
-      MONGODB_ADVERTISED_HOSTNAME: mongodb
-      # Force QEMU emulation instead of Rosetta for x86_64 Apple Silicon Macs.
-      # Rosetta does not support AVX instructions, which this MongoD image requires, causing an
-      # "Illegal instruction" error when starting the container:
-      #     /opt/bitnami/scripts/libos.sh: line 346:    50 Illegal instruction     "$@" > /dev/null 2>&1
-      EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU: 1
+      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USERNAME:-root}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD:-secret}
+      MONGO_REPLICA_SET_NAME: ${MONGODB_RS_NAME:-openconext}
     volumes:
       - ./mongo/:/docker-entrypoint-initdb.d/
-      - openconext_mongodb:/bitnami/mongodb
+      - openconext_mongodb:/data/db
     healthcheck:
-      test:
-        [
-          "CMD",
-          "mongosh",
-          "-u",
-          "managerw",
-          "-p",
-          "secret",
-          "--eval",
-          "db.stats().ok",
-          "mongodb://127.0.0.1/manage",
-        ]
-      interval: 10s
-      timeout: 10s
-      retries: 3
-      start_period: 20s
+      test: |
+        # After starting, but before being used, we need to initialize the Mongo replication set
+        # we abuse the healthcheck for that, because we need to check the health status anyway
+        mongosh -u $${MONGO_INITDB_ROOT_USERNAME} -p $${MONGO_INITDB_ROOT_PASSWORD} --eval '
+          try {
+            rs.status().ok;
+          }
+          catch ({ name, message }) {
+            print("error:" + name);
+            print("message:" + message);
+            if (name=="MongoServerError" && message.includes("no replset config has been received")) {
+              rs.initiate({
+                _id : "${MONGODB_RS_NAME:-openconext}",
+                members: [ { _id: 0, host: "mongodb:27017" } ]
+              });
+              rs.status().ok;
+            }
+          };
+        '
+      interval: 2s
+      timeout: 3s
+      retries: 5
+    entrypoint: >
+      bash -c '
+          openssl rand -base64 756 > /keyfile \
+          && chown mongodb:mongodb /keyfile \
+          && chmod 400 /keyfile \
+          && exec docker-entrypoint.sh $$@
+      '
+    command: |
+      mongod --bind_ip_all --replSet ${MONGODB_RS_NAME:-openconext} --keyFile /keyfile
+    restart: always
+    ports:
+      - "27017:27017"
     networks:
       coreconextdev:
     hostname: mongodb
@@ -107,7 +116,8 @@ services:
         condition: service_healthy
     environment:
       - APP_ENV=${APP_ENV:-prod}
-      - SYMFONY_ENV=${APP_ENV:-prod}
+      - APP_DEBUG=${APP_ENV:-false}
+      - APP_SECRET=${APP_SECRET:?APP_SECRET is not set}
 
   profile:
     image: ghcr.io/openconext/openconext-profile/profile:prod
@@ -222,7 +232,7 @@ services:
     image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-gui:3.0.1
     networks:
       coreconextdev:
-    hostname: oidcplagroundgui.docker
+    hostname: oidcplaygroundgui.docker
     profiles:
       - "oidc"
       - "teams"
@@ -239,7 +249,7 @@ services:
       coreconextdev:
     entrypoint: /__cacert_entrypoint.sh
     command: "java -jar app.jar --spring.profiles.active=devconf"
-    hostname: oidcserver.docker
+    hostname: oidcplaygroundserver.docker
     working_dir: /
     profiles:
       - "oidc"

core/engine/appconf.conf

@@ -1,21 +1,19 @@
-DocumentRoot /var/www/html/web
+DocumentRoot /var/www/html/public
 ServerName  engine
 SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
 
-<Directory "/var/www/html/web">
+<Directory "/var/www/html/public">
     Require all granted
     Options -MultiViews
     RewriteEngine On
     RewriteBase /
     RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteRule ^(.*)$ app.php [QSA,L]
+    RewriteRule ^(.*)$ index.php [QSA,L]
 </Directory>
 
 Header always set X-Content-Type-Options "nosniff"
 
 SetEnv HTTPS on
-#SetEnv ENGINEBLOCK_ENV dev
-#SetEnv SYMFONY_ENV dev
 
 RewriteEngine On
 # We support only GET/POST

core/engine/docker-compose.override.yml

@@ -4,14 +4,14 @@
 # the container. It will destroy the sub-mount!!
 services:
   engine:
-    image: ghcr.io/openconext/openconext-basecontainers/${ENGINE_PHP_IMAGE:-php72-apache2-node14-composer2:latest}
+    image: ghcr.io/openconext/openconext-basecontainers/${ENGINE_PHP_IMAGE:-php82-apache2-node20-composer2:latest}
     volumes:
       - ${ENGINE_CODE_PATH}:/var/www/html
       - ./engine/appconf.conf:/etc/apache2/sites-enabled/appconf.conf
     environment:
       - APP_ENV=${APP_ENV:-dev}
-      - SYMFONY_ENV=${APP_ENV:-dev}
-      - APP_DEBUG=1
+      - APP_DEBUG=${APP_DEBUG:-true}
+      - APP_SECRET=${APP_SECRET:-secret}
     healthcheck:
       test: ["CMD", "true"]
       interval: 10s

core/scripts/init.sh

@@ -17,16 +17,16 @@ docker compose exec engine timeout 300 bash -c 'while [[ "$(curl -k -s -o /dev/n
 
 echo -e "${ORANGE}First, we will initialise the EB database$NOCOLOR ${GREEN}\xE2\x9C\x94${NOCOLOR}"
 echo "Checking if the database is already present"
-if ! docker compose exec engine /var/www/html/app/console doctrine:schema:validate -q --skip-mapping --env=prod; then
+if ! docker compose exec engine /var/www/html/bin/console doctrine:schema:validate -q --skip-mapping --env=prod; then
 	echo creating the database schema
-	echo "Executing docker compose exec engine /var/www/html/app/console doctrine:schema:create --env prod"
-	docker compose exec engine /var/www/html/app/console doctrine:schema:create --env prod
+	echo "Executing docker compose exec engine /var/www/html/bin/console doctrine:schema:create --env prod"
+	docker compose exec engine /var/www/html/bin/console doctrine:schema:create --env prod
 #	TODO: Use migrations instead of schema:create. Not both. @see https://github.com/OpenConext/OpenConext-engineblock/issues/1861
 fi
 echo "Clearing the cache"
-echo "Executing docker compose exec engine /var/www/html/app/console cache:clear -n --env=prod"
-docker compose exec engine /var/www/html/app/console cache:clear -n --env=prod
-docker compose exec engine chown -R www-data:www-data /var/www/html/app/cache/
+echo "Executing docker compose exec engine /var/www/html/bin/console cache:clear -n --env=prod"
+docker compose exec engine /var/www/html/bin/console cache:clear -n --env=prod
+docker compose exec engine chown -R www-data:www-data /var/www/html/var/cache/
 
 # Now it's time to bootstrap manage
 # Bring up containers needed for bootstrapping manage