Merge pull request #768 from openva/deploy

Merge in from Deploy

.github/workflows/deploy.yml

@@ -22,16 +22,28 @@ jobs:
           php-version: '5.6'
       - name: Make branch name available as Bash variable
         run: echo "GITHUB_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
-      - run: >-
+      - name: Install packages with APT
+        run: >-
           sudo apt-get update && 
           sudo apt-get install -y awscli php5.6-cli php5.6-curl php5.6-memcached php5.6-mysql yarn zip
       - uses: actions/checkout@v3
       - run: sudo apt-get update -qq
-      - run: composer install
-      - run: cd htdocs/js/vendor; yarn build
+      - name: Install Composer dependencies
+        run: composer install
+      - name: Install Node dependencies
+        run: cd htdocs/js/vendor; yarn build
       - run: cd ../../..
       - run: find htdocs/*.php -print0 |xargs -0 -n1 -P8 php5.6 -l
-      - run: >-
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v1
+      - name: Run Docker
+        run: ./docker-run.sh
+      - name: Run tests
+        run: docker exec -i rs_web /var/www/deploy/tests/run-all.sh
+      - name: Stop Docker
+        run: ./docker-stop.sh
+      - name: Populate secrets and ZIP
+        run: >-
           ./deploy/branch_deploy.sh && ./deploy/config_variables.sh &&
           ./deploy/aws_credentials.sh && zip -qr rs-web-deploy . --exclude
           *.git* *.scannerwork* && mkdir -p upload && mv rs-web-deploy.zip

deploy/Web.Dockerfile

@@ -1,4 +1,14 @@
-FROM php:5.6.39-apache
+FROM php:5-apache
+
+# Replace sources.list with the archived repository URLs
+RUN echo "deb http://archive.debian.org/debian/ stretch main non-free contrib" > /etc/apt/sources.list \
+    && echo "deb-src http://archive.debian.org/debian/ stretch main non-free contrib" >> /etc/apt/sources.list \
+    && echo "deb http://archive.debian.org/debian-security/ stretch/updates main" >> /etc/apt/sources.list \
+    && echo "deb-src http://archive.debian.org/debian-security/ stretch/updates main" >> /etc/apt/sources.list
+
+# Disable checking for valid signatures on the archived repositories
+RUN echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf.d/90ignore-release-date
+
 RUN docker-php-ext-install mysqli && docker-php-ext-install mysql && a2enmod rewrite && a2enmod expires && a2enmod headers
 
 # Install our packages
@@ -8,9 +18,8 @@ RUN apt-get install -y apt-transport-https ca-certificates gnupg2
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
 RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
 RUN apt-get update
-RUN apt-get install -y git zip libmemcached-dev zlib1g-dev yarn \
-    && pecl install memcached-2.2.0 \
-	&& docker-php-ext-enable memcached
+# We use the most recent Yarn 1.X release (still quite old) to deal with our old environment.
+RUN apt-get install -y git zip sphinxsearch zlib1g-dev jq yarn=1.22.19-1
 
 # Install Composer
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
@@ -21,6 +30,6 @@ COPY . deploy/
 
 EXPOSE 80
 
-RUN deploy/docker-setup-server.sh 
+RUN /var/www/deploy/docker-setup-server.sh 
 
 ENTRYPOINT ["apache2ctl", "-D", "FOREGROUND"]

deploy/config_variables.sh

@@ -21,7 +21,6 @@ variables=(
 	VA_DECODED_KEY
 	MAPBOX_TOKEN
 	MEMCACHED_SERVER
-	PUSHOVER_KEY
 	OPENAI_KEY
 	SLACK_WEBHOOK
 	API_URL
@@ -40,7 +39,7 @@ do
 done
 
 # Duplicate the default setting file to populate our settings file
-cp htdocs/includes/settings-default.inc.php htdocs/includes/settings.inc.php
+cp -f htdocs/includes/settings-default.inc.php htdocs/includes/settings.inc.php
 
 # If this is our staging site
 if [ "$GITHUB_BRANCH" = "master" ]

deploy/database_export.sh

@@ -1,52 +1,58 @@
-#!/bin/bash -e
+#!/bin/bash
+
+set -e
 
 HOST="{PDO_SERVER}"
 USERNAME="{PDO_USERNAME}"
 PASSWORD="{PDO_PASSWORD}"
 
+export MYSQL_PWD="$PASSWORD"
+
 # All database tables that we want to export the structure of
-STRUCTURE=(bills bills_copatrons bills_full_text bills_places bills_section_numbers bills_status bills_views blacklist chamber_status comments comments_subscriptions committees committee_members dashboard_bills dashboard_portfolios dashboard_user_data dashboard_watch_lists districts dockets files gazetteer meetings minutes polls representatives representatives_districts representatives_fundraising representatives_terms representatives_votes sessions tags users vacode video_clips video_index video_index_faces video_transcript votes)
+STRUCTURE=(bills bills_copatrons bills_full_text bills_places bills_places_test bills_section_numbers bills_status bills_views blacklist chamber_status comments comments_subscriptions committees committee_members dashboard_bills dashboard_portfolios dashboard_user_data dashboard_watch_lists districts dockets files gazetteer lobbyists meetings minutes polls representatives representatives_districts representatives_terms representatives_votes sessions tags users vacode video_clips video_index video_index_faces video_transcript votes)
 
-# All database tables that we want to export the contents of
-ALL_CONTENTS=(committees committee_members districts files representatives representatives_districts representatives_fundraising representatives_terms sessions)
+# All database tables that we want to export all contents of
+ALL_CONTENTS=(committees committee_members districts files representatives representatives_districts sessions)
 
 # All database tables that we want to export some contents of, as test data
 SOME_CONTENTS=(bills_copatrons bills_full_text bills_places bills_section_numbers bills_status bills_views comments dockets polls tags video_clips votes)
 
 # The ID of the bills to use to generate test data
-BILL_IDS=(45618 45663 46308 46058 45113 44355 44599 45136 45453 45811)
+BILL_IDS=(73202 73894 74728 74513 73272)
 
 # Change to the directory this script is in
 cd "$(dirname "$0")"
 mkdir -p mysql
 
-# Export all of the structural data
+# Export the structural data
 truncate --size 0 mysql/structure.sql
-for TABLE in ${STRUCTURE[*]}; do
-    mysqldump {MYSQL_DATABASE} -d --routines --triggers -u "$USERNAME" -p"$PASSWORD" \
-        --host "$HOST" --tables "$TABLE" >> mysql/structure.sql
-done
+STRUCTURE_LIST=$(printf "%s " "${STRUCTURE[@]}")
+mysqldump -d --routines --triggers --set-gtid-purged=OFF -u "$USERNAME" \
+    --host "$HOST" {MYSQL_DATABASE} $STRUCTURE_LIST > mysql/structure.sql
 
-# Export all of the tables for which we want complete contents
+# Export the tables for which we want complete contents
 truncate --size 0 mysql/basic-contents.sql
-for TABLE in ${ALL_CONTENTS[*]}; do
-    mysqldump {MYSQL_DATABASE} --no-create-info -u "$USERNAME" -p"$PASSWORD" --host "$HOST" \
-        --tables "$TABLE" >> mysql/basic-contents.sql
-done
+ALL_CONTENTS_LIST=$(printf "%s " "${ALL_CONTENTS[@]}")
+mysqldump --no-create-info --skip-lock-tables --set-gtid-purged=OFF -u "$USERNAME" \
+    --host "$HOST" {MYSQL_DATABASE} $ALL_CONTENTS_LIST > mysql/basic-contents.sql
 
 # Export selected contents from the remaining tables
 truncate --size 0 mysql/test-records.sql
 for BILL_ID in "${BILL_IDS[@]}"; do
-    mysqldump {MYSQL_DATABASE} --no-create-info -u "$USERNAME" -p"$PASSWORD" --host "$HOST" bills \
-        --where "id=$BILL_ID" >> mysql/test-records.sql
+    mysqldump {MYSQL_DATABASE} --no-create-info --skip-lock-tables -u "$USERNAME" \
+        --set-gtid-purged=OFF --host "$HOST" bills --where "id=$BILL_ID" >> mysql/test-records.sql
 done
 
-for TABLE in ${SOME_CONTENTS[*]}; do
+for TABLE in "${SOME_CONTENTS[@]}"; do
     for BILL_ID in "${BILL_IDS[@]}"; do
         # Genericize all IP addresses and email addresses, to maintain privacy.
-        mysqldump {MYSQL_DATABASE} --no-create-info -u "$USERNAME" -p"$PASSWORD" --host "$HOST" "$TABLE" \
+        mysqldump {MYSQL_DATABASE} --no-create-info --skip-lock-tables --set-gtid-purged=OFF \
+            -u "$USERNAME" --host "$HOST" "$TABLE" \
             --where "bill_id=$BILL_ID" |perl -pe 's{[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}}{ sprintf "127.%01d.%01d.%01d", int(255*rand()), int(255*rand()), int(255*rand()) }ge' \
             |sed -E "s/\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/[email protected]/g" \
             >> mysql/test-records.sql
     done
-done
+done
+
+# Remove the environment variable, now that we're done with it
+unset MYSQL_PWD

deploy/docker-setup-server.sh

@@ -17,3 +17,8 @@ if [ ! -f "/usr/local/etc/php/php.ini" ]; then
     cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini
     #echo "extension=memcached.so" >> /usr/local/etc/php/php.ini
 fi
+
+# Enable Sphinx's server
+echo "START=yes" | tee /etc/default/sphinxsearch
+cp /etc/sphinxsearch/sphinx.conf.sample /etc/sphinxsearch/sphinx.conf
+/etc/init.d/sphinxsearch start

deploy/docker-setup-site.sh

@@ -25,11 +25,34 @@ cd ..
 # Install Composer dependencies
 composer install
 
+# Install Node
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
+source ~/.bashrc
+export NVM_DIR="$HOME/.nvm"
+# Node 10 will run on this old release, while still supporting our libraries
+nvm install 10
+
+# Install Node dependencies
+cd htdocs/js/vendor; yarn build; cd ../../..
+
 # Move over the settings file.
 cp deploy/settings-docker.inc.php htdocs/includes/settings.inc.php
 
-# Load database contents
-apt-get install -y mysql-client
-mysql -h rs_db -u root -ppassword richmondsunlight < /var/www/deploy/mysql/structure.sql \
-    && mysql -h rs_db -u root -ppassword richmondsunlight < /var/www/deploy/mysql/basic-contents.sql \
-    && mysql -h rs_db -u root -ppassword richmondsunlight < /var/www/deploy/mysql/test-records.sql
+# Copy over the Sphinx configuration, start Sphinx
+cp deploy/sphinx.conf /etc/sphinxsearch/sphinx.conf
+sed -i -e "s|{PDO_SERVER}|db|g" /etc/sphinxsearch/sphinx.conf
+sed -i -e "s|{PDO_USERNAME}|ricsun|g" /etc/sphinxsearch/sphinx.conf
+sed -i -e "s|{PDO_PASSWORD}|password|g" /etc/sphinxsearch/sphinx.conf
+sed -i -e "s|{MYSQL_DATABASE}|richmondsunlight|g" /etc/sphinxsearch/sphinx.conf
+/etc/init.d/sphinxsearch start
+
+# If we have an existing index, update it
+if [[ -f /var/lib/sphinxsearch/data/bills.sph ]]; then
+
+    # Reindex
+    indexer --all --rotate
+
+# If there is no index, create a new one
+else
+    indexer --all
+fi