Merge pull request #168 from silinternational/release/5.3.0

Release 5.3.0 -- AppConfig

.github/pull_request_template.md

@@ -22,6 +22,3 @@
 - [ ] Documentation (README, etc.)
 - [ ] Unit tests created or updated
 - [ ] Run `make composershow`
-
-### Release PR Checklist
-- [ ] Update version number in main.php Sentry configuration

.github/workflows/test-and-publish.yml

@@ -3,9 +3,6 @@ name: Test and Publish
 on:
   push:
 
-env:
-  IMAGE_NAME: ${{ vars.DOCKER_ORG }}/idp-id-sync
-
 jobs:
   tests:
     name: Tests
@@ -34,11 +31,13 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.IMAGE_NAME }}
+          images: ${{ vars.DOCKER_ORG }}/${{ github.event.repository.name }}
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            GITHUB_REF_NAME=${{ github.ref_name }}

Dockerfile

@@ -1,6 +1,9 @@
 FROM silintl/php8:8.1
 LABEL maintainer="[email protected]"
 
+ARG GITHUB_REF_NAME
+ENV GITHUB_REF_NAME=$GITHUB_REF_NAME
+
 ENV REFRESHED_AT 2023-11-09
 
 RUN mkdir -p /data
@@ -19,4 +22,7 @@ COPY application/ /data/
 RUN chown -R www-data:www-data \
     console/runtime/
 
-CMD ["/data/yii", "batch/full"]
+ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz
+RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin
+
+CMD ["/data/run.sh"]

README.md

@@ -1,8 +1,26 @@
 # IdP ID Sync
 Tool to synchronize user records between the ID Broker and an ID Store
 
-## Configuration files
-Copy ```local.env.dist``` to ```local.env``` and supply any necessary values.
+## Configuration
+By default, configuration is read from environment variables documented in the `local.env.dist`
+file. Copy this file to `local.env` and supply any necessary values.
+
+Optionally, you can define configuration in AWS AppConfig. To do this, set the following
+environment variables to point to the configuration in AWS:
+
+* `AWS_REGION` - the AWS region in use
+* `APP_ID` - the application ID or name
+* `CONFIG_ID` - the configuration profile ID or name
+* `ENV_ID` - the environment ID or name
+
+In addition, the AWS API requires authentication. It is best to use an access role
+such as an [ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
+If that is not an option, you can specify an access token using the `AWS_ACCESS_KEY_ID` and
+`AWS_SECRET_ACCESS_KEY` variables.
+
+The content of the configuration profile takes the form of a typical .env file, using
+`#` for comments and `=` for variable assignment. Any variables read from AppConfig
+will overwrite variables set in the execution environment.
 
 ## Testing
 

application/common/config/main.php

@@ -132,7 +132,7 @@
                     'clientOptions' => [
                         'attach_stacktrace' => false, // stack trace identifies the logger call stack, not helpful
                         'environment' => YII_ENV,
-                        'release' => 'idp-id-sync@5.2.0',
+                        'release' => 'idp-id-sync@' . Env::get('GITHUB_REF_NAME', 'unknown'),
                         'before_send' => function (Event $event) use ($idpName): ?Event {
                             $event->setExtra(['idp' => $idpName]);
                             return $event;

application/run.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+if [[ -z "${APP_ID}" ]]; then
+  /data/yii batch/full
+else
+  config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID /data/yii batch/full
+fi

local.env.dist

@@ -71,6 +71,21 @@ ID_STORE_ADAPTER=
 
 ### Optional ENV vars ###
 
+# === AWS AppConfig (optional) ===
+
+# The AWS region in use
+#AWS_REGION=
+
+# The AppConfig Application ID (or name)
+#APP_ID=
+
+# The AppConfig Configuration Profile ID (or name)
+#CONFIG_ID=
+
+# The AppConfig Environment ID (or name)
+#ENV_ID=
+
+
 # Where to email error logs.
 #ALERTS_EMAIL=