Created
August 1, 2024 15:13
-
-
Save beto-aveiga/d1bab5297beb20674650d750db678078 to your computer and use it in GitHub Desktop.
Tugboat / Apache / Site Audit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/.ddev/config.yaml b/.ddev/config.yaml | |
| index 690012b7..3bd732f9 100644 | |
| --- a/.ddev/config.yaml | |
| +++ b/.ddev/config.yaml | |
| @@ -2,7 +2,7 @@ name: abc | |
| type: drupal | |
| docroot: docroot | |
| php_version: "8.1" | |
| -webserver_type: nginx-fpm | |
| +webserver_type: apache-fpm | |
| xdebug_enabled: false | |
| additional_hostnames: [] | |
| additional_fqdns: [] | |
| diff --git a/.site-audit/site-audit-http-auth.conf b/.site-audit/site-audit-http-auth.conf | |
| new file mode 100644 | |
| index 00000000..0a9976c0 | |
| --- /dev/null | |
| +++ b/.site-audit/site-audit-http-auth.conf | |
| @@ -0,0 +1,6 @@ | |
| +<Location "/site-audit"> | |
| + AuthType Basic | |
| + AuthName "Restricted Content" | |
| + AuthUserFile /etc/apache2/.htpasswd | |
| + Require valid-user | |
| +</Location> | |
| diff --git a/.site-audit/site-audit.sh b/.site-audit/site-audit.sh | |
| new file mode 100755 | |
| index 00000000..7bbfb05f | |
| --- /dev/null | |
| +++ b/.site-audit/site-audit.sh | |
| @@ -0,0 +1,21 @@ | |
| +#!/usr/bin/env sh | |
| +set -o errexit -o nounset -o xtrace | |
| + | |
| +"${TUGBOAT_ROOT}"/vendor/bin/drush cr | |
| + | |
| +# Enable site_audit and all modules that enhance site_audit. | |
| +"${TUGBOAT_ROOT}"/vendor/bin/drush pm:enable site_audit unused_modules security_review hacked -y | |
| + | |
| +# Avoid messages in the site_audit report, | |
| +# we are running this report in Tugboat which is why | |
| +# we don't need acquia modules enabled for it. | |
| +"${TUGBOAT_ROOT}"/vendor/bin/drush pm:uninstall acquia_connector -y || true | |
| + | |
| +mkdir -p "${DOCROOT}"/site-audit | |
| +touch "${DOCROOT}"/site-audit/index.html | |
| + | |
| +# Run the site audit report and save file inside site-audit folder. | |
| +"${TUGBOAT_ROOT}"/vendor/bin/drush aa --bootstrap --detail --skip=insights --uri="${TUGBOAT_DEFAULT_SERVICE_URL} # ${TUGBOAT_REPO}" > "${DOCROOT}"/site-audit/index.html | |
| + | |
| +# Restore site configuration | |
| +"${TUGBOAT_ROOT}"/vendor/bin/drush config:import -y | |
| diff --git a/.site-audit/site-audit.vhost b/.site-audit/site-audit.vhost | |
| new file mode 100644 | |
| index 00000000..ac44d0e0 | |
| --- /dev/null | |
| +++ b/.site-audit/site-audit.vhost | |
| @@ -0,0 +1,5 @@ | |
| +<VirtualHost *:80 > | |
| + ServerName site-audit-${TUGBOAT_SERVICE_TOKEN}.${TUGBOAT_SERVICE_CONFIG_DOMAIN} | |
| + RewriteEngine on | |
| + RewriteRule ^.*$ ${TUGBOAT_DEFAULT_SERVICE_URL}site-audit [R=302,L] | |
| +</VirtualHost> | |
| diff --git a/.tugboat/config.drainpipe-override.yml b/.tugboat/config.drainpipe-override.yml | |
| index 58f6ed77..034ee0fb 100644 | |
| --- a/.tugboat/config.drainpipe-override.yml | |
| +++ b/.tugboat/config.drainpipe-override.yml | |
| @@ -1,4 +1,8 @@ | |
| php: | |
| + image: tugboatqa/php:8.1-apache-buster | |
| + | |
| + aliases: | |
| + - site-audit | |
| urls: | |
| - / | |
| - /graduate-study | |
| diff --git a/.tugboat/config.yml b/.tugboat/config.yml | |
| index 7a368341..0cbc55df 100644 | |
| --- a/.tugboat/config.yml | |
| +++ b/.tugboat/config.yml | |
| @@ -11,7 +11,7 @@ | |
| services: | |
| php: | |
| http: false | |
| - image: tugboatqa/php-nginx:8.1-fpm | |
| + image: tugboatqa/php:8.1-apache | |
| default: true | |
| depends: | |
| @@ -23,6 +23,8 @@ services: | |
| build: ./.tugboat/steps/3-build.sh | |
| online: ./.tugboat/steps/4-online.sh | |
| + aliases: | |
| + - site-audit | |
| urls: | |
| - / | |
| - /graduate-study | |
| diff --git a/.tugboat/steps/1-init.sh b/.tugboat/steps/1-init.sh | |
| index 29af84cc..3a72c37d 100755 | |
| --- a/.tugboat/steps/1-init.sh | |
| +++ b/.tugboat/steps/1-init.sh | |
| @@ -64,5 +64,11 @@ | |
| # Validate we have the right nodejs version. | |
| nodejs -v | grep -q v$NODE_MAJOR | |
| +# Apache | |
| +a2enmod headers rewrite | |
| + | |
| +# Bring in tasks. | |
| +composer install --ignore-platform-reqs | |
| +task tugboat:php:init | |
| composer install | |
| diff --git a/Taskfile.yml b/Taskfile.yml | |
| index 7c72f802..90176007 100644 | |
| --- a/Taskfile.yml | |
| +++ b/Taskfile.yml | |
| @@ -54,6 +54,7 @@ tasks: | |
| cmds: | |
| - task: drupal:composer:development | |
| - task: build:theme | |
| + - cmd: source ${TUGBOAT_ROOT}/.site-audit/site-audit.sh | |
| online:tugboat: | |
| cmds: | |
| @@ -87,6 +88,18 @@ tasks: | |
| - task: acquia:fetch-db | |
| - task: import-db | |
| + tugboat:php:init: | |
| + desc: Hooks the init step for Tugboat builds | |
| + cmds: | |
| + - | | |
| + | |
| + # Add apache config to redirect Tugboat alias to /site-audit with basic | |
| + # authentication. | |
| + htpasswd -bc /etc/apache2/.htpasswd "${BASIC_AUTH}" "${BASIC_AUTH}" | |
| + printf "\nInclude ${TUGBOAT_ROOT}/.site-audit/site-audit.vhost\n" >> /etc/apache2/apache2.conf | |
| + printf "\nInclude ${TUGBOAT_ROOT}/.site-audit/site-audit-http-auth.conf\n" >> /etc/apache2/apache2.conf | |
| + sed --expression "s@</VirtualHost>@\n\tInclude $TUGBOAT_ROOT/.site-audit/site-audit-http-auth.conf\n</VirtualHost>@" --in-place /etc/apache2/sites-enabled/000-default.conf | |
| + | |
| build: | |
| desc: "Builds the project for production" | |
| deps: [drupal:composer:production] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment