FASJSON: include build scripts in the source code

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/openshift-apps/fasjson/templates/Dockerfile

@@ -1,37 +0,0 @@
-# Switch to F36 when this PR is shipped: https://github.com/python-ldap/python-ldap/pull/458
-FROM fedora:37
-LABEL \
-  name="fasjson" \
-  vendor="Fedora Infrastructure" \
-  license="GPLv3+"
-ENV HOME=/opt
-RUN dnf install -y \
-        openldap-clients \
-        vim \
-        git \
-        ipa-client \
-        gcc \
-        redhat-rpm-config \
-        python-devel \
-        krb5-devel \
-        openldap-devel \
-        httpd \
-        mod_auth_gssapi \
-        mod_session \
-        policycoreutils-python-utils \
-        python3-mod_wsgi \
-        python3-pip && \
-    dnf autoremove -y && \
-    dnf clean all -y
-RUN python3 -m venv /opt/venv
-RUN /opt/venv/bin/pip install poetry
-RUN git clone https://github.com/fedora-infra/fasjson.git && \
-    pushd fasjson && \
-    git checkout {{ (env == 'production')|ternary('stable', 'staging') }} && \
-    /opt/venv/bin/poetry config virtualenvs.create false && \
-    /opt/venv/bin/poetry install --no-dev && \
-    popd
-RUN rm -f /etc/krb5.conf && ln -sf /etc/krb5/krb5.conf /etc/krb5.conf && \
-    rm -f /etc/openldap/ldap.conf && ln -sf /etc/ipa/ldap.conf /etc/openldap/ldap.conf
-EXPOSE 8080
-ENTRYPOINT bash /etc/fasjson/start.sh

roles/openshift-apps/fasjson/templates/buildconfig.yml

@@ -9,14 +9,12 @@ metadata:
 spec:
   runPolicy: Serial
   source:
-    type: Dockerfile
-    dockerfile: |-
-      {{ load_file('Dockerfile') | indent(6) }}
+    type: Git
+    git:
+      uri: https://github.com/fedora-infra/fasjson.git
+      ref: {{ (env == 'production')|ternary('stable', 'staging') }}
   strategy:
     type: Docker
-    dockerStrategy:
-      # Prevent Docker from caching the git clone step in the Dockerfile
-      noCache: true
   output:
     to:
       kind: ImageStreamTag

roles/openshift-apps/fasjson/templates/httpd.conf

@@ -1,97 +0,0 @@
-Listen 0.0.0.0:8080
-ServerRoot "/httpdir"
-PidFile "/httpdir/httpd.pid"
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule include_module modules/mod_include.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule env_module modules/mod_env.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule status_module modules/mod_status.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule version_module modules/mod_version.so
-LoadModule wsgi_module modules/mod_wsgi_python3.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule unixd_module modules/mod_unixd.so
-LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule request_module modules/mod_request.so
-LoadModule auth_gssapi_module modules/mod_auth_gssapi.so
-LoadModule session_module modules/mod_session.so
-LoadModule session_cookie_module modules/mod_session_cookie.so
-LoadModule session_dbd_module modules/mod_session_dbd.so
-LoadModule auth_form_module modules/mod_auth_form.so
-LoadModule setenvif_module modules/mod_setenvif.so
-
-StartServers  20
-ServerLimit   100
-MaxRequestsPerChild 2000
-MaxRequestWorkers 100
-TypesConfig /etc/mime.types
-AddDefaultCharset UTF-8
-CoreDumpDirectory /tmp
-
-# Logging. Don't log OpenShift's probes
-SetEnvIf Request_URI "^/healthz/" dontlog
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-CustomLog /httpdir/access.log combined env=!dontlog
-ErrorLog /httpdir/error.log
-LogLevel info
-
-WSGISocketPrefix run/wsgi
-WSGIPythonHome /opt/venv
-WSGIDaemonProcess fasjson processes=4 threads=1 maximum-requests=500 \
-  display-name=%{GROUP} socket-timeout=2147483647 \
-  lang=C.UTF-8 locale=C.UTF-8 home=/httpdir
-WSGIImportScript /etc/fasjson/wsgi.py \
-  process-group=fasjson application-group=fasjson
-WSGIScriptAlias / /etc/fasjson/wsgi.py
-WSGIScriptReloading Off
-WSGIRestrictStdout Off
-WSGIRestrictSignal Off
-#WSGIPythonOptimize 1  # This causes the ldap module to fail
-
-<Location "/">
-  WSGIProcessGroup fasjson
-  WSGIApplicationGroup fasjson
-
-  Require all granted
-  ErrorDocument 401 /errors/401
-  ErrorDocument 403 /errors/403
-  ErrorDocument 404 /errors/404
-  ErrorDocument 500 /errors/500
-</Location>
-
-<LocationMatch "^/v[0-9]+/">
-  AuthType GSSAPI
-  AuthName "Kerberos Login"
-  GssapiUseSessions On
-  Session On
-  SessionCookieName ipa_session path=/;httponly;secure;
-  SessionHeader IPASESSION
-  GssapiSessionKey file:/httpdir/run/session.key
-
-  GssapiCredStore keytab:/etc/keytabs/http
-  GssapiCredStore client_keytab:/etc/keytabs/http
-  GssapiCredStore ccache:FILE:/httpdir/httpd.ccache
-  GssapiDelegCcacheDir /httpdir/run/ccaches
-  GssapiDelegCcachePerms mode:0660
-  GssapiUseS4U2Proxy on
-  GssapiAllowedMech krb5
-
-  Require valid-user
-
-  Header always append X-Frame-Options DENY
-  Header always append Content-Security-Policy "frame-ancestors 'none'"
-  Header unset Set-Cookie
-  Header unset ETag
-  FileETag None
-</LocationMatch>

roles/openshift-apps/fasjson/templates/start.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-rm -rf /httpdir/*
-mkdir /httpdir/run/ /httpdir/run/ccaches/
-ln -s /etc/httpd/modules /httpdir/modules
-truncate --size=0 /httpdir/access.log /httpdir/error.log
-tail -qf /httpdir/access.log /httpdir/error.log &
-exec httpd -f /etc/fasjson/httpd.conf -DFOREGROUND -DNO_DETACH

roles/openshift-apps/fasjson/templates/wsgi.py

@@ -1,4 +0,0 @@
-from werkzeug.middleware.proxy_fix import ProxyFix
-from fasjson.web.app import create_app
-application = create_app()
-application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1)