Merge pull request #151 from akunzai/dev-e2e

Add E2E tests and improve development environment

Author: akunzai

.devcontainer/README.md

@@ -3,7 +3,7 @@
 ## Requirements
 
 - [Docker Engine](https://docs.docker.com/install/)
-- [Docker Compose V2](https://docs.docker.com/compose/cli-command/)
+- [Docker Compose](https://docs.docker.com/compose/cli-command/)
 - [mkcert](https://github.com/FiloSottile/mkcert)
 - [Visual Studio Code](https://code.visualstudio.com/)
 - Bash
@@ -13,7 +13,8 @@
 ```sh
 # set up TLS certs in Host
 mkdir -p .secrets
-mkcert -cert-file .secrets/cert.pem -key-file .secrets/key.pem 'auth.dev.local'
+mkcert -cert-file .secrets/cert.pem -key-file .secrets/key.pem '*.dev.local'
+cp "$(mkcert -CAROOT)/rootCA.pem" .secrets/ca.pem
 
 # set up hosts in Host
 echo "127.0.0.1 auth.dev.local www.dev.local" | sudo tee -a /etc/hosts
@@ -34,8 +35,8 @@ docker compose -f compose.yml -f compose.debug.yml up -d
 
 ## URLs
 
-- [Joomla!](http://www.dev.local/administrator/)
-- [Keycloak](https://auth.dev.local:8443)
+- [Joomla!](https://www.dev.local/administrator/)
+- [Keycloak](https://auth.dev.local)
 
 ## Credentials
 

.devcontainer/compose.yml

@@ -1,10 +1,48 @@
 name: joomla-external-login_devcontainer
 services:
+  joomla:
+    build:
+      context: ./joomla
+    image: joomla:external-login
+    volumes:
+      - type: volume
+        source: joomla_data
+        target: /var/www/html
+      - type: bind
+        source: ${LOCAL_WORKSPACE_FOLDER:-..}/.devcontainer/joomla/logs
+        target: /var/www/html/administrator/logs
+      - type: bind
+        source: ${LOCAL_WORKSPACE_FOLDER:-..}
+        target: /workspace
+        consistency: cached
+      - type: bind
+        source: ${LOCAL_WORKSPACE_FOLDER:-..}/.devcontainer/php.ini
+        target: /usr/local/etc/php/php.ini
+        read_only: true
+      - type: bind
+        source: ${LOCAL_WORKSPACE_FOLDER:-..}/.vscode
+        target: /var/www/html/.vscode
+        consistency: cached
+    environment:
+      JOOMLA_DB_HOST: ${JOOMLA_DB_HOST:-mysql}
+      JOOMLA_DB_PASSWORD: ${JOOMLA_DB_PASSWORD:-${MYSQL_ROOT_PASSWORD:-secret}}
+      SSL_CERT_FILE: /run/secrets/ca.pem
+    secrets:
+      - ca.pem
+    depends_on:
+      - mysql
+      - traefik
+    external_links:
+      - traefik:store.dev.local
+      - traefik:www.dev.local
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.joomla.entrypoints=websecure
+      - traefik.http.routers.joomla.rule=Host(`www.dev.local`)
 
   keycloak:
     build: ./keycloak
     image: keycloak:cas
-    restart: unless-stopped
     volumes:
       - type: volume
         source: keycloak_data
@@ -17,7 +55,10 @@ services:
       - type: bind
         source: ${LOCAL_WORKSPACE_FOLDER:-..}/.devcontainer/keycloak/import
         target: /opt/keycloak/data/import
-    command: start --optimized --import-realm
+    # https://www.keycloak.org/server/configuration#_starting_keycloak
+    command:
+      - start-dev
+      - --import-realm
     environment:
       # https://www.keycloak.org/server/configuration
       KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME:-admin}
@@ -26,74 +67,73 @@ services:
       KC_PROXY_HEADERS: xforwarded
       # https://www.keycloak.org/server/all-config
       KC_HOSTNAME: auth.dev.local
-      KC_HTTPS_CERTIFICATE_FILE: /run/secrets/cert.pem
-      KC_HTTPS_CERTIFICATE_KEY_FILE: /run/secrets/key.pem
-    ports:
-      - 127.0.0.1:8443:8443
+      SSL_CERT_FILE: /run/secrets/ca.pem
     secrets:
-      - cert.pem
-      - key.pem
-    networks:
-      default:
-        aliases:
-          - auth.dev.local
-
-  joomla:
-    build:
-      context: ./joomla
-    image: joomla:external-login
-    volumes:
-      - type: volume
-        source: joomla_data
-        target: /var/www/html
-      - type: volume
-        source: joomla_log
-        target: /var/www/html/administrator/logs
-      - type: bind
-        source: ${LOCAL_WORKSPACE_FOLDER:-..}
-        target: /workspace
-        consistency: cached
-      - type: bind
-        source: ${LOCAL_WORKSPACE_FOLDER:-..}/.devcontainer/php.ini
-        target: /usr/local/etc/php/php.ini
-        read_only: true
-      - type: bind
-        source: ${LOCAL_WORKSPACE_FOLDER:-..}/.vscode
-        target: /var/www/html/.vscode
-        consistency: cached
-    environment:
-      JOOMLA_DB_HOST: ${JOOMLA_DB_HOST:-mysql}
-      JOOMLA_DB_PASSWORD: ${JOOMLA_DB_PASSWORD:-${MYSQL_ROOT_PASSWORD:-secret}}
-    ports:
-      - 127.0.0.1:80:80
+      - ca.pem
     depends_on:
       - mysql
-      - keycloak
-    networks:
-      default:
-        aliases:
-          - www.dev.local
+      - traefik
+    external_links:
+      - traefik:www.dev.local
+      - traefik:auth.dev.local
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.openmage.entrypoints=websecure
+      - traefik.http.routers.openmage.rule=Host(`auth.dev.local`)
+      - traefik.http.services.openmage.loadbalancer.server.port=8080
 
   mysql:
     # https://hub.docker.com/_/mysql
     image: mysql
-    restart: unless-stopped
     volumes:
-      - mysql_data:/var/lib/mysql
+      - type: volume
+        source: mysql_data
+        target: /var/lib/mysql
     environment:
       MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-secret}
       MYSQL_DATABASE: ${MYSQL_DATABASE:-joomla}
     ports:
       - 127.0.0.1:3306:3306
 
+  traefik:
+    # https://hub.docker.com/_/traefik
+    image: traefik
+    networks:
+      default:
+        aliases:
+          - auth.dev.local
+          - www.dev.local
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik/etc:/etc/traefik
+    command:
+      - --api.insecure=true
+      - --api.dashboard=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entryPoint.to=websecure
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.websecure.http.tls=true
+      - --providers.docker=true
+      - --providers.docker.exposedByDefault=false
+      - --providers.file.directory=/etc/traefik/dynamic/
+    ports:
+      - 127.0.0.1:80:80
+      - 127.0.0.1:443:443
+      - 127.0.0.1:9090:8080
+    secrets:
+      - cert.pem
+      - key.pem
+
 secrets:
+  ca.pem:
+    file: .secrets/ca.pem
   cert.pem:
     file: .secrets/cert.pem
   key.pem:
     file: .secrets/key.pem
 
 volumes:
   joomla_data: null
-  joomla_log: null
+  mysql_data: null
   keycloak_data: null
-  mysql_data: null

.devcontainer/devcontainer.json

@@ -1,23 +1,9 @@
 // https://aka.ms/devcontainer.json
 {
   "name": "Joomla External Login",
-  // https://github.com/devcontainers/images/tree/main/src/php
   "dockerComposeFile": "compose.yml",
   "service": "joomla",
   "workspaceFolder": "/workspace",
-  "portsAttributes": {
-    "8443": {
-      "label": "Keycloak",
-      "protocol": "https"
-    },
-    "80": {
-      "label": "Joomla",
-      "protocol": "http"
-    }
-  },
-  "otherPortsAttributes": {
-    "onAutoForward": "ignore"
-  },
   "remoteEnv": {
     "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
   },
@@ -42,9 +28,6 @@
   // https://containers.dev/features
   "features": {
     "ghcr.io/danzilberdan/devcontainers/opencode:0": {},
-    "ghcr.io/devcontainers/features/git:1": {
-      "version": "system"
-    },
     "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
       "moby": false
     }

.devcontainer/generate-certs.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+# Generate self-signed CA and server certificates for local development
+# Usage: ./generate-certs.sh [SECRETS_DIR]
+# Example: ./generate-certs.sh .secrets
+
+set -e
+
+SECRETS_DIR="${1:-.secrets}"
+DOMAINS="www.dev.local,auth.dev.local"
+
+echo "=================================================="
+echo "Certificate Generation Script"
+echo "=================================================="
+echo "Output directory: ${SECRETS_DIR}"
+echo "Domains: ${DOMAINS}"
+echo ""
+
+# Create secrets directory if not exists
+mkdir -p "${SECRETS_DIR}"
+
+# Check if certificates already exist
+if [[ -f "${SECRETS_DIR}/ca.pem" && -f "${SECRETS_DIR}/cert.pem" && -f "${SECRETS_DIR}/key.pem" ]]; then
+    echo "Certificates already exist in ${SECRETS_DIR}"
+    echo "To regenerate, remove existing certificates first."
+    exit 0
+fi
+
+echo "Step 1: Generating CA certificate..."
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout "${SECRETS_DIR}/ca-key.pem" \
+    -out "${SECRETS_DIR}/ca.pem" \
+    -subj "/CN=Local Dev CA"
+echo "✓ CA certificate created"
+
+echo ""
+echo "Step 2: Generating server certificate..."
+openssl req -nodes -newkey rsa:2048 \
+    -keyout "${SECRETS_DIR}/key.pem" \
+    -out "${SECRETS_DIR}/cert.csr" \
+    -subj "/CN=dev.local"
+
+openssl x509 -req -days 365 \
+    -in "${SECRETS_DIR}/cert.csr" \
+    -CA "${SECRETS_DIR}/ca.pem" \
+    -CAkey "${SECRETS_DIR}/ca-key.pem" \
+    -CAcreateserial \
+    -out "${SECRETS_DIR}/cert.pem" \
+    -extfile <(echo "subjectAltName=DNS:${DOMAINS//,/,DNS:}")
+
+# Clean up temporary files
+rm -f "${SECRETS_DIR}/cert.csr" "${SECRETS_DIR}/ca.srl"
+echo "✓ Server certificate created"
+
+echo ""
+echo "=================================================="
+echo "Certificate Generation Completed!"
+echo "=================================================="
+echo "Files created:"
+echo "  - ${SECRETS_DIR}/ca.pem      (CA certificate)"
+echo "  - ${SECRETS_DIR}/ca-key.pem  (CA private key)"
+echo "  - ${SECRETS_DIR}/cert.pem    (Server certificate)"
+echo "  - ${SECRETS_DIR}/key.pem     (Server private key)"
+echo ""

.devcontainer/joomla/Dockerfile

@@ -16,19 +16,19 @@ RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
     set -eux; \
     apt-get update; \
     # install the system tools we need
-    apt-get install -y --no-install-recommends mariadb-client unzip; \
+    apt-get install -y --no-install-recommends git mariadb-client unzip rsync; \
     # install the PHP extensions we need
     savedAptMark="$(apt-mark showmanual)"; \
     apt-get install -y --no-install-recommends \
-    libfreetype6-dev libicu-dev \
+    libfreetype6-dev libicu-dev libssl-dev \
     libjpeg62-turbo-dev libpng-dev \
     libxml2-dev libxslt1-dev \
     libzip-dev libwebp-dev \
     ${PHP_EXTRA_BUILD_DEPS:-}; \
     # https://www.php.net/manual/en/image.installation.php
     docker-php-ext-configure gd --enable-gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-install -j$(nproc) opcache \
-    intl gd mysqli pcntl pdo_mysql soap xsl zip; \
+    docker-php-ext-install -j$(nproc) ftp \
+    gd intl mysqli opcache pcntl pdo_mysql soap xsl zip; \
     curl -Lo /usr/local/bin/pickle https://github.com/FriendsOfPHP/pickle/releases/latest/download/pickle.phar && \
     chmod +x /usr/local/bin/pickle; \
     pickle install --no-interaction apcu-stable; \