diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f26fbcf80d4c50d82cec6ffaa9fa77fff209d1b8..3fa5c5d3f68528d54de4787901af0757e8a5fb75 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,8 +33,6 @@ pica-ci-base:
refs:
- master
- dev-ci
- - tx-services-p19-test
- - dev-sympa
# create a image based on pica-ci with only a few environment variables added (which Dockerfile has been modified...)
metabuid:
@@ -52,13 +50,12 @@ metabuid:
changes:
- "pica-dokuwiki/*"
- "pica-etherpad/*"
- - "pica-tellform/*"
+ - "pica-oh-my-form/*"
- "pica-wekan/*"
- "pica-sympa/*"
refs:
- master
- dev-ci
- - tx-services-p19-test
- dev-sympa
# build the container that was modified
@@ -78,13 +75,12 @@ build:
changes:
- "pica-dokuwiki/*"
- "pica-etherpad/*"
- - "pica-tellform/*"
+ - "pica-oh-my-form/*"
- "pica-wekan/*"
- "pica-sympa/*"
refs:
- master
- dev-ci
- - tx-services-p19-test
- dev-sympa
# run CoreOS' Clair and make the CI failed if a critical vulnerability isn't in the whitelist
@@ -113,13 +109,12 @@ clair:
changes:
- "pica-dokuwiki/*"
- "pica-etherpad/*"
- - "pica-tellform/*"
+ - "pica-oh-my-form/*"
- "pica-wekan/*"
- "pica-sympa/*"
refs:
- master
- dev-ci
- - tx-services-p19-test
- dev-sympa
# run docker-bench-security and upload the results
@@ -153,13 +148,12 @@ docker-bench-security:
changes:
- "pica-dokuwiki/*"
- "pica-etherpad/*"
- - "pica-tellform/*"
+ - "pica-oh-my-form/*"
- "pica-wekan/*"
- "pica-sympa/*"
refs:
- master
- dev-ci
- - tx-services-p19-test
- dev-sympa
# automatically deploy the container on pica01-test
@@ -196,13 +190,11 @@ deployment-test:
changes:
- "pica-dokuwiki/*"
- "pica-etherpad/*"
- - "pica-tellform/*"
- "pica-wekan/*"
- "pica-sympa/*"
refs:
- master
- dev-ci
- - tx-services-p19-test
- dev-sympa
# automatically deploy the container on the production host associated with the modified image
@@ -244,7 +236,6 @@ deployment-prod:
changes:
- "pica-dokuwiki/*"
- "pica-etherpad/*"
- - "pica-tellform/*"
- "pica-wekan/*"
refs:
- master
diff --git a/pica-oh-my-form/Dockerfile b/pica-oh-my-form/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1c1eae47d0e04ae0f4cc2e424076ff010920e0fa
--- /dev/null
+++ b/pica-oh-my-form/Dockerfile
@@ -0,0 +1,52 @@
+FROM node:10-alpine
+LABEL maintainer="quentinduchemin@tuta.io"
+
+ARG OHMYFORM_VERSION=0.2.3
+# Create a group and a user with name "ohmyform".
+RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
+
+# Install some needed packages
+RUN apk add --no-cache python=2.7.16-r1 \
+ && rm -rf /tmp/* \
+ && npm install --quiet -g grunt@1.0.4 bower@1.8.8 pm2@3.5.1 \
+ && npm cache clean --force \
+
+RUN wget -O omf.tar.gz https://github.com/ohmyform/ohmyform/archive/${OHMYFORM_VERSION}.tar.gz \
+ && tar --strip-components=1 -x -f omf.tar.gz -C /opt/app \
+ && mkdir -p /opt/app/public/lib
+ && chown -R ohmyform:ohmyform /opt/app
+
+WORKDIR /opt/app
+
+# Set "static" and non-secret environment variables
+ENV ADMIN_EMAIL=picasoft@assos.utc.fr \
+ ADMIN_USERNAME=admin \
+ APP_DESC="Une alternative libre et décentralisée à Google Forms" \
+ APP_NAME=Picaform \
+ BASE_URL=localhost \
+ CREATE_ADMIN=TRUE \
+ # Allows not to use Redis
+ ENABLE_CLUSTER_MODE=FALSE \
+ MAILER_EMAIL_ID=form \
+ MAILER_FROM=form@picasoft.net \
+ MAILER_SMTP_HOST=mail.picasoft.net \
+ MAILER_SMTP_PORT=587 \
+ MAILER_SMTP_SECURE=TRUE \
+ NODE_ENV=production \
+ PORT=5000 \
+ ROOT=/opt/app \
+ SIGNUP_DISABLED=FALSE \
+ SOCKER_URL=localhost:5000 \
+ SOCKET_PORT=5000 \
+ SUBDOMAINS_DISABLED=TRUE \
+ TLS_FLAVOR=notls
+
+RUN npm install --only=production \
+ && bower install --allow-root -f \
+ && grunt build
+
+# Change to non-root privilege
+USER ohmyform
+
+# Run OhMyForm server
+CMD ["node", "server.js"]
diff --git a/pica-oh-my-form/README.md b/pica-oh-my-form/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..765528f11ebb2b165d2ac5cfd90327343f473ca8
--- /dev/null
+++ b/pica-oh-my-form/README.md
@@ -0,0 +1,19 @@
+## PicaForm
+
+### Introduction
+
+This is a custom Dockerfile and Docker Compose of [OhMyForms](https://github.com/ohmyform/ohmyform/), made for the Picasoft infrastructure (Traefik in mind).
+
+We removed development options and added some customization.
+
+Each time you push to this directory :
+* The image will be built and pushed on the registry
+* A static and dynamic security analysis will be done
+
+### Usage
+
+Either you use the `docker-compose.yml` file by itself, either you integrate it in a global file. For the later, you can safely remove the `networks` directives.
+
+You'll need to set some secrets in a file named `omf.secrets`. Take [`omf.secrets.example`] as a base. Be sure that the `env_file` directive in `docker-compose.yml` has the path of your secrets file.
+
+Just launch `docker-compose up -d omf` and all should be ok.
diff --git a/pica-oh-my-form/docker-compose.yml b/pica-oh-my-form/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4e188776345bb9bbc5c255d4817ef6c8a7e7e383
--- /dev/null
+++ b/pica-oh-my-form/docker-compose.yml
@@ -0,0 +1,42 @@
+version: "3.7"
+
+networks:
+ docker_default:
+ external: true
+ name: "docker_default"
+
+volumes:
+ omf-mongo:
+
+services:
+ omf-mongo:
+ image: mongo:4
+ container_name: omf-mongo
+ volumes:
+ - omf-mongo:/data
+ networks:
+ - docker_default
+ security_opt:
+ - no-new-privileges
+ restart: unless-stopped
+
+ omf:
+ image: registry.picasoft.net/ohmyform:0.2.3
+ env_file: ./secrets/omf.secrets
+ # Set this in docker-compose because container-names dependant
+ environment:
+ MONGODB_URI: omf-mongo://mongo/ohmyform
+ links:
+ - omf-mongo
+ - omf-redis
+ labels:
+ - traefik.frontend.rule=Host:form.picasoft.net
+ - traefik.port=5000
+ networks:
+ - docker_default
+ security_opt:
+ - no-new-privileges
+ depends_on:
+ - omf-mongo
+ - omf-redis
+ restart: unless-stopped
diff --git a/pica-oh-my-form/omf.secrets.example b/pica-oh-my-form/omf.secrets.example
new file mode 100644
index 0000000000000000000000000000000000000000..45431fbe6917592268f5007bb969dbd59d4b9ffb
--- /dev/null
+++ b/pica-oh-my-form/omf.secrets.example
@@ -0,0 +1,6 @@
+# Random string used to compute session hash
+SESSION_SECRET=
+# Password for cn=form,ou=Services,dc=picasoft,dc=net LDAP account
+MAILER_PASSWORD=
+# Password for "admin" account
+ADMIN_PASSWORD=