From f1f3f4ff615a63d20c5d25da0b5624d6696b51a3 Mon Sep 17 00:00:00 2001
From: thopic <thopic@gnous.fr>
Date: Wed, 10 Nov 2021 00:45:27 +0100
Subject: [PATCH] [MM] Add testing

---
 mattermost/testing/.env.example               |  2 +
 mattermost/testing/Dockerfile                 | 50 +++++++++++
 mattermost/testing/docker-compose.yml         | 46 ++++++++++
 mattermost/testing/entrypoint.sh              | 86 +++++++++++++++++++
 .../testing/secrets/app.secrets.example       |  3 +
 mattermost/testing/secrets/db.secrets.example |  3 +
 6 files changed, 190 insertions(+)
 create mode 100644 mattermost/testing/.env.example
 create mode 100644 mattermost/testing/Dockerfile
 create mode 100644 mattermost/testing/docker-compose.yml
 create mode 100755 mattermost/testing/entrypoint.sh
 create mode 100644 mattermost/testing/secrets/app.secrets.example
 create mode 100644 mattermost/testing/secrets/db.secrets.example

diff --git a/mattermost/testing/.env.example b/mattermost/testing/.env.example
new file mode 100644
index 0000000..98fdfde
--- /dev/null
+++ b/mattermost/testing/.env.example
@@ -0,0 +1,2 @@
+DATA_PATH=
+CN=
diff --git a/mattermost/testing/Dockerfile b/mattermost/testing/Dockerfile
new file mode 100644
index 0000000..9e935eb
--- /dev/null
+++ b/mattermost/testing/Dockerfile
@@ -0,0 +1,50 @@
+FROM alpine:3.11
+
+# Some ENV variables
+ENV PATH="/mattermost/bin:${PATH}"
+ENV MM_VERSION=6.0.2
+
+# Build argument to set Mattermost edition
+ARG PUID=2000
+ARG PGID=2000
+
+
+# Install some needed packages
+RUN apk add --no-cache \
+	ca-certificates \
+	curl \
+	jq \
+	libc6-compat \
+	libffi-dev \
+	libcap \
+	linux-headers \
+	mailcap \
+	netcat-openbsd \
+	xmlsec-dev \
+	tzdata \
+	postgresql-client \
+	&& rm -rf /tmp/*
+
+# Get Mattermost
+RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
+	&& curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \
+	&& cp /mattermost/config/config.json /config.json.save \
+	&& rm -rf /mattermost/config/config.json \
+	&& addgroup -g ${PGID} mattermost \
+	&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
+	&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
+	&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
+
+# Expose port 8000 of the container
+EXPOSE 8000
+
+#Healthcheck to make sure container is ready
+HEALTHCHECK CMD curl --fail http://localhost:8000/api/v4/system/ping || exit 1
+
+USER mattermost
+
+# Configure entrypoint and command
+COPY entrypoint.sh /
+ENTRYPOINT ["/entrypoint.sh"]
+WORKDIR /mattermost
+CMD ["mattermost"]
diff --git a/mattermost/testing/docker-compose.yml b/mattermost/testing/docker-compose.yml
new file mode 100644
index 0000000..c980cc9
--- /dev/null
+++ b/mattermost/testing/docker-compose.yml
@@ -0,0 +1,46 @@
+version: "3.8"
+
+services:
+  db:
+    image: postgres:12.8-alpine
+    restart: unless-stopped
+    volumes:
+      - ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data
+      - ${DATA_PATH}/db/.pgpass:/root/.pgpass
+      - /etc/localtime:/etc/localtime:ro
+    env_file: secrets/db.secrets
+
+  app:
+    build: .
+    image: mm_app:6.0.2
+    depends_on:
+      - db
+    restart: unless-stopped
+    networks:
+      - default
+      - proxy
+    volumes:
+      - ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw
+      - ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw
+      - ${DATA_PATH}/app/mattermost/logs:/mattermost/logs:rw
+      - ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw
+      - ${DATA_PATH}/app/mattermost/client-plugins:/mattermost/client/plugins:rw
+      - /etc/localtime:/etc/localtime:ro
+    env_file: secrets/app.secrets
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.services.mm-test-web-svc.loadbalancer.server.port=8000"
+      - "traefik.http.routers.mm-test-https.service=mm-test-web-svc"
+      - "traefik.http.middlewares.mm-test-redirect-websecure.redirectscheme.scheme=https"
+      - "traefik.http.routers.mm-test-http.middlewares=mm-test-redirect-websecure"
+      - "traefik.http.routers.mm-test-http.rule=Host(`${CN}`)"
+      - "traefik.http.routers.mm-test-http.entrypoints=web"
+      - "traefik.http.routers.mm-test-https.rule=Host(`${CN}`)"
+      - "traefik.http.routers.mm-test-https.entrypoints=websecure"
+      - "traefik.http.routers.mm-test-https.tls=true"
+      - "traefik.http.routers.mm-test-https.tls.certresolver=myhttpchallenge"
+
+networks:
+  proxy:
+    external: true
diff --git a/mattermost/testing/entrypoint.sh b/mattermost/testing/entrypoint.sh
new file mode 100755
index 0000000..fbff314
--- /dev/null
+++ b/mattermost/testing/entrypoint.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+# Function to generate a random salt
+generate_salt() {
+  tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 48 | head -n 1
+}
+
+# Read environment variables or set default values
+DB_HOST=${DB_HOST:-db}
+DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
+# see https://www.postgresql.org/docs/current/libpq-ssl.html
+# for usage when database connection requires encryption
+# filenames should be escaped if they contain spaces
+#  i.e. $(printf %s ${MY_ENV_VAR:-''}  | jq -s -R -r @uri)
+# the location of the CA file can be set using environment var PGSSLROOTCERT
+# the location of the CRL file can be set using PGSSLCRL
+# The URL syntax for connection string does not support the parameters
+# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
+# to set names if using a location other than default
+DB_USE_SSL=${DB_USE_SSL:-disable}
+MM_DBNAME=${MM_DBNAME:-mattermost}
+MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
+
+_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }')
+if [ "$_1" = '-' ]; then
+  set -- mattermost "$@"
+fi
+
+if [ "$1" = 'mattermost' ]; then
+  # Check CLI args for a -config option
+  for ARG in "$@"; do
+    case "$ARG" in
+    -config=*) MM_CONFIG=${ARG#*=} ;;
+    esac
+  done
+
+  if [ ! -f "$MM_CONFIG" ]; then
+    # If there is no configuration file, create it with some default values
+    echo "No configuration file $MM_CONFIG"
+    echo "Creating a new one"
+    # Copy default configuration file
+    cp /config.json.save "$MM_CONFIG"
+    # Substitute some parameters with jq
+    jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+  else
+    echo "Using existing config file $MM_CONFIG"
+  fi
+
+  # Configure database access
+  if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
+    echo "Configure database connection..."
+    # URLEncode the password, allowing for special characters
+    ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
+    export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
+    echo "OK"
+  else
+    echo "Using existing database connection"
+  fi
+
+  # Wait another second for the database to be properly started.
+  # Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
+  until pg_isready -h $DB_HOST -p $DB_PORT_NUMBER -U $MM_USERNAME
+  do
+	  echo "Database is not ready yet. Waiting 5 seconds."
+	  sleep 5
+  done
+
+  echo "Starting mattermost"
+fi
+
+exec "$@"
diff --git a/mattermost/testing/secrets/app.secrets.example b/mattermost/testing/secrets/app.secrets.example
new file mode 100644
index 0000000..2081f38
--- /dev/null
+++ b/mattermost/testing/secrets/app.secrets.example
@@ -0,0 +1,3 @@
+MM_USERNAME=
+MM_PASSWORD=
+MM_DBNAME=
diff --git a/mattermost/testing/secrets/db.secrets.example b/mattermost/testing/secrets/db.secrets.example
new file mode 100644
index 0000000..8b2a930
--- /dev/null
+++ b/mattermost/testing/secrets/db.secrets.example
@@ -0,0 +1,3 @@
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+POSTGRES_DB=