Adambean · IamTaoChen · Mar 27, 2023 · Mar 27, 2023 · Mar 27, 2023 · Mar 27, 2023
diff --git a/Dockerfile b/Dockerfile
@@ -1,21 +1,40 @@
 FROM mlocati/php-extension-installer:latest AS installer
 FROM php:7.4.9-cli-alpine3.12
+# USER root
 
 COPY --from=installer /usr/bin/install-php-extensions /usr/bin/
 
-RUN apk add --no-cache bash curl && \
-    rm -rf /var/cache/apk/*
-
+RUN apk add --no-cache bash curl tini\
+    && rm -rf /var/cache/apk/* \
+    && install-php-extensions ldap \
+    && mkdir -p /app
+    # && chown -R www-data:www-data /app
 # Install PHP extensions
-RUN install-php-extensions ldap
-
-# INSTALL COMPOSER
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
+# RUN install-php-extensions ldap
 
 WORKDIR /app
 COPY . .
+# USER www-data
+
+# INSTALL COMPOSER
+#     && git clone git@github.com:Adambean/gitlab-ce-ldap-sync.git /app \
+SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \
+    && composer install
+
+ADD ./docker /tmp/docker
+RUN cp /tmp/docker/entrypoint.sh /entrypoint.sh \
+    && chmod +x /entrypoint.sh \
+    && cp /tmp/docker/healthcheck.sh /healthcheck.sh \
+    && chmod +x /healthcheck.sh \
+    && cp /tmp/docker/cron_task.sh /cron_task.sh \
+    && chmod +x /cron_task.sh \
+    && cp /tmp/docker/example_config.yml /app/example_config.yml \
+    && rm -rf /tmp/docker
+
+
+ENTRYPOINT ["tini", "--", "/entrypoint.sh"]
 
-RUN composer install
+HEALTHCHECK --timeout=5s CMD ["/healthcheck.sh"]
 
-CMD ["update-ca-certificates", "&&", "php", "bin/console", "ldap:sync"]
+# CMD ["update-ca-certificates", "&&", "php", "bin/console", "ldap:sync"]
diff --git a/docker.sh b/docker.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+DEFAULT_REPO="iamtaochen"
+DEFAULT_NAME="gitlab-ldap-sync"
+
+MODE=$1; shift
+if [ -z "$MODE" ]; then
+    MODE="build"
+fi
+
+function build() {
+    NAME=$1
+    if [ -z "$NAME" ]; then
+        NAME=$DEFAULT_NAME
+    fi
+    TAG=$2
+    if [ -z "$TAG" ]; then
+        TAG="latest"
+    fi
+    docker build -t $NAME:$TAG .
+}
+
+function push()
+{
+    NAME=$1
+    if [ -z "$NAME" ]; then
+        NAME=$DEFAULT_NAME
+    fi
+    TAG=$2
+    if [ -z "$TAG" ]; then
+        TAG="latest"
+    fi
+    REPO=$3
+    if [ -z "$REPO" ]; then
+        REPO=$DEFAULT_REPO
+    fi
+    IMAG=$NAME:$TAG
+    REMOTE=$REPO/$IMAG
+    docker tag $IMAG $REMOTE
+    docker push $REMOTE
+}
+
+if [ "$MODE" == "build" ]; then
+    build $@
+elif [ "$MODE" == "push" ]; then
+    push $@
+elif [ "$MODE" == "all" ]; then
+    build $@
+    push $@
+fi
+
diff --git a/docker/README.md b/docker/README.md
@@ -0,0 +1,84 @@
+## how to use docker
+
+### Volume
+    - /etc/localtime:/etc/localtime:ro
+    - ./config.yml:/app/config.yml
+you can mount config.yml at /app/config.yml as default. If you mount at different location, you shoulf
+set the CONFIG_FILE as your file location
+
+### Enviriment
+
+#### SYNC_INTERVAL_DAY
+default is 0;
+
+#### SYNC_INTERVAL_HOUR
+default is 0;
+
+#### SYNC_INTERVAL_MINUTE
+default is 5;
+
+#### CONFIG_FILE
+where is the config.yml. default is /app/config.yml
+
+#### DRY_RUN
+default is false. If you set as true, this docker don't sysn really.
+
+#### DEBUG_V
+default is "v". if set as "NULL", there are no output
+
+
+## Example
+```yaml
+version: "3.7"
+
+services:
+
+    gitlab-ldap-sync:
+        build: 
+            context: ./ldap-sync/github
+            dockerfile: Dockerfile
+        image: my/gitlab-ldap-sync
+        container_name: gitlab-ldap-sync
+        hostname: gitlab-ldap-sync
+        privileged: false
+        network_mode: host
+        volumes:
+            - /etc/localtime:/etc/localtime:ro
+            - ./ldap-sync/config.yml:/app/config.yml
+        environment:
+            DRY_RUN: false
+            SYNC_INTERVAL_MINUTE: 5
+            DEBUG_V: "v"
+```
+
+
+
+## Example
+```yaml
+version: "3.7"
+
+services:
+
+    gitlab-ldap-sync:
+        build: 
+            context: ./ldap-sync/github
+            dockerfile: Dockerfile
+        image: my/gitlab-ldap-sync
+        container_name: gitlab-ldap-sync
+        hostname: gitlab-ldap-sync
+        privileged: false
+        network_mode: host
+        volumes:
+            - /etc/localtime:/etc/localtime:ro
+            - ./ldap-sync/config.yml:/app/config.yml
+        environment:
+            DRY_RUN: false
+            SYNC_INTERVAL_MINUTE: 5
+            DEBUG_V: "v"
+```
+
+
+### addingtion
+config.yml add new setting.
+`gitlab.options.unsyncExtraGroups` default is `false`
+if set true, this script would ignore the groups cerated in gitlab but not in LDAP
diff --git a/docker/cron_task.sh b/docker/cron_task.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+### 
+echo "-------------------------------------------------------------"
+echo " Executing Cron Tasks: $(date)"
+echo "-------------------------------------------------------------"
+set -e
+
+WORK_DIR=/app
+CONFIG_FILE_DEFAULT=$WORK_DIR/config.yml
+
+if [ -z "$CONFIG_FILE" ]; then
+    CONFIG_FILE=$CONFIG_FILE_DEFAULT
+fi
+
+if [ ! -f "$CONFIG_FILE" ]; then
+    echo "Config file not found, use default config file."
+    $CONFIG_FILE=$WORK_DIR/config.yml.dist
+fi
+
+if [ ! -f "$CONFIG_FILE_DEFAULT" ]; then
+    ln -s $CONFIG_FILE $WORK_DIR/config.yml
+fi
+
+
+if [ -z "$DRY_RUN" ]; then
+    DRY_RUN=false
+fi
+
+if [ -z "$DEBUG_V" ]; then
+    DEBUG_V="-v"
+elif [ $DEBUG_V = "NULL" ]; then
+    DEBUG_V=""
+else
+    DEBUG_V=-$DEBUG_V
+fi
+
+PHP_SCRIPT=$WORK_DIR/bin/console
+if [ $DRY_RUN = true ]; then
+    CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync -d $DEBUG_V"
+else
+    CMD="update-ca-certificates && php $PHP_SCRIPT ldap:sync $DEBUG_V"
+fi
+
+echo "Start to run cron task : $CMD"
+eval $CMD
+echo "Done"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+if [ -z "$SYNC_INTERVAL_DAY" ]; then
+    SYNC_INTERVAL_DAY=0
+fi
+
+if [ -z "$SYNC_INTERVAL_HOUR" ]; then
+    SYNC_INTERVAL_HOUR=0
+fi
+
+if [ -z "$SYNC_INTERVAL_MINUTE" ]; then
+    SYNC_INTERVAL_MINUTE=5
+fi
+
+if [ $SYNC_INTERVAL_DAY -gt 0 ]; then
+    DAY_SYMBOL="*/$SYNC_INTERVAL_DAY"
+else
+    DAY_SYMBOL="*"
+fi
+
+if [ $SYNC_INTERVAL_HOUR -gt 0 ]; then
+    HOUR_SYMBOL="*/$SYNC_INTERVAL_HOUR"
+else
+    HOUR_SYMBOL="*"
+fi
+
+if [ $SYNC_INTERVAL_MINUTE -gt 0 ]; then
+    MINUTE_SYMBOL="*/$SYNC_INTERVAL_MINUTE"
+else
+    MINUTE_SYMBOL="*"
+fi
+
+CRON_FILE=/var/spool/cron/crontabs/root
+# if [ -f "$CRON_FILE" ]; then
+#     rm -rf $CRON_FILE
+# fi
+
+CRON_TASK_CMD="$MINUTE_SYMBOL $HOUR_SYMBOL $DAY_SYMBOL * * /cron_task.sh"
+
+echo "-------------------------------------------------------------"
+echo " Start at : $(date)"
+echo "-------------------------------------------------------------"
+echo "manual excute: /cron_task.sh"
+bash /cron_task.sh
+echo "Done"
+echo "-------------------------------------------------------------"
+
+echo "Cron task: $CRON_TASK_CMD"
+echo "$CRON_TASK_CMD" > $CRON_FILE
+
+echo "Starting crond"
+exec crond -f -l 0
diff --git a/docker/example_config.yml b/docker/example_config.yml
@@ -0,0 +1,50 @@
+# If you don't know what you're doing check "README.md" for more details before
+# filing a request for help.
+
+ldap:
+    debug:                  false
+    winCompatibilityMode:   false
+
+    server:
+        host:                           ~
+        port:                           ~
+        version:                        3
+        encryption:                     ~
+
+        bindDn:                         ~
+        bindPassword:                   ~
+
+    queries:
+        baseDn:                         ''
+
+        userDn:                         ''
+        userFilter:                     "(objectClass=inetOrgPerson)"
+        userUniqueAttribute:            "uid"
+        userMatchAttribute:             "uid"
+        userNameAttribute:              "cn"
+        userEmailAttribute:             "mail"
+
+        groupDn:                        ''
+        groupFilter:                    "(objectClass=groupOfUniqueNames)"
+        groupUniqueAttribute:           "cn"
+        groupMemberAttribute:           "memberUid"
+
+gitlab:
+    debug: false
+
+    options:
+        userNamesToIgnore:              []
+        groupNamesToIgnore:             []
+
+        createEmptyGroups:              false
+        deleteExtraGroups:              false
+        newMemberAccessLevel:           30
+
+        groupNamesOfAdministrators:     []
+        groupNamesOfExternal:           []
+
+    instances:
+        example:
+            url:            ~
+            token:          ~
+            ldapServerName: ~
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+
+set -x
+
+# Make sure cron daemon is still running
+ps -o comm | grep crond || exit 1