Merge pull request #8 from stormburststudios/main

Push fixes upstream

.actrc

@@ -9,3 +9,5 @@
 --platform ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
 --platform ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
 --platform ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04
+--secret-file=.act.secrets
+--var-file=.act.vars

.github/workflows/docker.build.yml

@@ -9,35 +9,37 @@ on:
   workflow_dispatch:
 
 env:
-  PLATFORMS: linux/amd64,linux/arm64
+  PLATFORMS: ${{ vars.PLATFORMS }}
-  CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }}
+  DOCKER_IMAGE: ghcr.io/${{ github.repository }}
 
 jobs:
   docker-build:
     name: Build Swarm Load Balancer
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - uses: benzine-framework/action-setup-php@main
       - uses: benzine-framework/action-get-datetime@main
       - uses: benzine-framework/action-setup-docker@main
         with:
-          ghcr_user: matthewbaggett
+          ghcr_user: ${{ vars.SERVICE_ACCOUNT_USERNAME }}
-          ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+          ghcr_token: ${{ secrets.SERVICE_ACCOUNT_TOKEN }}
-          docker_hub_user: matthewbaggett
-          docker_hub_token: ${{ secrets.DOCKER_HUB_TOKEN }}
       - name: "Build & Push Candidate Image as ${{ env.CANDIDATE_IMAGE }}"
         uses: docker/build-push-action@v5
         with:
           context: .
-          target: bouncer
+          target: loadbalancer
           build-args: |
+            MAINTAINER=${{ vars.PUBLIC_MAINTAINER || 'Matthew Baggett <matthew@baggett.me>' }}
+            SOURCE_URL="https://github.com/${{ github.repository }}"
             GIT_SHA=${{ github.sha }}
             GIT_BUILD_ID=${{ github.ref_name }}
             GIT_COMMIT_MESSAGE=${{ github.event.head_commit.message }}
             BUILD_DATE=${{ env.ATOM }}
-          platforms: ${{ github.actor != 'nektos/act' && env.PLATFORMS || 'linux/amd64' }}
+          platforms: ${{ github.actor != 'nektos/act' && vars.PLATFORMS || 'linux/amd64' }}
           pull: true
           push: ${{ github.ref == 'refs/heads/main' }}
-          tags: ${{ env.CANDIDATE_IMAGE }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:date-${{ env.DATE }}
+            ${{ env.DOCKER_IMAGE }}:sha-${{ github.sha }}
           cache-from: ${{ env.DOCKER_CACHE_FROM }}
           cache-to: ${{ env.DOCKER_CACHE_TO }}

.github/workflows/docker.clean.yml

@@ -15,30 +15,32 @@ on:
 jobs:
   cleanup-delete-candidate-image:
     name: Delete candidate image
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
       - uses: vlaurin/action-ghcr-prune@v0.6.0
+        continue-on-error: true
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           organization: ${{ github.repository_owner }}
-          container: bouncer
+          container: docker-swarm-loadbalancer
           dry-run: true
           prune-tags-regexes: |
             ^build-${{ github.sha }}$
 
   cleanup-untagged-images:
     name: Delete untagged images
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
       - uses: vlaurin/action-ghcr-prune@v0.6.0
+        continue-on-error: true
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           organization: ${{ github.repository_owner }}
-          container: bouncer
+          container: docker-swarm-loadbalancer
           dry-run: true
-          keep-younger-than: 30 # days
+          keep-younger-than: 90 # days
           keep-last: 2
           prune-untagged: true
           keep-tags-regexes: |

.github/workflows/docker.release.yml

@@ -9,26 +9,15 @@ on:
   workflow_dispatch:
 
 env:
-  CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }}
+  CANDIDATE_IMAGE: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}
-  RELEASE_IMAGE_GHCR: ghcr.io/benzine-framework/bouncer:latest
+  RELEASE_IMAGE: ghcr.io/${{ github.repository }}:latest
-  RELEASE_IMAGE_DOCKER: benzine/bouncer:latest
 
 jobs:
   release-ghcr:
-    name: GHCR
+    name: GitHub Container Registry
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
-      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
+      - run: docker login ghcr.io -u ${{ vars.SERVICE_ACCOUNT_USERNAME }} -p ${{ secrets.SERVICE_ACCOUNT_TOKEN }}
       - run: docker pull ${{ env.CANDIDATE_IMAGE }}
-      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE_GHCR }}
+      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE }}
-      - run: docker push ${{ env.RELEASE_IMAGE_GHCR }}
+      - run: docker push ${{ env.RELEASE_IMAGE }}
-
-  release-docker-hub:
-    name: Docker Hub
-    runs-on: ubuntu-latest
-    steps:
-      - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
-      - run: docker login docker.io -u matthewbaggett -p ${{ secrets.DOCKER_HUB_TOKEN }}
-      - run: docker pull ${{ env.CANDIDATE_IMAGE }}
-      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE_DOCKER }}
-      - run: docker push ${{ env.RELEASE_IMAGE_DOCKER }}

.github/workflows/docker.validate.yml

@@ -13,12 +13,12 @@ on:
       - completed
 
 env:
-  CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }}
+  CANDIDATE_IMAGE: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}
 
 jobs:
   validate-install-report:
     name: Run Install Report
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
       - name: "Pull Candidate Image"
@@ -27,7 +27,7 @@ jobs:
         run: docker run --rm ${{ env.CANDIDATE_IMAGE }} /usr/bin/install-report
   validate-dive-report:
     name: Run Dive
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
       - name: "Pull Candidate Image"
@@ -48,7 +48,7 @@ jobs:
           config-file: ${{ github.workspace }}/.dive-ci.yml
   validate-vulnerability-report:
     name: Run Trivy
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - run: docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }}
       - name: "Pull Candidate Image"

.github/workflows/php.check.yml

@@ -10,7 +10,7 @@ on:
 jobs:
   php-stan:
     name: PHPStan
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     permissions:
       checks: write # To post annotations
       contents: read # For repo checkout
@@ -20,7 +20,7 @@ jobs:
 
   php-cs-fixer:
     name: PHP-CS-Fixer
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     permissions:
       checks: write # For trunk to post annotations
       contents: read # For repo checkout

.github/workflows/tag.release.yml

@@ -17,7 +17,7 @@ env:
 jobs:
   build-tagged-release:
     name: Build Swarm Load Balancer
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
       - run: echo "Building Tagged Release ${{ env.TAG_IMAGE_GHCR }} & ${{ env.TAG_IMAGE_DOCKER }}"

.github/workflows/tests.yml

@@ -10,49 +10,63 @@ on:
 jobs:
   test-integration:
     name: Integration Tests
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     steps:
       - uses: actions/checkout@v4
-      - name: Start Bouncer
+      - name: Start Loadbalancer
         run: |
           rm -f docker-compose.override.yml
-          docker compose up --build -d bouncer test-box
+          docker compose up --build -d loadbalancer test-box
       - name: Give it a moment...
         run: sleep 5
       - name: No-SSL Connect to Web A
+        shell: bash
         run: |
+          set -xeu
           docker compose exec test-box curl -s -D - http://a.example.org > a.nossl.http
           grep "HTTP/1.1 200 OK" a.nossl.http;
           grep "<h1>Website A</h1>" a.nossl.http;
       - name: SSL Connect to Web A
+        shell: bash
         run: |
+          set -xeu
           docker compose exec test-box curl -s -k -D - https://a.example.org 2>&1 > a.ssl.http;
           grep "HTTP/1.1 200 OK" a.ssl.http;
           grep "<h1>Website A</h1>" a.ssl.http;
       - name: No-SSL Connect to Web B
+        shell: bash
         run: |
+          set -xeu
           docker compose exec test-box curl -s -D - http://b.example.org 2>&1 > b.nossl.http 
           grep "HTTP/1.1 200 OK" b.nossl.http
           grep "<h1>Website B</h1>" b.nossl.http
       - name: SSL Connect to Web B
+        shell: bash
         run: |
+          set -xeu
           docker compose exec test-box curl -s -k -D - https://b.example.org 2>&1 > b.ssl.http
           grep "HTTP/1.1 200 OK" b.ssl.http
           grep "<h1>Website B</h1>" b.ssl.http
       - name: No-SSL Connect to SSL-redirect
+        shell: bash
         run: |
+          set -xeu
           docker compose exec test-box curl -s -D - http://redirect-to-ssl.example.org 2>&1 > redirect.nossl.http
           # Validate its redirected
           grep "HTTP/1.1 301 Moved Permanently" redirect.nossl.http
           # And going to the right place
           grep "Location: https://redirect-to-ssl.example.org" redirect.nossl.http
       - name: SSL Connect to SSL-redirect
+        shell: bash
         run: |
+          set -xeu
           docker compose exec test-box curl -s -k -D - https://redirect-to-ssl.example.org 2>&1 > redirect.ssl.http
           grep "HTTP/1.1 200 OK" redirect.ssl.http
           grep "<h1>Website redirect-to-ssl</h1>" redirect.ssl.http
       - name: Connect to Plural multiple times and verify it loadbalances
+        shell: bash
         run: |
+          set -xeu
           rm -f plural_requests
           for i in {1..20}; do
               docker compose exec test-box curl -s -k https://plural.example.org 2>&1 >> plural_requests

.github/workflows/trunk.cache.yml

@@ -22,7 +22,7 @@ concurrency:
 jobs:
   trunk-cache:
     name: Trunk Cache
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     permissions:
       actions: write
     steps:

.github/workflows/trunk.check.yml

@@ -10,7 +10,7 @@ on:
 jobs:
   trunk-check:
     name: Trunk Check Runner
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     permissions:
       checks: write # For trunk to post annotations
       contents: read # For repo checkout

.github/workflows/trunk.upgrade.yml

@@ -20,7 +20,7 @@ concurrency:
 jobs:
   trunk-upgrade:
     name: Upgrade Trunk
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNS_ON }}
     permissions:
       contents: write # For trunk to create PRs
       pull-requests: write # For trunk to create PRs

.gitignore

@@ -2,3 +2,5 @@
 /.php-cs-fixer.cache
 /.github/cache
 /.secrets
+/.act.secrets
+/.act.vars

.trunk/trunk.yaml

@@ -47,16 +47,16 @@ tools:
   enabled:
     - tfupdate@0.8.2
     - phpstan@1.10.58
-    - gh@2.49.2
+    - gh@2.51.0
     - jq@jq-1.7.1
-    - yq@4.44.1
+    - yq@4.44.2
-    - awscli@1.33.9
+    - awscli@1.33.13
     - action-validator@0.6.0
     - act@0.2.63
     - shellcheck@0.10.0
     - hadolint@2.12.0
     - svgo@3.3.2
-    - tofu@1.7.1
+    - tofu@1.7.2
     - trunk-toolbox@0.3.1
     - tflint@0.51.1
     - terraform@1.1.4

Dockerfile

@@ -1,9 +1,22 @@
 # checkov:skip=CKV_DOCKER_3 I don't have time for rootless
-FROM ghcr.io/benzine-framework/php:cli-8.2 AS bouncer
+FROM ghcr.io/benzine-framework/php:cli-8.2 AS loadbalancer
 
-LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
+# Allow overriding the default SSL cert subject
-      org.label-schema.vcs-url="https://github.com/benzine-framework/docker-swarm-loadbalancer" \
+ARG DEFAULT_SSL_CERT_SUBJECT="/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"
-      org.opencontainers.image.source="https://github.com/benzine-framework/docker-swarm-loadbalancer"
+ARG PUBLIC_MAINTAINER="Matthew Baggett <matthew@baggett.me>"
+ARG SOURCE_URL="https://github.com/benzine-framework/docker-swarm-loadbalancer"
+ARG BUILD_DATE
+ARG GIT_SHA
+ARG GIT_BUILD_ID
+ARG GIT_COMMIT_MESSAGE
+ENV BUILD_DATE=${BUILD_DATE} \
+    GIT_SHA=${GIT_SHA} \
+    GIT_BUILD_ID=${GIT_BUILD_ID} \
+    GIT_COMMIT_MESSAGE=${GIT_COMMIT_MESSAGE}
+
+LABEL maintainer="${PUBLIC_MAINTAINER}" \
+      org.label-schema.vcs-url="${SOURCE_URL}" \
+      org.opencontainers.image.source="${SOURCE_URL}"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -37,8 +50,17 @@ RUN apt-get -qq update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log
 
-# copy some default self-signed certs
+# Generate some default self-signed certs
-COPY self-signed-certificates /certs
+RUN mkdir /certs && \
+    openssl req \
+      -x509 \
+    -newkey rsa:4096 \
+    -keyout /certs/example.key \
+    -out /certs/example.crt \
+    -sha256 \
+    -days 3650 \
+    -nodes \
+    -subj "${DEFAULT_SSL_CERT_SUBJECT}"
 
 # Install runits for services
 COPY nginx.runit /etc/service/nginx/run
@@ -72,16 +94,6 @@ COPY src /app/src
 COPY templates /app/templates
 RUN chmod +x /app/bin/bouncer
 
-# stuff some envs from build
-ARG BUILD_DATE
-ARG GIT_SHA
-ARG GIT_BUILD_ID
-ARG GIT_COMMIT_MESSAGE
-ENV BUILD_DATE=${BUILD_DATE} \
-    GIT_SHA=${GIT_SHA} \
-    GIT_BUILD_ID=${GIT_BUILD_ID} \
-    GIT_COMMIT_MESSAGE=${GIT_COMMIT_MESSAGE}
-
 # Create some volumes for logs and certs
 VOLUME /etc/letsencrypt
 VOLUME /var/log/bouncer
@@ -104,5 +116,5 @@ HEALTHCHECK --start-period=3s --interval=3s \
 
 # checkov:skip=CKV_DOCKER_7 This is a test container.
 # checkov:skip=CKV_DOCKER_3 This is a test container.
-FROM alpine as test-box
+FROM alpine AS test-box
-RUN apk add --no-cache curl bash
+RUN apk add --no-cache curl bash

docker-compose.override.yml

@@ -1,5 +1,5 @@
 services:
-  bouncer:
+  loadbalancer:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./src:/app/src

docker-compose.yml

@@ -2,14 +2,22 @@ networks:
   default:
 
 services:
-  bouncer:
+  loadbalancer:
     build:
       context: .
-      target: bouncer
+      target: loadbalancer
+      args:
+        MAINTAINER: "Test <test@oneupsales.co.uk>"
+        SOURCE_URL: "https://github.com/doesntmatter"
+        GIT_SHA: "1234"
+        GIT_BUILD_ID: "test"
+        GIT_COMMIT_MESSAGE: "testy mctestface"
+        BUILD_DATE: "1970-01-01"
       additional_contexts:
         - php:cli=docker-image://ghcr.io/benzine-framework/php:cli-8.2
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+    image: loadbalancer-test
     networks:
       default:
         aliases:

self-signed-certificates/example.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDnTCCAoWgAwIBAgIUJYUUmBQ2/ERZ7xinAJzVhiFWViYwDQYJKoZIhvcNAQEL
-BQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExDjAMBgNVBAcMBU1p
-YW1pMRYwFAYDVQQKDA1FeGFtcGxlIEdyb3VwMRQwEgYDVQQDDAtleGFtcGxlLm9y
-ZzAgFw0yMTA1MzAxNzU4MzlaGA8yMTIxMDUwNjE3NTgzOVowXTELMAkGA1UEBhMC
-VVMxEDAOBgNVBAgMB0Zsb3JpZGExDjAMBgNVBAcMBU1pYW1pMRYwFAYDVQQKDA1F
-eGFtcGxlIEdyb3VwMRQwEgYDVQQDDAtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANJa9OcoCW+mej8qDMCCTGnqMAuUqBIj1wZLgOdT
-4DHriq1vKi1JLsDZkYekrCq/sfWo97kDXsdK6YN4+mua5EN4cTG3mSpal+RgLTc2
-HMKHFfgzPzIN/n5AEqzdVZb5j0P3LoUNH687AlplW0BB+K64Gw//2KPx0Q8Fkhq2
-I97V8SRpqds78PJHzhfuZNs/AUFpFXnYHJyO2Q63Btq2aoTMQyoLDRBBxin70II2
-6Cjh3k6EhMY+HuYS1AjfI8cDQw289asJBLa6zPoD0VGaGNfCSrOzxrUqfhIoOkuY
-W7rOIsK6rSSu1neSKQIiOLVjQxifxrQIIKTQhRiSplgD9LUCAwEAAaNTMFEwHQYD
-VR0OBBYEFADK74w4AGeETK72k/htsnol9ye0MB8GA1UdIwQYMBaAFADK74w4AGeE
-TK72k/htsnol9ye0MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
-AKElv0xx95lD2leXEOfD6DKakrzuE8lONmcrkfjehTOd7jbqblnj8u1DCWytwB8P
-gEr5FXve0iy7avGoNkU33MufbbQokAMoTs/IA+rwMfv0unupT1aYN8TTEXJJ100j
-MXBsq/PvNkBNwkBcXjYHHsVjdM3bptbaw9A4V9opfMjQXAY5wuk3rBBm8On2rJKy
-Qksh/uLoe8wbZ5dvLv9oc9sRpIilaSy8TcbrHkDIaWA5WCdVFfcayDGYdjhCYLGW
-tj/48g0THvJv6JvVYwFJqTM690YUSlxaOHQE2ZneLytocVyAdEL2MMldRezvtI1z
-1OXOia2G7koNYtS7cD8G1IM=
------END CERTIFICATE-----

self-signed-certificates/example.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSWvTnKAlvpno/
-KgzAgkxp6jALlKgSI9cGS4DnU+Ax64qtbyotSS7A2ZGHpKwqv7H1qPe5A17HSumD
-ePprmuRDeHExt5kqWpfkYC03NhzChxX4Mz8yDf5+QBKs3VWW+Y9D9y6FDR+vOwJa
-ZVtAQfiuuBsP/9ij8dEPBZIatiPe1fEkaanbO/DyR84X7mTbPwFBaRV52BycjtkO
-twbatmqEzEMqCw0QQcYp+9CCNugo4d5OhITGPh7mEtQI3yPHA0MNvPWrCQS2usz6
-A9FRmhjXwkqzs8a1Kn4SKDpLmFu6ziLCuq0krtZ3kikCIji1Y0MYn8a0CCCk0IUY
-kqZYA/S1AgMBAAECggEARqfQjPgwuzTi6OZ55AugGQ9VVf53uagaKH4h7RGKQ5pH
-OVwWgaGMN7CcpkAUqEM9RjOcCaPtKOmrp8Jx8sTTGSqScs2lf8lwLYB0j4/4dwqi
-wXyNJIX4znU9EJ1Di3OFwKF9Gam/077xWmWjEeFW43DpfiVEokSuIOqRGbHGOKlt
-2ygHJu+rmPapEPyYqSWQnAkYX0DW/KCAGiyIAqph/SgrCDTdsxbNOa2OwDygPC54
-7xW0yCduvgFLh9bxedF8iifzRkPw710cxyqVsYwHiwugDgxL4NiK1DlWbpBimab5
-ocye9+ElymMZ8DTjpA85cXny/TtoqJfqTs1YGYgrvQKBgQDwHnAcY0BjQ4o+ZneG
-oqBJeQ8KCMRU4pEIa5QOOeUr46gtiPIfcFh/BJUHQ61qk7gcJj5BV2GXNS7+m+sU
-RC3Usblm9twwxZn7mfoOk4z9NEfBI2MXmbB8ARjAQBCost+3KQAoSIL1AyDKiAlY
-2JfMt+73+kwUsg7b9g0pYIfn/wKBgQDgRJPlSIxJs2mbjzUwVBAeslct2W0dehrh
-V0sXPxEhJHWX6P343vLqRHRsKgqhbU/vy+3JrIS9ftwGKcmb+Y9EJgYrR+D3ZYzs
-idSOsunSspJgbCG5mHE1VQhr8IpHeCkuSt22aFErLfsjzXWZIewK2tqZN1QUjdc5
-EJHOD4UDSwKBgFYRYvgZ72NlOzFAw0kkE7YiSWy8Vbtjdr8A6JHs2KNRt9+Sfc8d
-Eut8dfqjnI5eIpkccCY1rwpnCtBCjRG3moHprl4k0Co/OgGAYKxG4TuFOM8W4xb7
-hNH+BqQqko4Vh7D8Zk0KKL6v/1n5RvhssoSzzVlfg1PLux3G5VLWggB7AoGAAP/N
-OORN27Y07kCBGCoHuFtLECU72znEDOT6rKvXQ7KJ45diKk2z/182tZSqX3XBOWxL
-Lu7Z2I5MJKri/xLplIAm3uJ/GhsVuagTjl81s36gMFXLAKyxNG+gjfqQYykh5dbn
-jfyBABRAXjR4JaqFBrda6fvZIA5RuytbuvNOwGkCgYAUs82tDGLiqyMPd2jgYS3k
-aL62f0TLKHjmTCmRca7IqXbqcMbAj+LgAHI2HfCfjc4KWd68ZGRLcpDlehMcis1f
-PQi3HW+2b9dAZX6+HAIGiVem//ckYXgUza4MMosh0hXquGs1yJ/VNWC+HPIHrj6X
-9tvvvHnGKav329q/Z/8K/A==
------END PRIVATE KEY-----

src/Bouncer.php

@@ -8,16 +8,19 @@ use AdamBrett\ShellWrapper\Command\Builder as CommandBuilder;
 use AdamBrett\ShellWrapper\Runners\Exec;
 use Aws\S3\S3Client;
 use Bouncer\Logger\AbstractLogger;
+use Bouncer\Logger\Formatter;
+use Bouncer\Logger\Logger;
+use Bouncer\Settings\Settings;
 use GuzzleHttp\Client as Guzzle;
 use GuzzleHttp\Exception\ConnectException;
+use GuzzleHttp\Exception\GuzzleException;
 use GuzzleHttp\Exception\ServerException;
 use League\Flysystem\AwsS3V3\AwsS3V3Adapter;
 use League\Flysystem\FileAttributes;
 use League\Flysystem\Filesystem;
 use League\Flysystem\FilesystemException;
 use League\Flysystem\Local\LocalFilesystemAdapter;
-use Bouncer\Logger\Logger;
+use Monolog\Processor;
-use Bouncer\Logger\Formatter;
 use Spatie\Emoji\Emoji;
 use Symfony\Component\Yaml\Yaml;
 use Twig\Environment as Twig;
@@ -25,9 +28,6 @@ use Twig\Error\LoaderError;
 use Twig\Error\RuntimeError;
 use Twig\Error\SyntaxError;
 use Twig\Loader\FilesystemLoader as TwigLoader;
-use GuzzleHttp\Exception\GuzzleException;
-use Monolog\Processor;
-use Bouncer\Settings\Settings;
 
 class Bouncer
 {
@@ -186,6 +186,7 @@ class Bouncer
     public function findContainersContainerMode(): array
     {
         $bouncerTargets = [];
+        $this->logger->warning('Interrogating CONTAINERS for BOUNCER_* environment variables.', ['emoji' => Emoji::magnifyingGlassTiltedLeft()]);
 
         $containers = json_decode($this->docker->request('GET', 'containers/json')->getBody()->getContents(), true);
         foreach ($containers as $container) {
@@ -210,6 +211,8 @@ class Bouncer
             }
             // If BOUNCER_IGNORE is set, skip this service.
             if (isset($envs['BOUNCER_IGNORE'])) {
+                $this->logger->warning('Container {container_name} has BOUNCER_IGNORE set, skipping.', ['emoji' => Emoji::warning() . ' ', 'container_name' => $container['Name']]);
+
                 continue;
             }
 
@@ -262,16 +265,19 @@ class Bouncer
             }
         }
 
+        $this->logger->warning('Interrogating CONTAINERS for BOUNCER_* environment variables found {count} containers.', ['emoji' => Emoji::magnifyingGlassTiltedLeft(), 'count' => count($validBouncerTargets)]);
+
         return $validBouncerTargets;
     }
 
     public function findContainersSwarmMode(): array
     {
+        $this->logger->warning('Interrogating SERVICES for BOUNCER_* environment variables.', ['emoji' => Emoji::magnifyingGlassTiltedLeft()]);
         $bouncerTargets = [];
         $services       = json_decode($this->docker->request('GET', 'services')->getBody()->getContents(), true);
 
         if (isset($services['message'])) {
-            $this->logger->debug('Something happened while interrogating services.. This node is not a swarm node, cannot have services: {message}', ['emoji' => Emoji::warning() . ' Bouncer.php', 'message' => $services['message']]);
+            $this->logger->debug('Something happened while interrogating services.. This node is not a swarm node, cannot have services: {message}', ['emoji' => Emoji::warning() . ' ', 'message' => $services['message']]);
         } else {
             foreach ($services as $service) {
                 $envs = [];
@@ -283,6 +289,7 @@ class Bouncer
                 ) {
                     continue;
                 }
+
                 // Parse all the environment variables and store them in an array.
                 foreach ($service['Spec']['TaskTemplate']['ContainerSpec']['Env'] as $env) {
                     [$envKey, $envVal] = explode('=', $env, 2);
@@ -291,12 +298,18 @@ class Bouncer
                     }
                 }
                 ksort($envs);
+
                 // If there are no BOUNCER_* environment variables, skip this service.
                 if (count($envs) == 0) {
+                    $this->logger->debug('Service {service_name} has no BOUNCER_* envs set, skipping.', ['emoji' => Emoji::ghost() . ' ', 'service_name' => $service['Spec']['Name']]);
+
                     continue;
                 }
+
                 // if BOUNCER_IGNORE is set, skip this service.
                 if (isset($envs['BOUNCER_IGNORE'])) {
+                    $this->logger->debug('Service {service_name} has BOUNCER_IGNORE set, skipping.', ['emoji' => Emoji::warning() . ' ', 'service_name' => $service['Spec']['Name']]);
+
                     continue;
                 }
 
@@ -325,7 +338,7 @@ class Bouncer
                         $bouncerTarget->setEndpoints(['172.17.0.1']);
                         $bouncerTarget->setPort(intval($service['Endpoint']['Ports'][0]['PublishedPort']));
                     } else {
-                        $this->logger->warning('{label}: ports block missing for {target_name}. Try setting BOUNCER_TARGET_PORT.', ['emoji' => Emoji::warning() . ' Bouncer.php', 'label' => $bouncerTarget->getLabel(), 'target_name' => $bouncerTarget->getName()]);
+                        $this->logger->warning('{label}: ports block missing for {target_name}. Try setting BOUNCER_TARGET_PORT.', ['emoji' => Emoji::warning() . ' ', 'label' => $bouncerTarget->getLabel(), 'target_name' => $bouncerTarget->getName()]);
                         \Kint::dump(
                             $bouncerTarget->getId(),
                             $bouncerTarget->getLabel(),
@@ -344,6 +357,10 @@ class Bouncer
                             unset($bouncerTarget);
                         }
                     }
+
+                    if (isset($bouncerTarget)) {
+                        $bouncerTargets[] = $bouncerTarget;
+                    }
                 }
             }
         }
@@ -364,13 +381,16 @@ class Bouncer
                 );
             }
         }
+        $this->logger->debug('There are {count} bouncer targets, of which {validCount} are valid', ['count' => count($bouncerTargets), 'validCount' => count($validBouncerTargets)]);
+
+        $this->logger->warning('Interrogating SERVICES for BOUNCER_* environment variables found {count} services.', ['emoji' => Emoji::magnifyingGlassTiltedLeft(), 'count' => count($validBouncerTargets)]);
 
         return $validBouncerTargets;
     }
 
     public function run(): void
     {
-        $this->logger->info('Starting Bouncer. Built {build_id} on {build_date}, {build_ago}', ['emoji' => Emoji::redHeart() . ' Bouncer.php', 'build_id' => $this->settings->get('build/id'), 'build_date' => $this->settings->get('build/date')->toDateTimeString(), 'build_ago' => $this->settings->get('build/date')->ago()]);
+        $this->logger->info('Starting Bouncer. Built {build_id} on {build_date}, {build_ago}', ['emoji' => Emoji::redHeart() . ' ', 'build_id' => $this->settings->get('build/id'), 'build_date' => $this->settings->get('build/date')->toDateTimeString(), 'build_ago' => $this->settings->get('build/date')->ago()]);
         $this->logger->info('Build #{git_sha}: "{build_message}"', ['emoji' => Emoji::memo(), 'git_sha' => $this->settings->get('build/sha_short'), 'build_message' => $this->settings->get('build/message')]);
         $this->logger->debug(' > HTTPS Listener is on {https_port}', ['emoji' => Emoji::ship(), 'https_port' => $this->settings->get('bouncer/https_port')]);
         $this->logger->debug(' > HTTP Listener is on {http_port}', ['emoji' => Emoji::ship(), 'http_port' => $this->settings->get('bouncer/http_port')]);
@@ -586,7 +606,7 @@ class Bouncer
         $containerStateDiff = $this->diff($this->previousContainerState, $newContainerState);
         if (!$isTainted && !empty($containerStateDiff)) {
             if ($this->settings->if('logger/show_state_deltas')) {
-                $this->logger->warning('Container state has changed', ['emoji' => Emoji::warning() . ' Bouncer.php']);
+                $this->logger->warning('Container state has changed', ['emoji' => Emoji::warning() . ' ']);
                 echo $containerStateDiff;
             }
             $isTainted = true;
@@ -598,7 +618,7 @@ class Bouncer
         if ($this->isSwarmMode()) {
             $services = json_decode($this->docker->request('GET', 'services')->getBody()->getContents(), true);
             if (isset($services['message'])) {
-                $this->logger->warning('Something happened while interrogating services.. This node is not a swarm node, cannot have services: {message}', ['emoji' => Emoji::warning() . ' Bouncer.php', 'message' => $services['message']]);
+                $this->logger->warning('Something happened while interrogating services.. This node is not a swarm node, cannot have services: {message}', ['emoji' => Emoji::warning() . ' ', 'message' => $services['message']]);
             } else {
                 foreach ($services as $service) {
                     $name                 = $service['Spec']['Name'];
@@ -626,7 +646,7 @@ class Bouncer
         $swarmStateDiff = $this->diff($this->previousSwarmState, $newSwarmState);
         if ($this->isSwarmMode() && !$isTainted && !empty($swarmStateDiff)) {
             if ($this->settings->if('logger/show_state_deltas')) {
-                $this->logger->warning('Swarm state has changed', ['emoji' => Emoji::warning() . ' Bouncer.php']);
+                $this->logger->warning('Swarm state has changed', ['emoji' => Emoji::warning() . ' ']);
                 echo $swarmStateDiff;
             }
             $isTainted = true;
@@ -662,7 +682,7 @@ class Bouncer
         } catch (ServerException $exception) {
             $this->setSwarmMode(false);
         } catch (ConnectException $exception) {
-            $this->logger->critical('Unable to connect to docker socket!', ['emoji' => Emoji::warning() . ' Bouncer.php']);
+            $this->logger->critical('Unable to connect to docker socket!', ['emoji' => Emoji::warning() . ' ']);
             $this->logger->critical($exception->getMessage());
 
             exit(1);
@@ -670,6 +690,7 @@ class Bouncer
 
         $this->logger->debug(' > Swarm mode is {enabled}.', ['emoji' => Emoji::honeybee(), 'enabled' => $this->isSwarmMode() ? 'enabled' : 'disabled']);
 
+        /** @var Target[] $targets */
         $targets = array_values(
             array_merge(
                 $this->findContainersContainerMode(),
@@ -677,6 +698,10 @@ class Bouncer
             )
         );
 
+        foreach ($targets as $target) {
+            $this->logger->info('Found target {target}', ['emoji' => Emoji::magnifyingGlassTiltedLeft(), 'target' => $target->getName()]);
+        }
+
         // Use some bs to sort the targets by domain from right to left.
         $sortedTargets = [];
         foreach ($targets as $target) {
@@ -702,7 +727,7 @@ class Bouncer
         }
 
         if ($this->isTestMode()) {
-            $this->logger->info('Test mode enabled, not restarting nginx. Infact, I\'ll die now..', ['emoji' => Emoji::warning() . ' Bouncer.php']);
+            $this->logger->info('Test mode enabled, not restarting nginx. Infact, I\'ll die now..', ['emoji' => Emoji::warning() . ' ']);
             $this->dumpConfigs();
 
             exit(0);
@@ -818,15 +843,15 @@ class Bouncer
                     'file'       => $target->getNginxConfigFileName(),
                     'config_dir' => Bouncer::FILESYSTEM_CONFIG_DIR,
                 ];
-                $this->logger->info('Created {label}', $context + ['emoji' => Emoji::pencil() . ' Bouncer.php']);
+                $this->logger->info('Created {label}', $context + ['emoji' => Emoji::pencil() . ' ']);
-                $this->logger->debug('  -> {config_dir}/{file}', $context + ['emoji' => Emoji::pencil() . ' Bouncer.php']);
+                $this->logger->debug('  -> {config_dir}/{file}', $context + ['emoji' => Emoji::pencil() . ' ']);
-                $this->logger->debug('  -> {domain}', $context + ['emoji' => Emoji::pencil() . ' Bouncer.php']);
+                $this->logger->debug('  -> {domain}', $context + ['emoji' => Emoji::pencil() . ' ']);
                 $this->logger->critical('{label} cert type is {cert_type}', $context + ['emoji' => Emoji::catFace(), 'cert_type' => $target->getTypeCertInUse()->name]);
             }
         } else {
-            $this->logger->info('More than {num_max} Nginx configs generated.. Too many to show them all!', ['emoji' => Emoji::pencil() . ' Bouncer.php', 'num_max' => $this->getMaximumNginxConfigCreationNotices()]);
+            $this->logger->info('More than {num_max} Nginx configs generated.. Too many to show them all!', ['emoji' => Emoji::pencil() . ' ', 'num_max' => $this->getMaximumNginxConfigCreationNotices()]);
         }
-        $this->logger->info('Updated {num_created} Nginx configs, {num_changed} changed..', ['emoji' => Emoji::pencil() . ' Bouncer.php', 'num_created' => count($targets), 'num_changed' => count($changedTargets)]);
+        $this->logger->info('Updated {num_created} Nginx configs, {num_changed} changed..', ['emoji' => Emoji::pencil() . ' ', 'num_created' => count($targets), 'num_changed' => count($changedTargets)]);
 
         $this->pruneNonExistentConfigs($targets);
     }
@@ -949,13 +974,13 @@ class Bouncer
             $command->addFlag('n');
             $command->addFlag('m', $this->environment['BOUNCER_LETSENCRYPT_EMAIL']);
             $command->addArgument('agree-tos');
-            $this->logger->info('Generating letsencrypt for {target_name} - {command}', ['emoji' => Emoji::pencil() . ' Bouncer.php', 'target_name' => $target->getName(), 'command' => $command->__toString()]);
+            $this->logger->info('Generating letsencrypt for {target_name} - {command}', ['emoji' => Emoji::pencil() . ' ', 'target_name' => $target->getName(), 'command' => $command->__toString()]);
             $shell->run($command);
 
             if ($shell->getReturnValue() == 0) {
                 $this->logger->info('Generating successful', ['emoji' => Emoji::partyPopper()]);
             } else {
-                $this->logger->critical('Generating failed!', ['emoji' => Emoji::warning() . ' Bouncer.php']);
+                $this->logger->critical('Generating failed!', ['emoji' => Emoji::warning() . ' ']);
             }
 
             // Re-enable nginx tweaks
@@ -977,7 +1002,7 @@ class Bouncer
         $shell   = new Exec();
         $command = new CommandBuilder('/usr/sbin/nginx');
         $command->addFlag('s', 'reload');
-        $this->logger->info('Restarting nginx', ['emoji' => Emoji::timerClock() . ' Bouncer.php']);
+        $this->logger->info('Restarting nginx', ['emoji' => Emoji::timerClock() . '  ']);
         $nginxRestartOutput = $shell->run($command);
         $this->logger->debug('Nginx restarted {restart_output}', ['restart_output' => $nginxRestartOutput, 'emoji' => Emoji::partyPopper()]);
     }
@@ -990,7 +1015,7 @@ class Bouncer
                 if ($file['path'] == 'default.conf') {
                     continue;
                 }
-                $this->logger->info('Dumping {file}', ['emoji' => Emoji::pencil() . ' Bouncer.php', 'file' => $file['path']]);
+                $this->logger->info('Dumping {file}', ['emoji' => Emoji::pencil() . ' ', 'file' => $file['path']]);
                 echo $this->configFilesystem->read($file['path']);
             }
         }