feat(ci): add default config & htpasswd for local testing

.dockerignore

@@ -1 +1,2 @@
-docker
+ci
+!ci/htpasswd

.github/workflows/ci.yml

@@ -44,7 +44,7 @@ jobs:
         uses: docker/[email protected]
         with:
           context: "."
-          file: "./docker/lcp/Dockerfile"
+          file: "./ci/lcp/Dockerfile"
           push: ${{ github.event_name != 'pull_request' }} # Don't push on PR
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -11,6 +11,9 @@ debug
 *.exe
 *.yaml
 !test/config.yaml
+!test/config.localhost.yaml
+!ci/htpasswd
+!ci/*.yaml
 **/manage/config.js
 frontend/manage/node_modules/*
 frontend/manage/dist/*

ci/README.md

@@ -0,0 +1,34 @@
+# CI setup for Readium LCP
+
+This folder contains the CI setup for Readium LCP. It contains Dockerfiles for each server component and a Helm chart for easy kubernetes deployment.
+
+## Dockerfiles
+Simple Dockerfile which contains all executables and a localhost config for testing.
+
+The only difference between LCP and LSD images is which executable is run.
+They are defined in the same Dockerfile using the following stage targets:
+* runtime-lcp
+* runtime-lsd
+
+## Build and run LCP & LSD servers
+To test LCP server components locally, simply run this command:
+```
+docker compose up -d
+```
+
+## Placeholders
+
+### config.localhost.yaml
+Simple config for local testing. Assumes you will expose ports 8989-8990 on 127.0.0.1.
+
+### htpasswd
+Placeholder htpasswd is just `admin` as username and `Test1234` as password.
+
+## Overriding with volumes
+
+You should not run the default config in production. To change the config, simply use volume mounts to override the following files:
+* `/app/config.yaml`
+* `/app/htpasswd`
+* `/app/certs`
+
+Basically the config.yaml decides the location of all other files and which ports to use, so modify it wisely.

ci/build.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Helper script for building all images for multiple architectures
+# NOTE: May not be possible on all types of machines
+docker buildx bake --set *.platform=linux/amd64,linux/arm64

docker/docker-compose.yml → ci/docker-compose.yml

@@ -3,28 +3,25 @@ services:
     restart: unless-stopped
     build:
       context: ../
-      dockerfile: docker/lcp/Dockerfile
+      dockerfile: ci/lcp/Dockerfile
+      target: runtime-lcp
     image: ghcr.io/notalib/readium-lcp-server/lcpserver:${TAG:-latest}
     #environment:
     volumes:
-      - ./config.yaml:/app/config.yaml
       - ./htpasswd:/app/htpasswd
-      - ./cert:/app/cert
       # i18n ?
     ports:
       - 8989
   lsdserver:
     restart: unless-stopped
     build:
       context: ../
-      dockerfile: docker/lcp/Dockerfile
+      dockerfile: ci/lcp/Dockerfile
+      target: runtime-lsd
     image: ghcr.io/notalib/readium-lcp-server/lsdserver:${TAG:-latest}
-    command: ["/app/lsdserver"]
     #environment:
     volumes:
-      - ./config.yaml:/app/config.yaml
       - ./htpasswd:/app/htpasswd
-      - ./cert:/app/cert
       # i18n ?
     ports:
       - 8990

ci/htpasswd

@@ -0,0 +1 @@
+admin:$2y$10$6zTy35TyLjpvcYRudYOoWeI7TxaHyIFMDUb3VFQU3Bjz7Z5q5hXzO

ci/lcp/Dockerfile

@@ -0,0 +1,49 @@
+###############
+# Build image #
+###############
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine as builder
+
+WORKDIR /lcp
+
+COPY . /lcp/.
+
+ENV GOPATH=/lcp/build
+
+RUN apk add build-base
+
+# Needed for sqlite3 lib
+ENV CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
+
+RUN CGO_ENABLED=1 go build -o $GOPATH/bin/ ./lcpserver
+RUN go build -o $GOPATH/bin/ ./lsdserver
+RUN go build -o $GOPATH/bin/ ./lcpencrypt
+
+#######################
+# Runtime image (LCP) #
+#######################
+FROM alpine:latest as runtime-lcp
+LABEL org.opencontainers.image.source https://github.com/notalib/readium-lcp-server
+WORKDIR /app
+
+RUN mkdir -p /data/db && \
+    mkdir -p /data/files
+
+# Copy over all bins, CMD can be changed at runtime.
+COPY --from=builder /lcp/build/bin /app
+
+# Copy in default localhost config and certs (override with volume-mapping at runtime).
+COPY test/cert /app/cert
+COPY test/config.localhost.yaml /app/config.yaml
+
+# Mounted config.yaml decides which ports to use. This is just the default from test config.
+EXPOSE 8989
+
+CMD ["/app/lcpserver"]
+
+#######################
+# Runtime image (LSD) #
+#######################
+FROM runtime-lcp as runtime-lsd
+
+EXPOSE 8990
+CMD ["/app/lsdserver"]

test/config.localhost.yaml

@@ -0,0 +1,86 @@
+# Test configuration for lcpserver and lsdserver.
+# It is meant to be used as a quick-start setup.
+#
+# Replace every occurence of <LCP_SERVER>:<PORT> by the License Server host name or IP address + port.
+# Replace every occurence of <LSD_SERVER> by the Status Server host name.
+# Replace every occurence of <GATEWAY> by the License Gateway host name.
+# Replace every occurence of <LCP_HOME> by the absolute path to the folder hosting every file associated with the LCP service.
+
+# Shared configuration
+
+# The usernames and passwords must match the ones in the htpasswd files for each server.
+lcp_update_auth:
+    # login and password used by the Status Server to access the License Server
+    username: "admin"
+    password: "Test1234"
+
+lsd_notify_auth:
+    # login and password used by the License Server to access the Status Server
+    username: "admin"
+    password: "Test1234"
+
+# LCP Server
+
+profile: "basic"
+lcp:
+    host: "127.0.0.1"
+    # the public url a client app will use to access the License Server (optional)
+    public_base_url:  "http://127.0.0.1:8989"
+    # the port on which the License Server will be running
+    port: 8989
+    # replace this dsn if you're not using SQLite
+    database: "sqlite3://file:/data/db/lcp.sqlite?cache=shared&mode=rwc"
+    # authentication file of the License Server. Here we use the same file for the License Server and Status Server
+    auth_file: "/app/htpasswd"
+# uncomment if lcpencrypt does not manage the storage of encrypted publications
+storage:
+   filesystem:
+       directory: "/data/files/storage"
+certificate:
+    # theses test certificates are provided in the test/cert folder of the codebase
+    cert: "/app/cert/cert-edrlab-test.pem"
+    private_key: "/app/cert/privkey-edrlab-test.pem"
+license:
+    links:
+        # leave the url as-is (after <LSD_SERVER> has been resolved)
+        status: "http://localhost:8990/licenses/{license_id}/status"
+        # the url of a REAL html page, that indicates how the user can get back his passphrase if forgotten
+        hint: "https://localhost/lcp-hint"
+
+
+# LSD Server
+
+lsd:
+    host: "127.0.0.1"
+    # the public url a client app will use to access the Status Server
+    public_base_url:  "http://127.0.0.1:8990"
+    # the port on which the Status Server will be running
+    port: 8990
+    # replace this dsn if you're not using SQLite
+    database: "sqlite3:///data/db/lsd.sqlite?cache=shared&mode=rwc"
+    # authentication file of the Status Server. Here we use the same file for the License Server and Status Server
+    auth_file: "/app/htpasswd"
+    # in this example, the License Gateway is developed so that adding a license id
+    # to the host name gives access to a fresh license.
+    # Keep {license_id} as-is; this is a template.
+    # Read the doc to know more about how to develop a License Gateway.
+    license_link_url: "http://localhost:8990/{license_id}"
+license_status:
+    register: true
+    # uncomment the lines below if you're allowing e-lending
+    renew: true
+    return: true
+    renting_days: 30
+    renew_days: 7
+
+# Testing Frontend (not used yet)
+
+frontend:
+    host: "127.0.0.1"
+    port: 8991
+    database: "sqlite3://file:/data/db/frontend.sqlite?cache=shared&mode=rwc"
+    master_repository: "/data/files/master"
+    encrypted_repository: "/data/files/encrypted"
+    provider_uri: "https://localhost/download/"
+    right_print: 10
+    right_copy: 2000