Merge remote-tracking branch 'upstream/4.x' into 4.x

# Conflicts:
#	composer.json
#	config/app.php
#	templates/layout/default.php

.gitattributes

@@ -14,6 +14,7 @@
 *.jpeg binary
 *.gif binary
 *.webp binary
+*.avif binary
 *.ico binary
 *.mo binary
 *.pdf binary
@@ -22,6 +23,7 @@
 *.phar binary
 *.woff binary
 *.woff2 binary
+*.ttc binary
 *.ttf binary
 *.otf binary
 *.eot binary

.github/workflows/ci.yml

@@ -9,21 +9,22 @@ on:
   pull_request:
     branches:
       - '*'
+  workflow_dispatch:
 
 permissions:
   contents: read
 
 jobs:
   testsuite:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['7.4', '8.0', '8.1']
+        php-version: ['7.4', '8.0', '8.1', '8.2']
     name: PHP ${{ matrix.php-version }}
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
@@ -34,11 +35,7 @@ jobs:
 
     - name: Composer install
       run: |
-        if [[ ${{ matrix.php-version }} == '8.1' ]]; then
-          composer update --ignore-platform-reqs
-        else
-          composer update
-        fi
+        composer update
         composer run-script post-install-cmd --no-interaction
 
     - name: Run PHPUnit
@@ -49,41 +46,26 @@ jobs:
         DATABASE_TEST_URL: sqlite://./testdb.sqlite
 
   coding-standard:
-    name: Coding Standard
-    runs-on: ubuntu-18.04
+    name: Coding Standard & Static Analysis
+    runs-on: ubuntu-22.04
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
       with:
         php-version: '7.4'
         extensions: mbstring, intl
         coverage: none
+        tools: cs2pr, phpstan:1
 
     - name: Composer install
       run: composer install
 
     - name: Run PHP CodeSniffer
-      run: composer cs-check
-
-  static-analysis:
-    name: Static Analysis
-    runs-on: ubuntu-18.04
-
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Setup PHP
-      uses: shivammathur/setup-php@v2
-      with:
-        php-version: '7.4'
-        extensions: mbstring, intl
-        coverage: none
-
-    - name: Composer install
-      run: composer require --dev phpstan/phpstan:^1.0.0
+      run: vendor/bin/phpcs --report=checkstyle | cs2pr
 
     - name: Run phpstan
-      run: vendor/bin/phpstan
+      if: always()
+      run: phpstan

.github/workflows/stale.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@v8
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. Remove the `stale` label or comment or this will be closed in 15 days'

.gitignore

@@ -60,3 +60,5 @@ yarn-error.log
 # PHP Intel
 .phpintel
 *.mwb.bak
+/cron.d/*
+/ansible/roles/crontab/templates/*.txt

README.md

@@ -42,7 +42,7 @@ automated upgrades, so you have to do any updates manually.
 
 ## Configuration
 
-Read and edit the environment specific `config/app_local.php` and setup the 
+Read and edit the environment specific `config/app_local.php` and set up the
 `'Datasources'` and any other configuration relevant for your application.
 Other environment agnostic settings can be changed in `config/app.php`.
 

Vagrantfile

@@ -4,6 +4,10 @@ def fail_with_message(msg)
   fail Vagrant::Errors::VagrantError.new, msg
 end
 
+def is_arm64()
+  `uname -m` == "arm64" || `/usr/bin/arch -64 sh -c "sysctl -in sysctl.proc_translated"`.strip() == "0"
+end
+
 config_path = __dir__
 config_file = File.join(config_path, 'vagrant.yml')
 
@@ -21,14 +25,18 @@ Vagrant.configure("2") do |config|
   config.hostmanager.include_offline = true
 
   config.vm.define settings['name'] do |node|
-    node.vm.box = settings['box']
 
-    node.vm.provider "vmware_fusion" do |v, override|
-      v.vmx["memsize"] = settings['memory']
-      v.vmx["numvcpus"] = settings['cpus']
-      v.whitelist_verified = true
-      v.ssh_info_public = true
-      v.port_forward_network_pause = 10
+    if is_arm64()
+      node.vm.box = settings['arm64_box']
+    else
+      node.vm.box = settings['box']
+    end
+
+    node.vm.provider "parallels" do |prl|
+      prl.name = settings['vm_name']
+      prl.memory = settings['memory']
+      prl.cpus = settings['cpus']
+      prl.linked_clone = false
     end
 
     node.vm.provider "virtualbox" do |v, override|
@@ -38,9 +46,18 @@ Vagrant.configure("2") do |config|
       v.customize ["modifyvm", :id, "--cpus", settings['cpus']]
     end
 
-    # Prefer vmware_fusion over virtualbox
-    node.vm.provider "vmware_fusion"
+    node.vm.provider "vmware_fusion" do |v, override|
+      v.vmx["memsize"] = settings['memory']
+      v.vmx["numvcpus"] = settings['cpus']
+      v.whitelist_verified = true
+      v.ssh_info_public = true
+      v.port_forward_network_pause = 10
+    end
+
+    # preference
+    node.vm.provider "parallels"
     node.vm.provider "virtualbox"
+    node.vm.provider "vmware_fusion"
 
     node.vm.network "private_network", type: "dhcp"
     node.vm.hostname = settings['hostname']
@@ -55,7 +72,7 @@ Vagrant.configure("2") do |config|
     #Add any alias:
     node.hostmanager.aliases = settings['aliases']
 
-    node.vm.synced_folder ".", settings['app_path'], :nfs => true, :mount_options => ['nolock,vers=3,udp,noatime,actimeo=1']
+    node.vm.synced_folder ".", settings['app_path'], type: "nfs", nfs_udp: false, mount_options: ['nolock,noatime,actimeo=1']
 
     #Fix for Ansible bug resulting in an encoding error
     ENV['PYTHONIOENCODING'] = "utf-8"

ansible/inventories/development/group_vars/all.yml

@@ -1,4 +1,5 @@
 ---
+mysql_environment: development
 nginx_environment: development
 nginx_ssl_crt:
   - cakephp.app.local.crt
@@ -61,3 +62,7 @@ nginx_sites_available:
   - cakephp.app.local.conf
 nginx_sites_enabled:
   - cakephp.app.local.conf
+active_crontab_files:
+  development:
+    - concat/initial.tab
+    - concat/clear_tmp_files.tab

ansible/playbooks/development.yml

@@ -12,14 +12,17 @@
     app_name: "cakephp-app"
     become_alternate_user: "vagrant"
   roles:
-    - system
-    - ntp
-    - php
-    - nginx
-    - mysql
-    - memcached
-    - wkhtmltopdf
-    - nodejs
+    - {role: "system", tags: "system"}
+    - {role: "libssl", tags: "libssl"}
+    - {role: "ntp", tags: "ntp"}
+    - {role: "php", tags: "php"}
+    - {role: "nginx", tags: "nginx"}
+    - {role: "wkhtmltopdf", tags: "wkhtmltopdf"}
+    - {role: "mysql", tags: "mysql"}
+    - {role: "memcached", tags: "memcached"}
+    - {role: "nodejs", tags: "nodejs"}
+    - {role: "crontab", tags: "crontab"}
+    - {role: "mailhog", tags: "mailhog"}
   tasks:
     - name: DONT PANIC NTP and VM Should Accept Traveling to the Future by more than 1000s
       lineinfile:
@@ -29,7 +32,7 @@
 
     - name: make a symbolic link for application crontab file
       file:
-        src: "{{ app_path }}/crontab"
+        src: "{{ app_path }}/cron.d/development"
         dest: "/etc/cron.d/{{ app_name }}"
         state: link
 
@@ -53,6 +56,13 @@
       args:
         executable: /bin/bash
 
+    - name: Create CakePHP dev config from default
+      copy:
+        src: "{{ app_path }}/config/app_local.example.php"
+        dest: "{{ app_path }}/config/app_local.php"
+        remote_src: yes
+        force: no
+
     - name: Create /var/files/
       file:
         path: "/var/files/"
@@ -66,38 +76,43 @@
         name: nginx
         state: restarted
 
-    - name: restart php8.1-fpm
+    - name: restart php8.3-fpm
       service:
-        name: php8.1-fpm
+        name: php8.3-fpm
         state: restarted
 
     - name: Create MySQL vagrant user
       shell: "mysql -e \"CREATE USER IF NOT EXISTS 'vagrant'@'%' IDENTIFIED WITH mysql_native_password BY 'vagrant'\";"
       become: yes
       become_user: root
+      when: mysql_server_installed
 
     - name: Grant the MySQL vagrant user some permissions
       shell: "mysql -e \"GRANT ALL on *.* to 'vagrant'@'%'WITH GRANT OPTION\";"
       become: yes
       become_user: root
+      when: mysql_server_installed
 
     - name: Flushing the MySQL Privileges
       shell: "mysql -e \"FLUSH PRIVILEGES\";"
       become: yes
       become_user: root
+      when: mysql_server_installed
 
     - name: Create the MySQL Database for the project
       shell: "mysql -e \"CREATE DATABASE IF NOT EXISTS cakephp_app DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci;\";"
       become: yes
       become_user: root
+      when: mysql_server_installed
 
     - name: Check if app migrations have already been ran
       shell: "mysql -e \"SELECT * FROM information_schema.tables WHERE table_schema = 'cakephp_app'\";"
       become: yes
       become_user: root
-      when: mysql_installed is defined
+      when: mysql_server_installed
       register: migrationran # above query returns nothing when no tables exist
 
     - name: Run app migrations
       command: "{{ app_path }}/bin/cake migrations migrate -vvvv"
       when: migrationran.stdout == "" # stdout of the variable we just registered will be empty when no tables exist
+      ignore_errors: yes

ansible/roles/crontab/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Loop Over and Create temp Template for each desired crontab
+  template:
+    src: concat.j2
+    dest: "{{ app_path }}/ansible/roles/crontab/templates/{{ item }}.txt"
+  loop: "{{ active_crontab_files | list }}"
+
+- name: Loop Over and Create final file for each crontab file
+  template:
+    src: "{{ item }}.txt"
+    dest: "{{ app_path }}/cron.d/{{ item }}"
+  loop: "{{ active_crontab_files | list }}"

ansible/roles/crontab/templates/concat.j2

@@ -0,0 +1,4 @@
+{% for i in active_crontab_files[item] %}
+{{ lookup('file', i) }}
+
+{% endfor %}

ansible/roles/crontab/templates/concat/clear_tmp_files.tab

@@ -0,0 +1,2 @@
+# Every 30 minutes, delete tmp file uploads older than 6 hours
+*/30 * * * * root find {{ app_path }}/tmp/files/* -mmin +360 ! -name "empty" -exec rm {} \; > /dev/null 2>&1

ansible/roles/crontab/templates/concat/initial.tab

@@ -0,0 +1,4 @@
+# Generated Crontab - Check Ansible Role/Playbook
+
+TZ="America/New_York"
+MAILTO=""

ansible/roles/libssl/tasks/main.yaml

@@ -0,0 +1,19 @@
+---
+- name: 'Download libssl1.1 arm64'
+  get_url:
+    url: http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.22_arm64.deb
+    dest: /root/libssl.deb
+    force: false
+    validate_certs: no # this is fucked up
+  when: ansible_architecture == 'aarch64'
+
+- name: 'Download libssl1.1 x86_64'
+  get_url:
+    url: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.22_amd64.deb
+    dest: /root/libssl.deb
+    force: false
+    validate_certs: no # this is fucked up
+  when: ansible_architecture == 'x86_64'
+
+- name: 'Install libssl1.1'
+  command: dpkg -i /root/libssl.deb

ansible/roles/mailhog/handlers/main.yml

@@ -0,0 +1,16 @@
+---
+- name: start and enable mailhog
+  service:
+    name: mailhog
+    state: started
+    enabled: yes
+
+- name: restart mailhog
+  service:
+    name: mailhog
+    state: restarted
+
+- name: start mailhog
+  service:
+    name: mailhog
+    state: started

ansible/roles/mailhog/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: Install golang-go
+  apt:
+    pkg:
+      - golang-go
+    state: present
+    update_cache: yes
+
+- name: Install Mailhog
+  shell: "go install github.com/mailhog/MailHog@latest"
+  become: yes
+  become_user: root
+
+- name: Copy Mailhog to /usr/local/bin
+  copy:
+    src: /root/go/bin/MailHog
+    dest: /usr/local/bin/mailhog
+    owner: root
+    group: root
+    mode: 0755
+    remote_src: yes
+
+- name: Create Service File
+  template:
+    src: "mailhog.service"
+    dest: /etc/systemd/system/mailhog.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: start and enable mailhog