Issues in provision.php - All Issues - Inspection of "v7" - deployphp/deployer - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( e2875b...35ced9 )

by Anton

created 2020-09-29 20:56 UTC

recipe/provision/provision.php (2 issues)

Labels

Bug 2

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/* (c) Anton Medvedev <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Deployer;

use Deployer\Exception\GracefulShutdownException;
use function Deployer\Support\starts_with;

set('php_version', '7.4');
set('sudo_password', 'TODO');
set('env', ['DEBIAN_FRONTEND' => 'noninteractive']);

desc('Provision server with nginx, php, php-fpm');
task('provision', [
    'provision:check',
    'provision:upgrade',
    'provision:install',
    'provision:ssh',
    'provision:ssh',
    'provision:user:deployer',
    'provision:firewall',
    'provision:install:php',
    'provision:install:composer',
    'provision:config:php-cli',
    'provision:config:php-fpm',
    'provision:config:php-fpm:pool',
    'provision:config:php:sessions',
    'provision:nginx:dhparam',
    'provision:nginx',
]);

desc('Ensure what provision run as root');
task('provision:switch-user', function () {
    run('whoami');
    if (get('remote_user') !== 'root') {
        set('remote_user', 'root');
    }
});

//Deployer::get()->preTask->add('provision:*', 'provision:switch-user');

desc('Check pre-required state');
task('provision:check', function () {
    $ok = true;
    if (get('php_version') !== '7.4') {
        $ok = false;
        warning("Only php 7.4 currently supported.");
    }

    $release = run('cat /etc/os-release');
    ['NAME' => $name, 'VERSION' => $version] = parse_ini_string($release);


    if ($name !== 'Ubuntu' || !starts_with($version, '20.04 LTS')) {
        $ok = false;
        warning('Only Ubuntu 20.04 LTS supported for now.');
    }

    if (!$ok) {
        throw new GracefulShutdownException('Missing some pre-required state. Please check warnings.');
    }
});

desc('Upgrade all packages');
task('provision:upgrade', function () {
    run('apt-get update');
    run('apt-get upgrade -y');
});

desc('Install base packages');
task('provision:install', function () {
    $packages = [
        'build-essential',
        'curl',
        'fail2ban',
        'gcc',
        'git',
        'libmcrypt4',
        'libpcre3-dev',
        'make',
        'ncdu',
        'nginx',
        'pkg-config',
        'sendmail',
        'ufw',
        'unzip',
        'uuid-runtime',
        'whois',
    ];
    run('apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages ' . implode(' ', $packages));
});

desc('Configure SSH');
task('provision:ssh', function () {
    run('sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config');
    run('echo "" | sudo tee -a /etc/ssh/sshd_config');
    run('echo "" | sudo tee -a /etc/ssh/sshd_config');
    run('echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config');
    run('ssh-keygen -A');
    run('service ssh restart');
    if (test('[ ! -d /root/.ssh ]')) {
        run('mkdir -p /root/.ssh');
        run('touch /root/.ssh/authorized_keys');
    }
});

desc('Setup deployer user');
task('provision:user:deployer', function () {
    if (test('id deployer >/dev/null 2>&1')) {
        info('deployer user already exist');
    } else {
        run('useradd deployer');
        run('mkdir -p /home/deployer/.ssh');
        run('mkdir -p /home/deployer/.deployer');
        run('adduser deployer sudo');

        run('chsh -s /bin/bash deployer');
        run('cp /root/.profile /home/deployer/.profile');
        run('cp /root/.bashrc /home/deployer/.bashrc');

        $password = run('mkpasswd -m sha-512 {{sudo_password}}');
        run("usermod --password $password deployer");

        // TODO: Copy current ssh-key.
        run('echo >> /root/.ssh/authorized_keys');
        run('cp /root/.ssh/authorized_keys /home/deployer/.ssh/authorized_keys');

        run('ssh-keygen -f /home/deployer/.ssh/id_rsa -t rsa -N ""');

        run('chown -R deployer:deployer /home/deployer');
        run('chmod -R 755 /home/deployer');
        run('chmod 700 /home/deployer/.ssh/id_rsa');

        run('echo "deployer ALL=NOPASSWD: /usr/sbin/service php-fpm reload" > /etc/sudoers.d/php-fpm');

        run('usermod -a -G www-data deployer');
        run('id deployer');
        run('groups deployer');
    }
});

desc('Setup firewall');
task('provision:firewall', function () {
    run('ufw allow 22');
    run('ufw allow 80');
    run('ufw allow 443');
    run('ufw --force enable');
});

desc('Install PHP packages');
task('provision:install:php', function () {
    $packages = [
        "php-bcmath",
        "php-cli",
        "php-curl",
        "php-dev",
        "php-fpm",
        "php-fpm",
        "php-gd",
        "php-imap",
        "php-intl",
        "php-mbstring",
        "php-mysql",
        "php-pgsql",
        "php-readline",
        "php-soap",
        "php-sqlite3",
        "php-xml",
        "php-zip",
    ];
    run('apt-get install -y --force-yes ' . implode(' ', $packages));
});


desc('Install Composer');
task('provision:install:composer', function () {
    run('curl -sS https://getcomposer.org/installer | php');
    run('mv composer.phar /usr/local/bin/composer');
});

desc('Configure PHP-CLI');
task('provision:config:php-cli', function () {
    run('sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/{{php_version}}/cli/php.ini');
    run('sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/{{php_version}}/cli/php.ini');
    run('sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/{{php_version}}/cli/php.ini');
    run('sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/{{php_version}}/cli/php.ini');
});

desc('Configure PHP-FPM');
task('provision:config:php-fpm', function () {
    run('sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/{{php_version}}/fpm/php.ini');
    run('sed -i "s/display_errors = .*/display_errors = On/" /etc/php/{{php_version}}/fpm/php.ini');
    run('sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/{{php_version}}/fpm/php.ini');
    run('sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/{{php_version}}/fpm/php.ini');
    run('sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/{{php_version}}/fpm/php.ini');
});

desc('Configure FPM Pool');
task('provision:config:php-fpm:pool', function () {
    run('sed -i "s/^user = www-data/user = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
    run('sed -i "s/^group = www-data/group = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
    run('sed -i "s/;listen\.owner.*/listen.owner = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
    run('sed -i "s/;listen\.group.*/listen.group = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
    run('sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
    run('sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
});

desc('Configure php sessions directory');
task('provision:config:php:sessions', function () {
    run('chmod 733 /var/lib/php/sessions');
    run('chmod +t /var/lib/php/sessions');
});

desc('Generating DH (Diffie Hellman) key');
task('provision:nginx:dhparam', function () {
    if (test('[ -f /etc/nginx/dhparams.pem ]')) {
        info('/etc/nginx/dhparams.pem already exist');
    } else {
        info('Generating DH key, 2048 bit long safe prime');
        info('This is going to take a long time');
        run('openssl dhparam -out /etc/nginx/dhparams.pem 2048 2>/dev/null');
    }
});

desc('Install nginx & php-fpm');
task('provision:nginx', function () {
    run('systemctl enable nginx.service');

    run('sed -i "s/user www-data;/user deployer;/" /etc/nginx/nginx.conf');
    run('sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf');
    run('sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf');
    run('sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf');

    run('cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_min_length 256;

gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
EOF');

    run('cat > /etc/nginx/sites-available/default << EOF
server {
    return 404;
}
EOF');
    run('ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default');
    run('service nginx restart');

    run('service php{{php_version}}-fpm restart');
});


GitHub Access Token became invalid

Push — master ( e2875b...35ced9 )

recipe/provision/provision.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/* (c) Anton Medvedev <[email protected]>
3		*
4		* For the full copyright and license information, please view the LICENSE
5		* file that was distributed with this source code.
6		*/
7
8		namespace Deployer;
9
10		use Deployer\Exception\GracefulShutdownException;
11		use function Deployer\Support\starts_with;
12
13	8	set('php_version', '7.4');
14	8	set('sudo_password', 'TODO');
15	8	set('env', ['DEBIAN_FRONTEND' => 'noninteractive']);
16
17	8	desc('Provision server with nginx, php, php-fpm');
18	8	task('provision', [
19	8	'provision:check',
20		'provision:upgrade',
21		'provision:install',
22		'provision:ssh',
23		'provision:ssh',
24		'provision:user:deployer',
25		'provision:firewall',
26		'provision:install:php',
27		'provision:install:composer',
28		'provision:config:php-cli',
29		'provision:config:php-fpm',
30		'provision:config:php-fpm:pool',
31		'provision:config:php:sessions',
32		'provision:nginx:dhparam',
33		'provision:nginx',
34		]);
35
36	8	desc('Ensure what provision run as root');
37		task('provision:switch-user', function () {
38		run('whoami');
39		if (get('remote_user') !== 'root') {
40		set('remote_user', 'root');
41		}
42	8	});
43
44		//Deployer::get()->preTask->add('provision:*', 'provision:switch-user');
45
46	8	desc('Check pre-required state');
47		task('provision:check', function () {
48		$ok = true;
49		if (get('php_version') !== '7.4') {
50		$ok = false;
51		warning("Only php 7.4 currently supported.");
52		}
53
54		$release = run('cat /etc/os-release');
55		['NAME' => $name, 'VERSION' => $version] = parse_ini_string($release);
		0 ignored issues – show Bug introduced 2020-09-04 10:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$name` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history... Bug introduced 2020-09-04 10:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$version` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
56
57		if ($name !== 'Ubuntu' \|\| !starts_with($version, '20.04 LTS')) {
58		$ok = false;
59		warning('Only Ubuntu 20.04 LTS supported for now.');
60		}
61
62		if (!$ok) {
63		throw new GracefulShutdownException('Missing some pre-required state. Please check warnings.');
64		}
65	8	});
66
67	8	desc('Upgrade all packages');
68		task('provision:upgrade', function () {
69		run('apt-get update');
70		run('apt-get upgrade -y');
71	8	});
72
73	8	desc('Install base packages');
74		task('provision:install', function () {
75		$packages = [
76		'build-essential',
77		'curl',
78		'fail2ban',
79		'gcc',
80		'git',
81		'libmcrypt4',
82		'libpcre3-dev',
83		'make',
84		'ncdu',
85		'nginx',
86		'pkg-config',
87		'sendmail',
88		'ufw',
89		'unzip',
90		'uuid-runtime',
91		'whois',
92		];
93		run('apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages ' . implode(' ', $packages));
94	8	});
95
96	8	desc('Configure SSH');
97		task('provision:ssh', function () {
98		run('sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config');
99		run('echo "" \| sudo tee -a /etc/ssh/sshd_config');
100		run('echo "" \| sudo tee -a /etc/ssh/sshd_config');
101		run('echo "PasswordAuthentication no" \| sudo tee -a /etc/ssh/sshd_config');
102		run('ssh-keygen -A');
103		run('service ssh restart');
104		if (test('[ ! -d /root/.ssh ]')) {
105		run('mkdir -p /root/.ssh');
106		run('touch /root/.ssh/authorized_keys');
107		}
108	8	});
109
110	8	desc('Setup deployer user');
111		task('provision:user:deployer', function () {
112		if (test('id deployer >/dev/null 2>&1')) {
113		info('deployer user already exist');
114		} else {
115		run('useradd deployer');
116		run('mkdir -p /home/deployer/.ssh');
117		run('mkdir -p /home/deployer/.deployer');
118		run('adduser deployer sudo');
119
120		run('chsh -s /bin/bash deployer');
121		run('cp /root/.profile /home/deployer/.profile');
122		run('cp /root/.bashrc /home/deployer/.bashrc');
123
124		$password = run('mkpasswd -m sha-512 {{sudo_password}}');
125		run("usermod --password $password deployer");
126
127		// TODO: Copy current ssh-key.
128		run('echo >> /root/.ssh/authorized_keys');
129		run('cp /root/.ssh/authorized_keys /home/deployer/.ssh/authorized_keys');
130
131		run('ssh-keygen -f /home/deployer/.ssh/id_rsa -t rsa -N ""');
132
133		run('chown -R deployer:deployer /home/deployer');
134		run('chmod -R 755 /home/deployer');
135		run('chmod 700 /home/deployer/.ssh/id_rsa');
136
137		run('echo "deployer ALL=NOPASSWD: /usr/sbin/service php-fpm reload" > /etc/sudoers.d/php-fpm');
138
139		run('usermod -a -G www-data deployer');
140		run('id deployer');
141		run('groups deployer');
142		}
143	8	});
144
145	8	desc('Setup firewall');
146		task('provision:firewall', function () {
147		run('ufw allow 22');
148		run('ufw allow 80');
149		run('ufw allow 443');
150		run('ufw --force enable');
151	8	});
152
153	8	desc('Install PHP packages');
154		task('provision:install:php', function () {
155		$packages = [
156		"php-bcmath",
157		"php-cli",
158		"php-curl",
159		"php-dev",
160		"php-fpm",
161		"php-fpm",
162		"php-gd",
163		"php-imap",
164		"php-intl",
165		"php-mbstring",
166		"php-mysql",
167		"php-pgsql",
168		"php-readline",
169		"php-soap",
170		"php-sqlite3",
171		"php-xml",
172		"php-zip",
173		];
174		run('apt-get install -y --force-yes ' . implode(' ', $packages));
175	8	});
176
177
178	8	desc('Install Composer');
179		task('provision:install:composer', function () {
180		run('curl -sS https://getcomposer.org/installer \| php');
181		run('mv composer.phar /usr/local/bin/composer');
182	8	});
183
184	8	desc('Configure PHP-CLI');
185		task('provision:config:php-cli', function () {
186		run('sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/{{php_version}}/cli/php.ini');
187		run('sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/{{php_version}}/cli/php.ini');
188		run('sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/{{php_version}}/cli/php.ini');
189		run('sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/{{php_version}}/cli/php.ini');
190	8	});
191
192	8	desc('Configure PHP-FPM');
193		task('provision:config:php-fpm', function () {
194		run('sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/{{php_version}}/fpm/php.ini');
195		run('sed -i "s/display_errors = .*/display_errors = On/" /etc/php/{{php_version}}/fpm/php.ini');
196		run('sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/{{php_version}}/fpm/php.ini');
197		run('sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/{{php_version}}/fpm/php.ini');
198		run('sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/{{php_version}}/fpm/php.ini');
199	8	});
200
201	8	desc('Configure FPM Pool');
202		task('provision:config:php-fpm:pool', function () {
203		run('sed -i "s/^user = www-data/user = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
204		run('sed -i "s/^group = www-data/group = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
205		run('sed -i "s/;listen\.owner.*/listen.owner = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
206		run('sed -i "s/;listen\.group.*/listen.group = deployer/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
207		run('sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
208		run('sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/{{php_version}}/fpm/pool.d/www.conf');
209	8	});
210
211	8	desc('Configure php sessions directory');
212		task('provision:config:php:sessions', function () {
213		run('chmod 733 /var/lib/php/sessions');
214		run('chmod +t /var/lib/php/sessions');
215	8	});
216
217	8	desc('Generating DH (Diffie Hellman) key');
218		task('provision:nginx:dhparam', function () {
219		if (test('[ -f /etc/nginx/dhparams.pem ]')) {
220		info('/etc/nginx/dhparams.pem already exist');
221		} else {
222		info('Generating DH key, 2048 bit long safe prime');
223		info('This is going to take a long time');
224		run('openssl dhparam -out /etc/nginx/dhparams.pem 2048 2>/dev/null');
225		}
226	8	});
227
228	8	desc('Install nginx & php-fpm');
229		task('provision:nginx', function () {
230		run('systemctl enable nginx.service');
231
232		run('sed -i "s/user www-data;/user deployer;/" /etc/nginx/nginx.conf');
233		run('sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf');
234		run('sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf');
235		run('sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf');
236
237		run('cat > /etc/nginx/conf.d/gzip.conf << EOF
238		gzip_vary on;
239		gzip_proxied any;
240		gzip_comp_level 5;
241		gzip_min_length 256;
242
243		gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
244		EOF');
245
246		run('cat > /etc/nginx/sites-available/default << EOF
247		server {
248		return 404;
249		}
250		EOF');
251		run('ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default');
252		run('service nginx restart');
253
254		run('service php{{php_version}}-fpm restart');
255		});
256

deployphp / deployer

GitHub Access Token became invalid

Push — master ( e2875b...35ced9 )

recipe/provision/provision.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like