opdavies/oliverdavies.uk-drupal-old
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Re-add Ansible and DigitalOcean

Browse source
This commit is contained in:
Oliver Davies 2021-03-14 18:16:46 +00:00
parent 51db8d5609
commit ff4b027814
21 changed files with 472 additions and 312 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

126
.platform.app.yaml
View file

@ -1,126 +0,0 @@
name: 'app'
type: 'php:7.4'
variables:
env:
NODE_VERSION: v14.13.1
NVM_VERSION: v0.36.0
dependencies:
nodejs:
npm: 6.14.10
php:
composer/composer: '^2'
runtime:
extensions:
- redis
relationships:
database: 'db:mysql'
redis: 'cache:redis'
disk: 2048
mounts:
'/web/images':
source: local
source_path: 'files/images'
'/web/sites/default/files':
source: local
source_path: 'files'
'/tmp':
source: local
source_path: 'tmp'
'/private':
source: local
source_path: 'private'
'/.drush':
source: local
source_path: 'drush'
'/drush-backups':
source: local
source_path: 'drush-backups'
build:
flavor: none
hooks:
build: |
set -e
export PATH=/app/bin:$PATH
curl -sS https://platform.sh/cli/installer | php
# source ~/.environment
composer --no-ansi --no-interaction install --no-progress --prefer-dist --optimize-autoloader --no-dev
# platform sql 'SELECT body_value FROM block_content__body UNION SELECT body_value FROM node__body' > /tmp/body-field-values.txt
cd web/themes/custom/opdavies
unset NPM_CONFIG_PREFIX
export NVM_DIR="$PLATFORM_APP_DIR/.nvm"
curl -f -o- https://raw.githubusercontent.com/nvm-sh/nvm/$NVM_VERSION/install.sh | bash
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
npm clean-install
npm run production
rm -fr node_modules
unset NPM_CONFIG_PREFIX
deploy: |
set -e
export PATH=/app/bin:$PATH
drush -y cache-rebuild
drush -y updatedb
drush -y config-import
web:
locations:
'/':
root: 'web'
expires: 5m
passthru: '/index.php'
allow: false
rules:
'\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$':
allow: true
'^/robots\.txt$':
allow: true
'^/sitemap\.xml$':
allow: true
'^/sites/sites\.php$':
scripts: false
'^/sites/[^/]+/settings.*?\.php$':
scripts: false
'/sites/default/files':
allow: true
expires: 5m
passthru: '/index.php'
root: 'web/sites/default/files'
scripts: false
rules:
'^/sites/default/files/(css|js)':
expires: 2w
crons:
drupal:
spec: '*/19 * * * *'
cmd: 'cd web && bin/drush core-cron'
snapshot:
spec: '0 5 * * *'
cmd: |
if [ "$PLATFORM_BRANCH" = production ]; then
platform snapshot:create --yes --no-wait
fi
renewcert:
# Force a redeploy at 5am (UTC) on the 1st and 15th of every month.
spec: '0 5 1,15 * *'
cmd: |
if [ "$PLATFORM_BRANCH" = production ]; then
platform redeploy --yes --no-wait
fi

10
.platform/routes.yaml
View file

@ -1,10 +0,0 @@
"https://www.{default}/":
type: upstream
upstream: "app:http"
cache:
enabled: true
cookies: ['/^SS?ESS/', '/^Drupal.visitor/']
"https://{default}/":
type: redirect
to: "https://www.{default}/"

6
.platform/services.yaml
View file

@ -1,6 +0,0 @@
db:
type: mariadb:10.4
disk: 2048
cache:
type: redis:6.0

10
tools/ansible/ansible.cfg Normal file
View file

@ -0,0 +1,10 @@
[defaults]
bin_ansible_callbacks = True
inventory = hosts.yml
nocows = True
roles_path = .roles
stdout_callback = yaml
verbosity = 1
[ssh_connection]
pipelining = True

12
tools/ansible/deploy.yml Normal file
View file

@ -0,0 +1,12 @@
---
- hosts: web
vars_files:
- vars/vars.yml
- vars/provision_vault.yml
- vars/provision_vars.yml
- vars/deploy_vault.yml
- vars/deploy_vars.yml
roles:
- name: ansistrano.deploy

38
tools/ansible/deploy/after-update-code.yml Normal file
View file

@ -0,0 +1,38 @@
---
- name: Install Composer dependencies
composer:
command: install
optimize_autoloader: true
working_dir: '{{ ansistrano_release_path.stdout }}'
- name: Generate settings.php file
include_role:
name: opdavies.drupal_settings_files
- name: Fix file permissions
include_role:
name: drupal-permissions
- name: Clear Drush cache
command: >
{{ release_drush_path }}
cache-clear drush
chdir={{ release_web_path }}
changed_when: false
- name: Run database updates
command: >
{{ release_drush_path }}
updatedb -y
chdir={{ release_web_path }}
register: update_database_result
changed_when: "'No pending updates' not in update_database_result.stderr"
- name: Import configuration
command: >
{{ release_drush_path }} config-import -y
chdir={{ release_web_path }}
register: config_import_result
changed_when: "'There are no changes to import' not in config_import_result.stderr"
- include: ../includes/build-theme-assets.yml

6
tools/ansible/deploy/before-symlink.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Rebuild Drupal cache
command: >
{{ release_drush_path }} cache-rebuild
chdir={{ release_web_path }}
changed_when: false

9
tools/ansible/hosts.yml Normal file
View file

@ -0,0 +1,9 @@
all:
children:
web:
hosts:
138.68.145.217:
vars:
ansible_port: 2849
ansible_python_interpreter: /usr/bin/python3
ansible_user: root

19
tools/ansible/includes/build-theme-assets.yml Normal file
View file

@ -0,0 +1,19 @@
---
- name: Install theme dependencies
command: >
npm ci
chdir={{ release_theme_path }}
creates={{ release_theme_path }}/node_modules
- name: Generate front-end assets
command: >
npm run production
chdir={{ release_theme_path }}
creates={{ release_theme_path }}/dist
- name: Remove files that are no longer needed
file:
path: "{{ release_theme_path }}/{{ item }}"
state: absent
with_items:
- node_modules

3
tools/ansible/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
- import_playbook: provision.yml
- import_playbook: deploy.yml

40
tools/ansible/provision.yml Normal file
View file

@ -0,0 +1,40 @@
---
- hosts: web
vars_files:
- vars/vars.yml
- vars/provision_vault.yml
- vars/provision_vars.yml
roles:
- name: geerlingguy.firewall
- name: geerlingguy.security
- name: geerlingguy.certbot
- name: geerlingguy.nginx
- name: geerlingguy.php-versions
- name: geerlingguy.php
- name: geerlingguy.php-mysql
- name: geerlingguy.composer
- name: geerlingguy.nodejs
pre_tasks:
- name: Update apt cache
apt:
update_cache: true
cache_valid_time: 3600
tasks:
- name: Install packages
package:
name: [curl, zip]
state: present
- name: Add cron jobs
cron:
name: Drupal cron - oliverdavies.uk
minute: '*/5'
job: >
{{ project_root_path }}/{{ ansistrano_current_dir }}/bin/drush core-cron
--root={{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}
--uri https://www.oliverdavies.uk
--quiet

27
tools/ansible/requirements.yml Normal file
View file

@ -0,0 +1,27 @@
---
- name: ansistrano.deploy
version: 3.4.0
- name: ansistrano.rollback
version: 3.0.0
- name: geerlingguy.certbot
version: 3.0.3
- name: geerlingguy.composer
version: 1.9.0
- name: geerlingguy.firewall
version: 2.5.0
- name: geerlingguy.mysql
version: 3.3.0
- name: geerlingguy.nginx
version: 2.7.0
- name: geerlingguy.nodejs
version: 5.1.1
- name: geerlingguy.php
version: 3.7.0
- name: geerlingguy.php-mysql
version: 2.1.0
- name: geerlingguy.php-versions
version: 4.0.2
- name: geerlingguy.security
version: 2.0.1
- name: opdavies.drupal_settings_files
version: 0.2.0

29
tools/ansible/roles/drupal-permissions/tasks/main.yml Normal file
View file

@ -0,0 +1,29 @@
---
- name: Set the permissions for each Drupal root directory.
file:
group: www-data
mode: ug=rX,o=
owner: "{{ drupal_permissions.user }}"
path: "{{ item.root }}"
recurse: true
state: directory
with_items: "{{ drupal_permissions.sites }}"
- name: Set permissions for the defined settings files.
file:
mode: a-X
path: "{{ item.0.root }}/{{ item.1 }}"
state: file
with_subelements:
- "{{ drupal_permissions.sites }}"
- settings_files
- name: Set permissions for the defined files directories.
file:
mode: ug=rwX,o=
path: "{{ item.0.root }}/{{ item.1 }}"
recurse: true
state: directory
with_subelements:
- "{{ drupal_permissions.sites }}"
- files_directories

69
tools/ansible/vars/deploy_vars.yml Normal file
View file

@ -0,0 +1,69 @@
---
ansistrano_allow_anonymous_stats: false
ansistrano_deploy_via: git
ansistrano_deploy_to: '{{ project_root_path }}'
ansistrano_git_repo: git@github.com:opdavies/oliverdavies-uk.git
ansistrano_git_branch: production
ansistrano_keep_releases: 5
ansistrano_shared_paths:
- '{{ project_web_dir }}/sites/default/files'
# Hooks
ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml'
# ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml'
app_hash_salt: '{{ vault_app_hash_salt }}'
integromat_webhook_url: '{{ vault_integromat_webhook_url }}'
post_tweet_webhook_url: '{{ vault_post_tweet_webhook_url }}'
release_drush_path: '{{ ansistrano_release_path.stdout }}/bin/drush'
release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}'
release_theme_path: '{{ release_web_path }}/themes/custom/opdavies'
drupal_permissions:
sites:
- root: "{{ release_web_path }}"
files_directories:
- sites/default/files
settings_files:
- sites/default/settings.php
- sites/default/settings.local.php
user: root
drupal_settings:
- drupal_root: '{{ release_web_path }}'
sites:
- name: default
filename: settings.local.php
settings:
hash_salt: '{{ app_hash_salt }}'
databases:
default:
default:
database: '{{ app_mysql_database }}'
driver: mysql
host: '{{ app_mysql_host }}'
password: '{{ app_mysql_password }}'
port: '{{ app_mysql_port }}'
username: '{{ app_mysql_user }}'
trusted_hosts:
- '^www\.oliverdavies\.uk$'
extra_parameters: |
$settings['deployment_identifier'] = '{{ ansistrano_release_version }}';
$settings['config_exclude_modules'] = [
'devel',
'stage_file_proxy',
];
$config['config_split.config_split.live']['status'] = TRUE;
// Configure Cloudflare.
$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = [$_SERVER['REMOTE_ADDR']];
$settings['reverse_proxy_header'] = 'CF-Connecting-IP';
$settings['omit_vary_cookie'] = TRUE;
$config['opdavies_blog.settings']['integromat_webhook_url'] = '{{ integromat_webhook_url }}';
$config['opdavies_blog.settings']['post_tweet_webhook_url'] = '{{ post_tweet_webhook_url }}';

19
tools/ansible/vars/deploy_vault.yml Normal file
View file

@ -0,0 +1,19 @@
$ANSIBLE_VAULT;1.1;AES256
30653362663533616334373532653633363838333932666137633662313431303763646433366238
3464333531326134626361396661306130373461633536630a653637366565366462313335623561
63653563653533306436663335623961343539366566633730306638323833373261363063363538
3163326166353836300a373466646366663333353165323035613533636138383162663562343231
38353362316136316434373362633839323135666536326662643666303838393635626333373339
63313035633161626534323862346230386461363766666263323964666261636238333631393862
30383638613964313165623732383866333064366136663131396166363737653961646166663664
32346461396537663639303665646639636265646164373066633638396661323463343165633064
66653734356463656462346364336262643761323935646331363864623865316631623239616136
33616262663134323434316533303234643336616434393638393436396439346266353035343931
61336366396237653235653834396237366664303737373766323230336162303763623761633836
63326264643737333064363163353762326636646462363466343334353266303936616163326238
65313235643866323730386363656233333132633837613235643237623130383334646439303839
33383633653334643865623231333836383262303933303032653538636465663938623562336661
63643435373161666331663861646431613236646564316238623736353762303533653835383230
65306231303330376432306664623938386563646434633039313237643239316136656262346562
63313462316338656137613634343034393534646162363464373830623335353564376338623636
6630623238373438363732333834646432633435366165363066

3
tools/ansible/vars/digitalocean_vars.yml Normal file
View file

@ -0,0 +1,3 @@
---
digitalocean_api_key: '{{ vault_digitalocean_api_key }}'

10
tools/ansible/vars/digitalocean_vault.yml Normal file
View file

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
36643735336232646262626537363631353061356565346664643261663565633364323932653232
6639396262393839643437626338343930316439623633330a616566646533343063333166383136
39353532316166623361626133326135383833643030663634376464663838353064663538343162
3536373232623235620a303465306339653663306564383335643166323934393264633532616437
33313231343432643030366565313135653163363434323632613361623339643137343361643135
65666364346566356136383830366334326133633766313130653639626362366138663032653962
39386364613838646133656230356564663564633537376435336438346434633161646436623137
30666239343832663764303830616264643538346665353963383734373265663233303934666363
6461

157
tools/ansible/vars/provision_vars.yml Normal file
View file

@ -0,0 +1,157 @@
---
security_ssh_permit_root_login: 'yes'
security_ssh_port: 2849
php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
php_webserver_daemon: nginx
php_packages:
- 'php{{ php_version }}-cli'
- 'php{{ php_version }}-common'
- 'php{{ php_version }}-fpm'
- 'php{{ php_version }}-gd'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-mysql'
- 'php{{ php_version }}-pdo'
- 'php{{ php_version }}-xml'
app_mysql_database: '{{ vault_app_mysql_database }}'
app_mysql_host: '{{ vault_app_mysql_host }}'
app_mysql_password: '{{ vault_app_mysql_password }}'
app_mysql_port: '{{ vault_app_mysql_port }}'
app_mysql_user: '{{ vault_app_mysql_user }}'
mysql_packages:
- mysql-client
- python3-mysqldb
mysql_users: []
nginx_remove_default_vhost: true
nginx_server_tokens: 'off'
nginx_vhosts:
- listen: 80 default_server
server_name: oliverdavies.uk www.oliverdavies.uk
return: 301 https://www.oliverdavies.uk$request_uri
filename: www.oliverdavies.uk.80.conf
- listen: 443 ssl
server_name: oliverdavies.uk
return: 301 https://www.oliverdavies.uk$request_uri
filename: oliverdavies.uk.443.conf
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
- listen: 443 ssl default_server
server_name: www.oliverdavies.uk
root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
index: index.php index.html
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
location ~ ^/images/(.*) {
return 301 /sites/default/files/images/$1;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass localhost:9000;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
# Enforce clean URLs
if ($request_uri ~* "^(.*/)index\.php(.*)") {
return 307 $1$2;
}
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_admin_email: oliver+certbot@oliverdavies.uk
certbot_certs:
- domains:
- oliverdavies.uk
- www.oliverdavies.uk
composer_version_branch: '--1'
firewall_allowed_tcp_ports: [80, 443, 22, 2849]

17
tools/ansible/vars/provision_vault.yml Normal file
View file

@ -0,0 +1,17 @@
$ANSIBLE_VAULT;1.1;AES256
38643961326665613966373635633766616361643263616137396238663431656462636166393631
3635306262613533623337353730633434363364316361370a346333363738346430306539323133
66396266643832323630666334343664303438613566373266353236333233323166643435663561
6566623833343630350a396564333262633266636563663266613334303531393065303865343765
64353365636565373238613130356262613535363165646535346664643536313238366331636636
65613261663461323230656235356535393763653539386362356639616332376339326232643465
31393436343264316539633761636334343030636136646135313863326363326539383936353063
35323963626138386138316264303635376561353135386639353466663630633637326237346336
34306335653039316239663233616331343365336331393030306631666161666334326161326335
35353061303561626130613932356132626566353037313266626138663138343939396530313364
38666631363665326561323333326537623032333763363231653866613935636633353437633134
35623534386133363639346235356634313164656335366663326436336165643266366236626238
33306664613638323832373535376565393063336234633035663961306635363432663431613531
35346663616366653432633865663162353934376362363064303163366237663161353838373837
61353463656437303561333537303835323239613232663761323136326266666263396363376262
30646164353262316438

4
tools/ansible/vars/vars.yml Normal file
View file

@ -0,0 +1,4 @@
---
ansistrano_current_dir: current
project_root_path: /srv/oliverdavies-uk
project_web_dir: web

170
web/sites/default/settings.platformsh.php
View file

@ -1,170 +0,0 @@
<?php
/**
* @file
* Platform.sh settings.
*/
use Drupal\Core\Installer\InstallerKernel;
$platformsh = new \Platformsh\ConfigReader\Config();
// Configure the database.
if ($platformsh->hasRelationship('database')) {
$creds = $platformsh->credentials('database');
$databases['default']['default'] = [
'driver' => $creds['scheme'],
'database' => $creds['path'],
'username' => $creds['username'],
'password' => $creds['password'],
'host' => $creds['host'],
'port' => $creds['port'],
'pdo' => [PDO::MYSQL_ATTR_COMPRESS => !empty($creds['query']['compression'])]
];
}
// Enable verbose error messages on development branches, but not on the production branch.
// You may add more debug-centric settings here if desired to have them automatically enable
// on development but not production.
if (isset($platformsh->branch)) {
// Production type environment.
if ($platformsh->branch == 'master' || $platformsh->onDedicated()) {
$config['system.logging']['error_level'] = 'hide';
} // Development type environment.
else {
$config['system.logging']['error_level'] = 'verbose';
}
}
// Enable Redis caching.
if ($platformsh->hasRelationship('redis') && !InstallerKernel::installationAttempted() && extension_loaded('redis') && class_exists('Drupal\redis\ClientFactory')) {
$redis = $platformsh->credentials('redis');
// Set Redis as the default backend for any cache bin not otherwise specified.
$settings['cache']['default'] = 'cache.backend.redis';
$settings['redis.connection']['host'] = $redis['host'];
$settings['redis.connection']['port'] = $redis['port'];
// Apply changes to the container configuration to better leverage Redis.
// This includes using Redis for the lock and flood control systems, as well
// as the cache tag checksum. Alternatively, copy the contents of that file
// to your project-specific services.yml file, modify as appropriate, and
// remove this line.
$settings['container_yamls'][] = 'modules/contrib/redis/example.services.yml';
// Allow the services to work before the Redis module itself is enabled.
$settings['container_yamls'][] = 'modules/contrib/redis/redis.services.yml';
// Manually add the classloader path, this is required for the container cache bin definition below
// and allows to use it without the redis module being enabled.
$class_loader->addPsr4('Drupal\\redis\\', 'modules/contrib/redis/src');
// Use redis for container cache.
// The container cache is used to load the container definition itself, and
// thus any configuration stored in the container itself is not available
// yet. These lines force the container cache to use Redis rather than the
// default SQL cache.
$settings['bootstrap_container_definition'] = [
'parameters' => [],
'services' => [
'redis.factory' => [
'class' => 'Drupal\redis\ClientFactory',
],
'cache.backend.redis' => [
'class' => 'Drupal\redis\Cache\CacheBackendFactory',
'arguments' => ['@redis.factory', '@cache_tags_provider.container', '@serialization.phpserialize'],
],
'cache.container' => [
'class' => '\Drupal\redis\Cache\PhpRedis',
'factory' => ['@cache.backend.redis', 'get'],
'arguments' => ['container'],
],
'cache_tags_provider.container' => [
'class' => 'Drupal\redis\Cache\RedisCacheTagsChecksum',
'arguments' => ['@redis.factory'],
],
'serialization.phpserialize' => [
'class' => 'Drupal\Component\Serialization\PhpSerialize',
],
],
];
}
if ($platformsh->inRuntime()) {
// Configure private and temporary file paths.
if (!isset($settings['file_private_path'])) {
$settings['file_private_path'] = $platformsh->appDir . '/private';
}
if (!isset($settings['file_temp_path'])) {
$settings['file_temp_path'] = $platformsh->appDir . '/tmp';
}
// Configure the default PhpStorage and Twig template cache directories.
if (!isset($settings['php_storage']['default'])) {
$settings['php_storage']['default']['directory'] = $settings['file_private_path'];
}
if (!isset($settings['php_storage']['twig'])) {
$settings['php_storage']['twig']['directory'] = $settings['file_private_path'];
}
// Set the project-specific entropy value, used for generating one-time
// keys and such.
$settings['hash_salt'] = $settings['hash_salt'] ?? $platformsh->projectEntropy;
// Set the deployment identifier, which is used by some Drupal cache systems.
$settings['deployment_identifier'] = $settings['deployment_identifier'] ?? $platformsh->treeId;
}
// The 'trusted_hosts_pattern' setting allows an admin to restrict the Host header values
// that are considered trusted. If an attacker sends a request with a custom-crafted Host
// header then it can be an injection vector, depending on how the Host header is used.
// However, Platform.sh already replaces the Host header with the route that was used to reach
// Platform.sh, so it is guaranteed to be safe. The following line explicitly allows all
// Host headers, as the only possible Host header is already guaranteed safe.
$settings['trusted_host_patterns'] = ['.*'];
// Import variables prefixed with 'd8settings:' into $settings
// and 'd8config:' into $config.
foreach ($platformsh->variables() as $name => $value) {
$parts = explode(':', $name);
list($prefix, $key) = array_pad($parts, 3, null);
switch ($prefix) {
// Variables that begin with `d8settings` or `drupal` get mapped
// to the $settings array verbatim, even if the value is an array.
// For example, a variable named d8settings:example-setting' with
// value 'foo' becomes $settings['example-setting'] = 'foo';
case 'd8settings':
case 'drupal':
$settings[$key] = $value;
break;
// Variables that begin with `d8config` get mapped to the $config
// array. Deeply nested variable names, with colon delimiters,
// get mapped to deeply nested array elements. Array values
// get added to the end just like a scalar. Variables without
// both a config object name and property are skipped.
// Example: Variable `d8config:conf_file:prop` with value `foo` becomes
// $config['conf_file']['prop'] = 'foo';
// Example: Variable `d8config:conf_file:prop:subprop` with value `foo` becomes
// $config['conf_file']['prop']['subprop'] = 'foo';
// Example: Variable `d8config:conf_file:prop:subprop` with value ['foo' => 'bar'] becomes
// $config['conf_file']['prop']['subprop']['foo'] = 'bar';
// Example: Variable `d8config:prop` is ignored.
case 'd8config':
if (count($parts) > 2) {
$temp = &$config[$key];
foreach (array_slice($parts, 2) as $n) {
$prev = &$temp;
$temp = &$temp[$n];
}
$prev[$n] = $value;
}
break;
}
}
if (!empty($_ENV['PLATFORM_BRANCH'])) {
switch ($_ENV['PLATFORM_BRANCH']) {
case 'production':
$config['config_split.config_split.live']['status'] = TRUE;
break;
}
}