6601: Updated and simplifyed docker image build

Author: cableman

.github/workflows/github_build_release.yml

@@ -94,7 +94,6 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       # Build main
-
       - name: Docker meta (main)
         id: meta-main
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
@@ -125,7 +124,6 @@ jobs:
           push-to-registry: true
 
       # Build Nginx (depends on main)
-
       - name: Docker meta (nginx)
         id: meta-nginx
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7

infrastructure/Readme.md infrastructure/README.mdinfrastructure/Readme.md renamed to infrastructure/README.md

@@ -2,26 +2,26 @@
 
 set -eux
 
-APP_VERSION=develop
+APP_VERSION=3.0.0-beta1
 
 docker pull itkdev/php8.4-fpm:alpine
 docker pull nginxinc/nginx-unprivileged:alpine
 
-docker build --build-context repository-root=.. \
+docker buildx build \
       --platform linux/amd64,linux/arm64 \
-      --pull \
       --no-cache \
+      --pull \
       --build-arg APP_VERSION=${APP_VERSION} \
-      --tag=turegjorup/display-api-service:${APP_VERSION} \
-      --file="display-api-service/Dockerfile" display-api-service
+      --tag=ghcr.io/itk-dev/display-api-service:${APP_VERSION} \
+      --file="display-api-service/Dockerfile" ../
 
-
-docker build --build-context repository-root=.. \
+docker buildx build \
       --platform linux/amd64,linux/arm64 \
       --no-cache \
+      --pull \
       --build-arg VERSION=${APP_VERSION} \
-      --tag=turegjorup/display-api-service-nginx:${APP_VERSION} \
+      --tag=ghcr.io/itk-dev/display-api-service-nginx:${APP_VERSION} \
       --file="nginx/Dockerfile" nginx
 
-docker push os2display/display-api-service:${APP_VERSION}
-docker push os2display/display-api-service-nginx:${APP_VERSION}
+#docker push ghcr.io/itk-dev/display-api-service:${APP_VERSION}
+#docker push ghcr.io/itk-dev/display-api-service-nginx:${APP_VERSION}

infrastructure/build-n-push.sh

@@ -1,5 +1,5 @@
 ######## Clients [Screen|Admin] build ########
-FROM node:24-alpine AS client_app_builder
+FROM --platform=$BUILDPLATFORM node:24-alpine AS client_app_builder
 LABEL maintainer="ITK Dev <itkdev@mkb.aarhus.dk>"
 
 ARG APP_VERSION="develop"
@@ -10,44 +10,37 @@ ENV APP_CLIENT_PATH=/app
 WORKDIR ${APP_CLIENT_PATH}
 
 # Copy only necessary files for npm install
-COPY --from=repository-root package.json package-lock.json vite.config.js ./
+COPY package.json package-lock.json vite.config.js ./
 
 # Install dependencies
 RUN npm ci --no-audit --no-fund
 
 # Copy source files needed for build
-COPY --from=repository-root assets/ ./assets/
-COPY --from=repository-root public/client/ ./public/client/
+COPY assets/ ./assets/
+COPY public/client/ ./public/client/
 
 # Build the application with version info
 RUN npm run build
 
 
 ######### API backend build ########
-FROM itkdev/php8.4-fpm:alpine AS api_app_builder
+FROM --platform=$BUILDPLATFORM itkdev/php8.4-fpm:latest AS api_app_builder
 LABEL maintainer="ITK Dev <itkdev@mkb.aarhus.dk>"
 
 ARG APP_VERSION="develop"
 ENV APP_CLIENT_PATH=/app \
     APP_API_PATH=/var/www/html
 
-USER root
-
-# Add composer in from the official composer image (also alpine).
-COPY --from=composer:2 /usr/bin/composer /usr/local/bin/composer
-
 WORKDIR ${APP_API_PATH}
 
-USER deploy
-
 # Copy only composer files first for better layer caching
-COPY --chown=deploy:deploy --from=repository-root composer.json composer.lock symfony.lock ${APP_API_PATH}/
+COPY composer.json composer.lock symfony.lock ${APP_API_PATH}/
 
 # Pre-install composer packages first (better image layer caching) - application code not present so have to be re-run
 RUN APP_ENV=prod composer install --no-dev -o --classmap-authoritative --no-scripts
 
 # Copy application source (needed for build step)
-COPY --chown=deploy:deploy --from=repository-root ./ ${APP_API_PATH}/
+COPY ./ ${APP_API_PATH}/
 
 # Copy javascript build files. This ensures that vite manifest files are availiable when "composer insatll"
 # triggers a "cache:clear" enabling the vite bundle to generate cache configuration files
@@ -57,43 +50,41 @@ COPY --chown=deploy:deploy --from=client_app_builder ${APP_CLIENT_PATH}/public/b
 # Re-run composer install after application code copied to image to complete install
 RUN APP_ENV=prod composer install --no-dev --optimize-autoloader --classmap-authoritative
 
+# Remove files we do not need to the final image
+RUN rm -rf \
+    docker-compose.* \
+    package* \
+    phpstan.dist.neon \
+    psalm* \
+    playwright.* \
+    phpunit.* \
+    rector.php \
+    Taskfile.yml \
+    .markdown* \
+    .php-cs-fixer.dist.php \
+    .twig-cs-fixer.dist.php \
+    .prettier \
+    vite.config.js
 
 ######## PHP-FPM (API) production image ########
-FROM itkdev/php8.4-fpm:alpine
+FROM --platform=$BUILDPLATFORM itkdev/php8.4-fpm:alpine
 LABEL maintainer="ITK Dev <itkdev@mkb.aarhus.dk>"
 
 ENV APP_CLIENT_PATH=/app \
     APP_API_PATH=/var/www/html \
     APP_ENV=prod \
     COMPOSER_VERSION=2 \
-
-    # OpCache
     PHP_OPCACHE_ENABLED=1 \
     PHP_OPCACHE_VALIDATE_TIMESTAMPS=0 \
     PHP_OPCACHE_MAX_ACCELERATED_FILES=20000 \
     PHP_OPCACHE_MEMORY_CONSUMPTION=256 \
-
-   # FPM pool
     PHP_PM_TYPE="dynamic" \
     PHP_PM_MAX_CHILDREN="24" \
     PHP_PM_MAX_REQUESTS="0" \
     PHP_PM_START_SERVERS="5" \
     PHP_PM_MIN_SPARE_SERVERS="5" \
     PHP_PM_MAX_SPARE_SERVERS="10"
 
-USER root
-
-# Add composer needed to run optimizations after config is loaded.
-COPY --from=composer:2 /usr/bin/composer /usr/local/bin/composer
-
-# Download Prometheus php-fpm export.
-COPY --from=hipages/php-fpm_exporter:2.2.0 /php-fpm_exporter /usr/local/bin/php-fpm_exporter
-
-COPY docker-entrypoint.sh /usr/local/bin/
-RUN chmod +x /usr/local/bin/docker-entrypoint.sh
-
-USER deploy
-
 WORKDIR ${APP_API_PATH}
 
 # Install the api application.

infrastructure/display-api-service/Dockerfile

@@ -1,72 +1,14 @@
-######## Clients [Screen|Admin] build ########
-FROM node:24-alpine AS client_app_builder
-LABEL maintainer="ITK Dev <itkdev@mkb.aarhus.dk>"
-
 ARG APP_VERSION="develop"
-ARG APP_RELEASE_VERSION="develop"
-ARG APP_RELEASE_TIMESTAMP=0
-
-ENV APP_CLIENT_PATH=/app
-WORKDIR ${APP_CLIENT_PATH}
-
-# Copy only necessary files for npm install
-COPY --from=repository-root package.json package-lock.json vite.config.js ./
-
-# Install dependencies
-RUN npm ci --no-audit --no-fund
-
-# Copy source files needed for build
-COPY --from=repository-root assets/ ./assets/
-
-# Build the application with version info
-RUN npm run build
-
-
-######### API backend build ########
-FROM itkdev/php8.4-fpm:alpine AS api_app_builder
-LABEL maintainer="ITK Dev <itkdev@mkb.aarhus.dk>"
-
-ARG APP_VERSION="develop"
-ENV APP_CLIENT_PATH=/app \
-    APP_API_PATH=/var/www/html
-
-USER root
-
-# Add composer in from the official composer image (also alpine).
-COPY --from=composer:2 /usr/bin/composer /usr/local/bin/composer
-
-WORKDIR ${APP_API_PATH}
-
-USER deploy
-
-# Copy only composer files first for better layer caching
-COPY --chown=deploy:deploy --from=repository-root composer.json composer.lock symfony.lock ${APP_API_PATH}/
-
-# Pre-install composer packages first (better image layer caching) - application code not present so have to be re-run
-RUN APP_ENV=prod composer install --no-dev -o --classmap-authoritative --no-scripts
-
-# Copy application source (needed for build step)
-COPY --chown=deploy:deploy --from=repository-root ./ ${APP_API_PATH}/
-
-# Copy javascript build files. This ensures that vite manifest files are availiable when "composer insatll"
-# triggers a "cache:clear" enabling the vite bundle to generate cache configuration files
-# @see https://symfony-vite.pentatrion.com/guide/performance.html#caching-configuration-files-%F0%9F%8F%83
-COPY --chown=deploy:deploy --from=client_app_builder ${APP_CLIENT_PATH}/public/build ./public/build
-
-# Re-run composer install after application code copied to image to complete install
-RUN APP_ENV=prod composer install --no-dev --optimize-autoloader --classmap-authoritative
-
+FROM --platform=$BUILDPLATFORM ghcr.io/itk-dev/display-api-service:${APP_VERSION} AS app
 
 
 ######## Nginx production image ########
-FROM nginxinc/nginx-unprivileged:alpine
+FROM --platform=$BUILDPLATFORM nginxinc/nginx-unprivileged:alpine
 LABEL maintainer="ITK Dev <itkdev@mkb.aarhus.dk>"
 
 ARG APP_VERSION="develop"
 ARG APP_RELEASE_VERSION="develop"
 ARG APP_RELEASE_TIMESTAMP=0
-ARG UID=101
-ARG GID=101
 
 ENV APP_CLIENT_PATH=/app \
     APP_API_PATH=/var/www/html \
@@ -76,21 +18,20 @@ ENV APP_CLIENT_PATH=/app \
 
 WORKDIR ${APP_API_PATH}
 
+USER root
+
 # Create directory and copy built client assets
 RUN mkdir -p ${APP_API_PATH}/public
-COPY --from=api_app_builder --chown=$UID:0 ${APP_API_PATH}/public ./public
-
-# Copy configuration and entrypoint script
-COPY --chown=$UID:0 etc /etc/nginx
+COPY --from=app --chown=nginx:nginx ${APP_API_PATH}/public ./public
 
-# Set proper permissions (files are already owned by $UID:0 from COPY --chown)
-RUN chmod -R g+w ${APP_API_PATH}
+# Copy configuration
+COPY --chown=nginx:nginx etc /etc/nginx
 
 # Add health check
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://localhost:${NGINX_PORT}/health || exit 1
 
-USER $UID
+USER nginx
 
 EXPOSE ${NGINX_PORT}