Merge pull request #46 from kduma-OSS/docker-images

kduma · web-flow · commit 5f977fe84f28 · 2022-12-29T19:26:06.000+01:00
Prepare Docker Images
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,32 @@
+.editorconfig
+.env
+.gitattributes
+.gitignore
+.phpstorm.meta.php
+.phpunit.result.cache
+.dockerignore
+_ide_helper.php
+_ide_helper_models.php
+docker-compose.yml
+docker-compose-prod.yml
+ngnix.Dockerfile
+php.Dockerfile
+README.md
+rector.php
+vendor/*
+node_modules/*
+public/build/*
+bootstrap/cache/*
+public/hot/*
+public/storage/*
+storage/*.key
+.env.backup
+.env.production
+Homestead.json
+Homestead.yaml
+auth.json
+npm-debug.log
+yarn-error.log
+.fleet
+.idea
+.vscode
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,95 @@
+name: Docker Images
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  push:
+    branches: [ master ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+
+  pull_request:
+    branches: [ master ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build-and-push-image:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./ngnix.Dockerfile
+            image: ghcr.io/kduma-oss/webprint-server/nginx
+          - dockerfile: ./php.Dockerfile
+            image: ghcr.io/kduma-oss/webprint-server/fpm
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+                  type=ref,event=branch
+                  type=ref,event=pr
+                  type=ref,event=tag
+                  type=semver,pattern=v{{version}}
+                  type=semver,pattern=v{{major}}.{{minor}}
+                  type=semver,pattern=v{{major}}
+
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml
@@ -0,0 +1,54 @@
+version: "3"
+services:
+  nginx:
+    build:
+      context: .
+      dockerfile: ngnix.Dockerfile
+    image: ghcr.io/kduma-oss/webprint-server/nginx
+    restart: always
+    ports:
+      - "8080:80"
+    depends_on:
+      - php
+    networks:
+      - internal
+
+  php:
+    build:
+      context: .
+      dockerfile: php.Dockerfile
+    image: ghcr.io/kduma-oss/webprint-server/fpm
+    restart: always
+    networks:
+      - internal
+    depends_on:
+      - db
+    environment:
+      - DB_CONNECTION=mysql
+      - DB_HOST=db
+      - DB_PORT=3306
+      - DB_DATABASE=webprint_server
+      - DB_USERNAME=webprint_server
+      - DB_PASSWORD=${DB_PASSWORD}
+
+      - APP_KEY=${APP_KEY}
+
+  db:
+    image: mysql:8.0
+    restart: always
+    environment:
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_DATABASE=webprint_server
+      - MYSQL_USER=webprint_server
+      - MYSQL_PASSWORD=${DB_PASSWORD}
+    networks:
+      - internal
+    volumes:
+      - db_data:/var/lib/mysql
+
+networks:
+  internal:
+    driver: bridge
+
+volumes:
+  db_data: {}
diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf
@@ -0,0 +1,33 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    root /var/www/html/public;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}
diff --git a/docker/php/opcache.ini b/docker/php/opcache.ini
@@ -0,0 +1,9 @@
+[opcache]
+opcache.enable=1
+opcache.revalidate_freq=0
+opcache.validate_timestamps=0
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=192
+opcache.max_wasted_percentage=10
+opcache.interned_strings_buffer=16
+opcache.fast_shutdown=1
diff --git a/ngnix.Dockerfile b/ngnix.Dockerfile
@@ -0,0 +1,25 @@
+FROM node:19-alpine AS vite_stage
+
+WORKDIR /var/www/html
+
+COPY package.json package-lock.json ./
+RUN npm ci
+
+COPY postcss.config.js tailwind.config.js vite.config.js ./
+COPY resources ./resources
+RUN npm run build
+
+
+
+
+
+
+FROM nginx:alpine
+
+WORKDIR /var/www/html
+
+COPY docker/nginx/default.conf /etc/nginx/conf.d
+
+COPY --from=vite_stage /var/www/html/public/build /var/www/html/public/build
+
+COPY ./ /var/www/html/
diff --git a/php.Dockerfile b/php.Dockerfile
@@ -0,0 +1,52 @@
+FROM node:19-alpine AS vite_stage
+
+WORKDIR /var/www/html
+
+COPY package.json package-lock.json ./
+RUN npm ci
+
+COPY postcss.config.js tailwind.config.js vite.config.js ./
+COPY resources ./resources
+RUN npm run build
+
+
+
+
+
+FROM php:8.1-cli-alpine AS composer_stage
+
+WORKDIR /var/www/html
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+
+COPY composer.json composer.lock ./
+RUN composer install --ignore-platform-reqs --prefer-dist --no-scripts --no-progress --no-interaction --no-dev --no-autoloader
+
+COPY . ./
+RUN composer dump-autoload --optimize --apcu --no-dev
+
+
+
+FROM php:8.1-fpm-alpine
+
+WORKDIR /var/www/html
+
+RUN docker-php-ext-install pdo pdo_mysql
+RUN docker-php-ext-install opcache
+
+COPY docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
+
+
+
+COPY --from=vite_stage /var/www/html/public/build /var/www/html/public/build
+
+COPY --from=composer_stage /var/www/html/vendor /var/www/html/vendor
+COPY --from=composer_stage /var/www/html/bootstrap/cache /var/www/html/bootstrap/cache
+
+COPY . /var/www/html/
+
+RUN chown -R www-data:www-data /var/www/html/storage
+
+
+ENV APP_ENV=production
+ENV APP_DEBUG=false
