refactor: container full rebuild

nethesis · Apr 24, 2024 · cef18a8 · cef18a8
1 parent 18bbf42
commit cef18a8
Show file tree

Hide file tree

Showing 20 changed files with 203 additions and 192 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,13 +19,25 @@ jobs:
 
       - uses: docker/setup-buildx-action@v3
 
-      - name: Generate tags
+      - name: Generate php image tags
         uses: docker/metadata-action@v5
-        id: meta
+        id: meta-php
         with:
-          bake-target: production
+          bake-target: php
           images: |
-            ghcr.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}-php
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Generate nginx image tags
+        uses: docker/metadata-action@v5
+        id: meta-nginx
+        with:
+          bake-target: nginx
+          images: |
+            ghcr.io/${{ github.repository }}-nginx
           tags: |
             type=ref,event=branch
             type=semver,pattern={{version}}
@@ -42,7 +54,8 @@ jobs:
           targets: production
           files: |
             ./docker-bake.hcl
-            ${{ steps.meta.outputs.bake-file }}
+            ${{ steps.meta-php.outputs.bake-file }}
+            ${{ steps.meta-nginx.outputs.bake-file }}
           set: |
             *.cache-to=type=gha,mode=max
             *.cache-from=type=gha

diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,5 @@
 .idea/
 docker-compose.override.yml
-supervisord.pid
 
 # Created by https://www.toptal.com/developers/gitignore/api/linux,laravel
 # Edit at https://www.toptal.com/developers/gitignore?templates=linux,laravel

diff --git a/README.md b/README.md
@@ -67,7 +67,7 @@ You can find the app running at `http://localhost:8080`.
 To run any commands inside the development environment, you need to get to the shell using:
 
 ```bash
-docker compose exec --user www-data app bash
+docker compose exec app bash
 ```
 
 ### Running tests
@@ -80,36 +80,42 @@ php artisan test
 
 ## Build
 
-The deployment of the image is being taken care of by GitHub Actions, however if you want to build the production image yourself follow the instructions below.
-
 ### Prerequisites
 
 - [Docker Bake](https://docs.docker.com/build/bake/)
 
-To build the production images:
+### Build the production image
+
+GitHub Actions takes care of the deployment of the images to the registry, however if you want to build the production image yourself follow the instructions below.
 
 ```bash
-docker buildx bake
+docker buildx bake -f docker-bake.hcl production
 ```
 
-You will find the image tagged as `ghcr.io/nethserver/parceler:latest`.
-
-## Run the production image
-
-To run the production image, you can just run the image with some expedients:
-
-- Server runs on port `80`
-- Following environment variables are required:
-  - `APP_KEY`: The application key, you can generate one using the development environment using `php artisan key:generate --show`.
-  - `APP_TIMEZONE`: The timezone to use for the app, defaults to `UTC`.
-  - `APP_URL`: The full URL where the application is reached from.
-  - `LOG_CHANNEL`: Set this to `errorlog` to avoid writing logs to the filesystem.
-  - `LOG_LEVEL`: This can be safely set to `warning`, you can increase the log level if needed.
-  - `DB_DATABASE`: This is the name of the database file to use (sqlite), must be an absolute path and wrote inside a volume.
-  - `FILESYSTEM_DISK`: Disk to use during production, works same as development.
-  - `AWS_ACCESS_KEY_ID`: AWS Access Key ID.
-  - `AWS_SECRET_ACCESS_KEY`: AWS Secret Access Key.
-  - `AWS_DEFAULT_REGION`: AWS Default Region.
-  - `AWS_BUCKET`: AWS Bucket Name.
-  - `AWS_ENDPOINT`: AWS Endpoint.
-- **optional** to sync all software with the same timezone, the additional `/etc/localtime:/etc/localtime:ro` volume mount can be done to ensure time is respected.
+You will find the images tagged as `ghcr.io/nethserver/parceler-*:latest`.
+
+## Run the production environment
+
+The production environment is composed by the following services:
+
+- `nginx`: nginx server to serve the application.
+- `php`: PHP-FPM to run the application.
+- `scheduler`: Laravel scheduler to run the scheduled tasks.
+- `worker`: Laravel worker to run the queued jobs.
+
+You can see by the docker-compose.production.yml file what the services need to run in a production environment.
+
+The env_file in the php image need to have the following environment variables:
+
+- `APP_KEY`: The application key, you can generate one using the development environment using `php artisan key:generate --show`.
+- `APP_TIMEZONE`: The timezone to use for the app, defaults to `UTC`.
+- `APP_URL`: The full URL where the application is reached from.
+- `LOG_CHANNEL`: Set this to `errorlog` to avoid writing logs to the filesystem.
+- `LOG_LEVEL`: This can be safely set to `warning`, you can increase the log level if needed.
+- `DB_DATABASE`: This is the name of the database file to use (sqlite), must be an absolute path and wrote inside a volume.
+- `FILESYSTEM_DISK`: Disk to use during production, works same as development.
+- `AWS_ACCESS_KEY_ID`: AWS Access Key ID.
+- `AWS_SECRET_ACCESS_KEY`: AWS Secret Access Key.
+- `AWS_DEFAULT_REGION`: AWS Default Region.
+- `AWS_BUCKET`: AWS Bucket Name.
+- `AWS_ENDPOINT`: AWS Endpoint.
diff --git a/containers/entrypoint.sh b/containers/entrypoint.sh
diff --git a/containers/etc/nginx/nginx.conf b/containers/etc/nginx/nginx.conf
diff --git a/containers/etc/supervisor.d/crond.ini b/containers/etc/supervisor.d/crond.ini
diff --git a/containers/etc/supervisor.d/nginx.ini b/containers/etc/supervisor.d/nginx.ini
diff --git a/containers/etc/supervisor.d/php.ini b/containers/etc/supervisor.d/php.ini
diff --git a/containers/etc/supervisor.d/worker.ini b/containers/etc/supervisor.d/worker.ini
diff --git a/containers/etc/supervisord.conf b/containers/etc/supervisord.conf
diff --git a/containers/nginx/90-wait-fpm.sh b/containers/nginx/90-wait-fpm.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+set -e
+
+wait-for "${FPM_HOST:?Missing FPM_HOST}:${FPM_PORT:?Missing FPM_PORT}" -t 60
diff --git a/containers/nginx/Dockerfile b/containers/nginx/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:1.25.4-alpine as production
+WORKDIR /var/www/html
+COPY containers/nginx/config /etc/nginx
+ADD --chmod=755 \
+    --checksum=sha256:206a8f9b2177703fc5aa924d85ad6c72e82413e2d09635b4c9c82a1b65b5b3d5 \
+    https://github.com/eficode/wait-for/releases/download/v2.2.4/wait-for /usr/local/bin/wait-for
+COPY --chmod=777 containers/nginx/90-wait-fpm.sh /docker-entrypoint.d/90-wait-fpm.sh
+COPY public ./public
+HEALTHCHECK CMD curl --fail --silent --output /dev/null http://localhost/status
diff --git a/containers/nginx/config/conf.d/status.conf b/containers/nginx/config/conf.d/status.conf
@@ -0,0 +1,15 @@
+server {
+    listen localhost;
+    server_name localhost;
+    keepalive_timeout 0;
+
+    access_log off;
+
+    allow 127.0.0.1;
+    allow ::1;
+    deny all;
+
+    location /status {
+        stub_status on;
+    }
+}
diff --git a/containers/etc/nginx/http.d/default.conf → ...nx/config/templates/default.conf.template b/containers/etc/nginx/http.d/default.conf → ...nx/config/templates/default.conf.template
@@ -21,7 +21,7 @@ server {
     location = /robots.txt  { access_log off; log_not_found off; }
 
     location ~ \.php$ {
-        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_pass ${FPM_HOST}:${FPM_PORT};
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         include fastcgi_params;
     }

diff --git a/containers/Dockerfile → containers/php/Dockerfile b/containers/Dockerfile → containers/php/Dockerfile
@@ -2,17 +2,15 @@ FROM docker.io/php:8.3.4-fpm-alpine as base
 WORKDIR /var/www/html
 # install software needed for all environments
 RUN apk add --no-cache \
-        nginx \
         rclone \
-        supervisor
+        sqlite
 COPY --from=docker.io/composer:2.7.2 /usr/bin/composer /usr/local/bin/composer
 COPY --from=docker.io/mlocati/php-extension-installer:2.2.5 /usr/bin/install-php-extensions /usr/local/sbin/install-php-extensions
 # configure entrypoints and image
-COPY --chmod=700 containers/entrypoint.sh /usr/local/sbin/entrypoint
+COPY --chmod=777 containers/php/entrypoint.sh /usr/local/sbin/entrypoint
 ENTRYPOINT ["entrypoint"]
-COPY containers/etc /etc
-CMD ["supervisord", "--nodaemon", "--configuration", "/etc/supervisord.conf"]
-COPY containers/usr /usr
+CMD ["php-fpm"]
+COPY containers/php/config /usr/local/etc/php
 
 FROM base as development
 RUN apk add --no-cache \
@@ -22,24 +20,19 @@ RUN apk add --no-cache \
         sudo \
     && install-php-extensions xdebug \
     && mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" \
-    && echo "ALL ALL=(ALL:ALL) NOPASSWD: ALL" > "/etc/sudoers.d/password_less_sudo" \
-    && echo "* * * * * cd /var/www/html && php artisan schedule:run >> /dev/null 2>&1"
+    && echo "ALL ALL=(ALL:ALL) NOPASSWD: ALL" > "/etc/sudoers.d/password_less_sudo"
 ARG UID
 ARG GID
 RUN usermod -u "$UID" www-data \
     && groupmod -g "$GID" www-data
 ENV XDEBUG_MODE=develop,debug,coverage
 ENV XDEBUG_CONFIG="client_host=host.docker.internal"
+USER www-data
 
 FROM base as production
-RUN install-php-extensions opcache \
-    && echo "access.log = /dev/null" >> /usr/local/etc/php-fpm.d/zz-docker.conf \
-    && mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" \
-    && echo "* * * * * cd /var/www/html && php artisan schedule:run >> /dev/null 2>&1"
-# Container deployment ready, copying application
+RUN install-php-extensions opcache
 COPY composer.json .
 COPY composer.lock .
-ARG COMPOSER_ALLOW_SUPERUSER=1
 RUN composer install --no-dev --no-scripts
 COPY app ./app
 COPY bootstrap ./bootstrap
@@ -48,10 +41,17 @@ COPY database ./database
 COPY public ./public
 COPY resources ./resources
 COPY routes ./routes
-COPY --chown=www-data:www-data storage ./storage
+COPY storage ./storage
 COPY artisan .
-# Optimizing runtime, removing dependencies
-RUN composer dump-autoload --optimize \
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" \
+    && echo "* * * * * cd /var/www/html && php artisan schedule:run >> /dev/null 2>&1" > /etc/crontabs/www-data \
+    && echo "access.log = /dev/null" >> /usr/local/etc/php-fpm.d/zz-docker.conf
+ADD --chmod=777 \
+    --checksum=sha256:206a8f9b2177703fc5aa924d85ad6c72e82413e2d09635b4c9c82a1b65b5b3d5 \
+    https://github.com/eficode/wait-for/releases/download/v2.2.4/wait-for /usr/local/bin/wait-for
+ARG COMPOSER_ALLOW_SUPERUSER=1
+RUN chown -R www-data:www-data storage \
+    && composer dump-autoload --optimize \
     && echo -n "opcache.max_accelerated_files=" >> "$PHP_INI_DIR/conf.d/opcache.ini" \
     && echo $(find . -name "*.php" | wc -l | awk '{print (int($1/1000)+2)*1000}') >> "$PHP_INI_DIR/conf.d/opcache.ini" \
     && rm /usr/local/bin/composer \

diff --git a/...ners/usr/local/etc/php/conf.d/opcache.ini → containers/php/config/conf.d/opcache.ini b/...ners/usr/local/etc/php/conf.d/opcache.ini → containers/php/config/conf.d/opcache.ini
diff --git a/containers/php/entrypoint.sh b/containers/php/entrypoint.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env sh
+
+set -e
+
+if [ -f '.env' ]; then
+    . .env
+fi
+
+if [ "$1" = 'php-fpm' ]; then
+    if [ "$APP_ENV" = "local" ]; then
+        composer install
+    else
+        php artisan optimize
+        chown -R www-data:www-data storage
+    fi
+    php artisan migrate --force
+elif [ "$1" = 'crond' ] || [ "$3" = 'queue:work' ]; then
+    wait-for "${PHP_HOST:?Missing PHP_HOST}:${PHP_PORT:?Missing PHP_PORT}" -t 60
+fi
+
+exec "$@"