From e27fcdfb719bd6e348e5aa1d56a3c8b1af9b27b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Fastr=C3=A9?= Date: Wed, 3 Jul 2024 12:44:55 +0200 Subject: [PATCH] add chill-deploy bundle + fixes --- .dockerignore | 13 +++ .drone.yml | 81 ++++++++++++++ .../release/update-composer-lock.yaml | 59 ++++++++++ Dockerfile | 102 ++++++++++++++++++ .../0000-add-extensions.sql | 2 + docker/logstash/Dockerfile | 8 ++ docker/logstash/pipeline/logstash.conf | 16 +++ docker/nginx/Dockerfile | 10 ++ docker/nginx/default.conf | 71 ++++++++++++ docker/nginx/nginx.with-collabora.conf | 82 ++++++++++++++ entrypoint.sh | 56 ++++++++++ 11 files changed, 500 insertions(+) create mode 100644 .dockerignore create mode 100644 .drone.yml create mode 100644 .gitea/workflows/release/update-composer-lock.yaml create mode 100644 Dockerfile create mode 100644 docker/db/docker-entrypoint-initdb.d/0000-add-extensions.sql create mode 100644 docker/logstash/Dockerfile create mode 100644 docker/logstash/pipeline/logstash.conf create mode 100644 docker/nginx/Dockerfile create mode 100644 docker/nginx/default.conf create mode 100644 docker/nginx/nginx.with-collabora.conf create mode 100755 entrypoint.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..df11b94 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,13 @@ +vendor/*/*/vendor/* +vendor/*/*/tests/* +vendor/bin/.php* +.pgadmin4* +app/config/parameters.yml +.composer* +.git* +.yarncache/* +.node_modules/* +build/* +var/* +vendor/chill-project/chill-bundles/.psalm/* + diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..2431d4b --- /dev/null +++ b/.drone.yml @@ -0,0 +1,81 @@ +--- +kind: pipeline +type: docker +name: build-images + +image_pull_secrets: + - dockerconfig + +trigger: + event: + - tag + +steps: + - name: build-base-image + image: plugins/docker + settings: + username: + from_secret: docker_username + password: + from_secret: docker_password + registry: h3m6q87t.gra7.container-registry.ovh.net + repo: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base + tag: latest + target: chill_base_php82 + pull_image: true + cache_from: + - h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base:latest + - chill/base-image:latest + + - name: composer-install + image: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base:latest + pull: always + commands: + - composer install --no-scripts --no-interaction + depends_on: + - build-base-image + + - name: build-assets + image: node:20 + pull: always + commands: + - yarn install + - yarn list + - yarn run encore production + depends_on: + - composer-install + + - name: build-image-php + image: plugins/docker + settings: + pull_image: true + username: + from_secret: docker_username + password: + from_secret: docker_password + registry: h3m6q87t.gra7.container-registry.ovh.net + repo: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php + tag: + - ${DRONE_TAG} + cache_from: + - h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base:latest + - chill/base-image:latest + depends_on: + - build-assets + - composer-install + + - name: build-image-nginx + image: plugins/docker + settings: + pull_image: true + username: + from_secret: docker_username + password: + from_secret: docker_password + registry: h3m6q87t.gra7.container-registry.ovh.net + repo: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/nginx + tag: + - ${DRONE_TAG} + Dockerfile: docker/nginx/Dockerfile + depends_on: + - build-assets diff --git a/.gitea/workflows/release/update-composer-lock.yaml b/.gitea/workflows/release/update-composer-lock.yaml new file mode 100644 index 0000000..c5ea7b8 --- /dev/null +++ b/.gitea/workflows/release/update-composer-lock.yaml @@ -0,0 +1,59 @@ +name: Prepare release for chill app +run-name: Update composer.lock and dependencies for preparing a release + +on: + push: + branches: + - 'release/**' + +jobs: + update-deps: + runs-on: ubuntu-latest + steps: + - name: check out repository + uses: https://github.com/actions/checkout@v4 + - name: get the previous chill version + # parse the composer.lock file using jq to get the chill version before the upgrade + id: chill-before + uses: https://github.com/sergeysova/jq-action@v2 + with: + cmd: 'cat composer.lock | jq --raw-output ''.packages[] | select ( .name | contains ("chill-project/chill-bundles")) | .version''' + - name: run composer update to update composer.lock + uses: docker://gitea.champs-libres.be/chill-project/chill-skeleton-basic/base-image:latest + with: + # this is where we set the command to execute + args: composer update --no-install + - name: is composer.lock changed ? + id: composer-lock-changed + run: 'echo is_composer_lock_changed=$(git diff --name-only | grep "composer\.lock" | wc -l) >> $GITHUB_OUTPUT' + - name: get the new chill version + # parse the composer.lock file using jq to get the chill version after the upgrade + id: chill-after + uses: https://github.com/sergeysova/jq-action@v2 + with: + cmd: 'cat composer.lock | jq --raw-output ''.packages[] | select ( .name | contains ("chill-project/chill-bundles")) | .version''' + - name: add a changie file for the upgrade + uses: https://github.com/miniscruff/changie-action@v2 + if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }} + with: + version: latest + args: 'new --body "Update dependencies. Chill-bundles upgraded from ${{ steps.chill-before.outputs.value }} to ${{ steps.chill-after.outputs.value }}" --kind Release --custom "Issue=0"' + - name: changie batch + if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }} + uses: https://github.com/miniscruff/changie-action@v2 + with: + version: latest + args: 'batch auto' + - name: changie merge + if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }} + uses: https://github.com/miniscruff/changie-action@v2 + with: + version: latest + args: 'merge' + - name: commit changed files + if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }} + uses: https://github.com/stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "update composer.lock and file (automatic update)" + commit_user_name: Action Bot + commit_user_email: bot@chill.social \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..399348b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,102 @@ +FROM php:8.2-fpm-alpine AS chill_base_php82 + +ENV POSTGRES_VERSION 14 + +# default UID for the PHP user +ARG UID=1000 +ARG GID=1000 + +# install php extensions and deps +RUN apk update && apk add --no-cache \ + wget gnupg \ + libpq-dev \ + icu-dev icu-libs icu-data-full \ + oniguruma-dev \ + libzip libzip-dev \ + linux-headers \ + gcc g++ make autoconf \ + bash git \ + && docker-php-ext-install pdo_pgsql intl mbstring zip bcmath exif sockets \ + && git clone https://github.com/nikic/php-ast.git \ + && cd php-ast \ + && phpize \ + && ./configure \ + && make install \ + && echo 'extension=ast.so' > /usr/local/etc/php/php.ini \ + && cd .. && rm -rf php-ast \ + && pecl install redis \ + && docker-php-ext-enable redis \ + && apk add libpng-dev libjpeg-turbo-dev freetype-dev \ + && docker-php-ext-configure gd --with-freetype --with-jpeg \ + && docker-php-ext-install -j$(nproc) gd \ + && apk add postgresql${POSTGRES_VERSION}-client \ + && apk del --purge wget gnupg libpq-dev icu-dev oniguruma-dev libzip-dev linux-headers gcc g++ make autoconf + +RUN { \ + echo ""; \ + echo "memory_limit = 512M"; \ + echo ""; \ + } >> /usr/local/etc/php/conf.d/memory_limit.ini + +RUN { \ + echo ""; \ + echo "[Date]"; \ + echo "date.timezone = Europe/Brussels"; \ + echo ""; \ + } >> /usr/local/etc/php/conf.d/date.ini + +# temporary fix, while php-cs-fixer has conflict dependencies +# with chill +RUN curl -o /usr/local/bin/php-cs-fixer https://cs.symfony.com/download/php-cs-fixer-v3.phar \ + && chmod +x /usr/local/bin/php-cs-fixer +# to make php-cs-fixer works with php 8.2 +ENV PHP_CS_FIXER_IGNORE_ENV=1 + +COPY --from=composer:2 /usr/bin/composer /usr/bin/composer +ENV COMPOSER_ALLOW_SUPERUSER=1 +ENV COMPOSER_MEMORY_LIMIT=-1 + +# shell bash preference +RUN sed -i " \ + s|root:x:0:0:root:/root:/bin/ash|root:x:0:0:root:/root:/bin/bash|g; \ + s|postgres:x:70:70:PostgreSQL user:/var/lib/postgresql:/bin/sh|postgres:x:70:70:PostgreSQL user:/var/lib/postgresql:/bin/bash|g" \ + /etc/passwd + +# chmod on redis.so +RUN chmod 755 -R /usr/local/lib/php/extensions/ + +WORKDIR /var/www/app + +CMD ["php-fpm"] + +FROM chill_base_php82 AS chill_php82 + +# copy directories + +COPY ./bin /var/www/app/bin/. +COPY ./composer.* /var/www/app/ +COPY ./config /var/www/app/config/. +COPY ./migrations /var/www/app/migrations/. +COPY ./public /var/www/app/public/. +COPY ./src /var/www/app/src/. +COPY ./templates /var/www/app/templates/. +COPY ./translations /var/www/app/translations/. +COPY ./vendor /var/www/app/vendor/. + +COPY ./.env /var/www/app/.env + +# import the manifest.json file +COPY ./public/build/manifest.json /var/www/app/public/build/manifest.json + +ADD ./entrypoint.sh /. + +RUN chmod +x /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] + +ENV PHP_FPM_USER=www-data \ + PHP_FPM_GROUP=www-data \ + COMPOSER_HOME=/var/www/app/.composer \ + SESSION_LIFETIME=10800 + +CMD [ "php-fpm" ] diff --git a/docker/db/docker-entrypoint-initdb.d/0000-add-extensions.sql b/docker/db/docker-entrypoint-initdb.d/0000-add-extensions.sql new file mode 100644 index 0000000..000ca16 --- /dev/null +++ b/docker/db/docker-entrypoint-initdb.d/0000-add-extensions.sql @@ -0,0 +1,2 @@ +CREATE EXTENSION UNACCENT; + diff --git a/docker/logstash/Dockerfile b/docker/logstash/Dockerfile new file mode 100644 index 0000000..67db6cc --- /dev/null +++ b/docker/logstash/Dockerfile @@ -0,0 +1,8 @@ +FROM docker.elastic.co/logstash/logstash-oss:8.1.0-amd64 + +RUN \ + bin/logstash-plugin install logstash-output-gelf \ + && bin/logstash-plugin install logstash-input-gelf + +COPY ./pipeline /usr/share/logstash/pipeline/ + diff --git a/docker/logstash/pipeline/logstash.conf b/docker/logstash/pipeline/logstash.conf new file mode 100644 index 0000000..f51051d --- /dev/null +++ b/docker/logstash/pipeline/logstash.conf @@ -0,0 +1,16 @@ +input { + gelf { + # input for php logs + port => 12201 + add_field => [ 'source', "php" ] + } +} + + +filter { + +} + +output { + stdout { } +} diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile new file mode 100644 index 0000000..7114361 --- /dev/null +++ b/docker/nginx/Dockerfile @@ -0,0 +1,10 @@ +FROM nginx + +COPY ./public /var/www/app/public + +# gz encode builded files + +RUN gzip -9 -k -f -r /var/www/app/public/build/* + +COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf + diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf new file mode 100644 index 0000000..bfd4010 --- /dev/null +++ b/docker/nginx/default.conf @@ -0,0 +1,71 @@ +upstream phpfcgi { + server php:9000; + # server unix:/var/run/php5-fpm.sock; #for PHP-FPM running on UNIX socket +} + +server { + listen 80; + + # only for getting traffic from collabora, when opening nginx:8001 + listen 8001; + + #server_name symfony4; + root /var/www/app/public; + + error_log /dev/stderr; + access_log /dev/stdout main; + + location / { + index index.php; + try_files $uri /index.php$is_args$args; + } + + location /build/ { + expires 30d; + add_header Pragma public; + add_header Cache-Control "public"; + + gzip_static on; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; + } + + location ~ ^/index\.php(/|$) { + fastcgi_pass phpfcgi; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param HTTPS off; + + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + + http2_push_preload on; + } + + location ~ \.php$ { + return 404; + } +} diff --git a/docker/nginx/nginx.with-collabora.conf b/docker/nginx/nginx.with-collabora.conf new file mode 100644 index 0000000..33b6e7b --- /dev/null +++ b/docker/nginx/nginx.with-collabora.conf @@ -0,0 +1,82 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + error_log /dev/stderr; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + gzip off; + + #include /etc/nginx/conf.d/*.conf; + + # permet l'upload de fichiers + client_max_body_size 3M; + +upstream phpfcgi { + server php:9000; + # server unix:/var/run/php5-fpm.sock; #for PHP-FPM running on UNIX socket +} + +server { + listen 80; + listen 8001; + + #server_name symfony4; + root /var/www/app/public; + + error_log /dev/stderr; + access_log /dev/stdout main; + + location / { + index index.php; + try_files $uri /index.php$is_args$args; + } + + location /build/ { + expires 30d; + add_header Pragma public; + add_header Cache-Control "public"; + } + + location ~ ^/index\.php(/|$) { + fastcgi_pass phpfcgi; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param HTTPS off; + + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + } + + location ~ \.php$ { + return 404; + } +} + +} diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..0bebfb8 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +#immediatly exit if a command fails: +set -e + +# waiting for the database to be ready +if [ -z "${DATABASE_HOST}" ]; then + while ! timeout 1 bash -c "cat < /dev/null > /dev/tcp/${DATABASE_HOST}/${DATABASE_PORT}" + do + echo "$(date) : waiting one second for database"; + sleep 1; + done + + echo "$(date) : the database is ready"; +else + echo "we assume the database is ready"; +fi + + +if [ $(id -u) = "0" ]; then + { \ + echo "[www]"; \ + echo ""; \ + echo "user=${PHP_FPM_USER}"; \ + echo "group=${PHP_FPM_GROUP}"; \ + } > /usr/local/etc/php-fpm.d/zz-user.conf +fi + +{ \ + echo ""; \ + echo "session.save_handler = redis" ; \ + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_PORT}?db=10\"" ; \ + echo "session.gc_maxlifetime = ${SESSION_LIFETIME}" ; \ +} >> /usr/local/etc/php/conf.d/custom.ini + +if [ "${APP_ENV}" = "prod" ]; then + composer dump-env "${APP_ENV}" + chmod +r /var/www/app/.env.local.php + + if [ "${PREVENT_MIGRATIONS}" != "true" ]; then + php /var/www/app/bin/console doctrine:migrations:status + php /var/www/app/bin/console doctrine:migrations:migrate -n + php /var/www/app/bin/console messenger:setup-transports + php /var/www/app/bin/console chill:db:sync-views + fi +fi + +if [ "${CLEAR_CACHE}" != "false" ]; then + #prepare cache + php /var/www/app/bin/console cache:clear --no-warmup + chgrp ${PHP_FPM_GROUP} /var/www/app/var/cache -R && chmod g+rw /var/www/app/var/cache -R + chgrp ${PHP_FPM_GROUP} /var/www/app/var/log -R && chmod g+rw /var/www/app/var/log -R +fi + +exec "${@}" +