add chill-deploy bundle + fixes

2024-07-03 12:44:55 +02:00 · 2024-07-03 12:44:55 +02:00 · e27fcdfb71
commit e27fcdfb71
parent 03de4e5cc7
11 changed files with 500 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,13 @@
+vendor/*/*/vendor/*
+vendor/*/*/tests/*
+vendor/bin/.php*
+.pgadmin4*
+app/config/parameters.yml
+.composer*
+.git*
+.yarncache/*
+.node_modules/*
+build/*
+var/*
+vendor/chill-project/chill-bundles/.psalm/*
+
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,81 @@
+---
+kind: pipeline
+type: docker
+name: build-images
+
+image_pull_secrets:
+    - dockerconfig
+
+trigger:
+    event:
+        - tag
+
+steps:
+    - name: build-base-image
+      image: plugins/docker
+      settings:
+          username:
+              from_secret: docker_username
+          password:
+              from_secret: docker_password
+          registry: h3m6q87t.gra7.container-registry.ovh.net
+          repo: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base
+          tag: latest
+          target: chill_base_php82
+          pull_image: true
+          cache_from:
+              - h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base:latest
+              - chill/base-image:latest
+
+    - name: composer-install
+      image: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base:latest
+      pull: always
+      commands:
+          - composer install --no-scripts --no-interaction
+      depends_on:
+          - build-base-image
+
+    - name: build-assets
+      image: node:20
+      pull: always
+      commands:
+          - yarn install
+          - yarn list
+          - yarn run encore production
+      depends_on:
+          - composer-install
+
+    - name: build-image-php
+      image: plugins/docker
+      settings:
+          pull_image: true
+          username:
+              from_secret: docker_username
+          password:
+              from_secret: docker_password
+          registry: h3m6q87t.gra7.container-registry.ovh.net
+          repo: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php
+          tag:
+            - ${DRONE_TAG}
+          cache_from:
+              - h3m6q87t.gra7.container-registry.ovh.net/chillbasics/php-base:latest
+              - chill/base-image:latest
+      depends_on:
+          - build-assets
+          - composer-install
+
+    - name: build-image-nginx
+      image: plugins/docker
+      settings:
+          pull_image: true
+          username:
+              from_secret: docker_username
+          password:
+              from_secret: docker_password
+          registry: h3m6q87t.gra7.container-registry.ovh.net
+          repo: h3m6q87t.gra7.container-registry.ovh.net/chillbasics/nginx
+          tag:
+            - ${DRONE_TAG}
+          Dockerfile: docker/nginx/Dockerfile
+      depends_on:
+          - build-assets
--- a/.gitea/workflows/release/update-composer-lock.yaml
+++ b/.gitea/workflows/release/update-composer-lock.yaml
@ -0,0 +1,59 @@
+name: Prepare release for chill app
+run-name: Update composer.lock and dependencies for preparing a release
+
+on:
+    push:
+        branches:
+            - 'release/**'
+
+jobs:
+    update-deps:
+        runs-on: ubuntu-latest
+        steps:
+            - name: check out repository
+              uses: https://github.com/actions/checkout@v4
+            - name: get the previous chill version
+              # parse the composer.lock file using jq to get the chill version before the upgrade
+              id: chill-before
+              uses: https://github.com/sergeysova/jq-action@v2
+              with:
+                cmd: 'cat composer.lock | jq --raw-output ''.packages[] | select ( .name | contains ("chill-project/chill-bundles")) | .version'''
+            - name: run composer update to update composer.lock
+              uses: docker://gitea.champs-libres.be/chill-project/chill-skeleton-basic/base-image:latest
+              with:
+                  # this is where we set the command to execute
+                  args: composer update --no-install
+            - name: is composer.lock changed ?
+              id: composer-lock-changed
+              run: 'echo is_composer_lock_changed=$(git diff --name-only | grep "composer\.lock" | wc -l) >> $GITHUB_OUTPUT'
+            - name: get the new chill version
+              # parse the composer.lock file using jq to get the chill version after the upgrade
+              id: chill-after
+              uses: https://github.com/sergeysova/jq-action@v2
+              with:
+                cmd: 'cat composer.lock | jq --raw-output ''.packages[] | select ( .name | contains ("chill-project/chill-bundles")) | .version'''
+            - name: add a changie file for the upgrade
+              uses: https://github.com/miniscruff/changie-action@v2
+              if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }}
+              with:
+                version: latest
+                args: 'new --body "Update dependencies. Chill-bundles upgraded from ${{ steps.chill-before.outputs.value }} to ${{ steps.chill-after.outputs.value }}" --kind Release --custom "Issue=0"'
+            - name: changie batch
+              if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }}
+              uses: https://github.com/miniscruff/changie-action@v2
+              with:
+                version: latest
+                args: 'batch auto'
+            - name: changie merge
+              if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }}
+              uses: https://github.com/miniscruff/changie-action@v2
+              with:
+                version: latest
+                args: 'merge'
+            - name: commit changed files
+              if: ${{ steps.composer-lock-changed.outputs.is_composer_lock_changed == 1 }}
+              uses: https://github.com/stefanzweifel/git-auto-commit-action@v5
+              with:
+                  commit_message: "update composer.lock and file (automatic update)"
+                  commit_user_name: Action Bot
+                  commit_user_email: bot@chill.social
--- a/102
+++ b/102
@ -0,0 +1,102 @@
+FROM php:8.2-fpm-alpine AS chill_base_php82
+
+ENV POSTGRES_VERSION 14
+
+# default UID for the PHP user
+ARG UID=1000
+ARG GID=1000
+
+# install php extensions and deps
+RUN apk update && apk add --no-cache \
+    wget gnupg \
+    libpq-dev \
+    icu-dev icu-libs icu-data-full \
+    oniguruma-dev \
+    libzip libzip-dev \
+    linux-headers \
+    gcc g++ make autoconf \
+    bash git \
+    && docker-php-ext-install pdo_pgsql intl mbstring zip bcmath exif sockets \
+    && git clone https://github.com/nikic/php-ast.git \
+    && cd php-ast \
+    && phpize \
+    && ./configure \
+    && make install \
+    && echo 'extension=ast.so' > /usr/local/etc/php/php.ini \
+    && cd .. && rm -rf php-ast \
+    && pecl install redis \
+    && docker-php-ext-enable redis \
+    && apk add libpng-dev libjpeg-turbo-dev freetype-dev \
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install -j$(nproc) gd \
+    && apk add postgresql${POSTGRES_VERSION}-client \
+    && apk del --purge wget gnupg libpq-dev icu-dev oniguruma-dev libzip-dev linux-headers gcc g++ make autoconf
+
+RUN { \
+    echo ""; \
+    echo "memory_limit = 512M"; \
+    echo ""; \
+    } >> /usr/local/etc/php/conf.d/memory_limit.ini
+
+RUN { \
+    echo ""; \
+    echo "[Date]"; \
+    echo "date.timezone = Europe/Brussels"; \
+    echo ""; \
+    } >> /usr/local/etc/php/conf.d/date.ini
+
+# temporary fix, while php-cs-fixer has conflict dependencies
+# with chill
+RUN curl -o /usr/local/bin/php-cs-fixer https://cs.symfony.com/download/php-cs-fixer-v3.phar \
+    && chmod +x /usr/local/bin/php-cs-fixer
+# to make php-cs-fixer works with php 8.2
+ENV PHP_CS_FIXER_IGNORE_ENV=1
+
+COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+ENV COMPOSER_ALLOW_SUPERUSER=1
+ENV COMPOSER_MEMORY_LIMIT=-1
+
+# shell bash preference
+RUN sed -i " \
+    s|root:x:0:0:root:/root:/bin/ash|root:x:0:0:root:/root:/bin/bash|g; \
+    s|postgres:x:70:70:PostgreSQL user:/var/lib/postgresql:/bin/sh|postgres:x:70:70:PostgreSQL user:/var/lib/postgresql:/bin/bash|g" \
+    /etc/passwd
+
+# chmod on redis.so
+RUN chmod 755 -R /usr/local/lib/php/extensions/
+
+WORKDIR /var/www/app
+
+CMD ["php-fpm"]
+
+FROM chill_base_php82 AS chill_php82
+
+# copy directories
+
+COPY ./bin    /var/www/app/bin/.
+COPY ./composer.* /var/www/app/
+COPY ./config    /var/www/app/config/.
+COPY ./migrations /var/www/app/migrations/.
+COPY ./public    /var/www/app/public/.
+COPY ./src    /var/www/app/src/.
+COPY ./templates /var/www/app/templates/.
+COPY ./translations /var/www/app/translations/.
+COPY ./vendor /var/www/app/vendor/.
+
+COPY ./.env /var/www/app/.env
+
+# import the manifest.json file
+COPY ./public/build/manifest.json /var/www/app/public/build/manifest.json
+
+ADD ./entrypoint.sh /.
+
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+ENV PHP_FPM_USER=www-data \
+    PHP_FPM_GROUP=www-data \
+    COMPOSER_HOME=/var/www/app/.composer \
+    SESSION_LIFETIME=10800
+
+CMD [ "php-fpm" ]
--- a/docker/db/docker-entrypoint-initdb.d/0000-add-extensions.sql
+++ b/docker/db/docker-entrypoint-initdb.d/0000-add-extensions.sql
@ -0,0 +1,2 @@
+CREATE EXTENSION UNACCENT;
+
--- a/docker/logstash/Dockerfile
+++ b/docker/logstash/Dockerfile
@ -0,0 +1,8 @@
+FROM docker.elastic.co/logstash/logstash-oss:8.1.0-amd64
+
+RUN \
+  bin/logstash-plugin install logstash-output-gelf \
+  && bin/logstash-plugin install logstash-input-gelf
+
+COPY ./pipeline /usr/share/logstash/pipeline/
+
--- a/docker/logstash/pipeline/logstash.conf
+++ b/docker/logstash/pipeline/logstash.conf
@ -0,0 +1,16 @@
+input {
+  gelf {
+    # input for php logs
+    port => 12201
+    add_field => [ 'source', "php" ]
+  }
+}
+
+
+filter {
+
+}
+
+output {
+  stdout { }
+}
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@ -0,0 +1,10 @@
+FROM nginx
+
+COPY ./public /var/www/app/public
+
+# gz encode builded files
+
+RUN gzip -9 -k -f -r /var/www/app/public/build/*
+
+COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
+
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@ -0,0 +1,71 @@
+upstream phpfcgi {
+    server php:9000;
+    # server unix:/var/run/php5-fpm.sock; #for PHP-FPM running on UNIX socket
+}
+
+server {
+    listen 80;
+
+    # only for getting traffic from collabora, when opening nginx:8001
+    listen 8001;
+
+    #server_name symfony4;
+    root /var/www/app/public;
+
+    error_log /dev/stderr;
+    access_log /dev/stdout main;
+
+    location / {
+        index index.php;
+        try_files $uri /index.php$is_args$args;
+    }
+
+    location /build/ {
+        expires 30d;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+
+        gzip_static on;
+        gzip_types
+          application/atom+xml
+          application/geo+json
+          application/javascript
+          application/x-javascript
+          application/json
+          application/ld+json
+          application/manifest+json
+          application/rdf+xml
+          application/rss+xml
+          application/xhtml+xml
+          application/xml
+          font/eot
+          font/otf
+          font/ttf
+          image/svg+xml
+          text/css
+          text/javascript
+          text/plain
+          text/xml;
+    }
+
+    location ~ ^/index\.php(/|$) {
+        fastcgi_pass phpfcgi;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $document_root;
+        fastcgi_param HTTPS off;
+
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        proxy_buffer_size 16k;
+        proxy_busy_buffers_size 16k;
+
+        http2_push_preload on;
+    }
+
+    location ~ \.php$ {
+        return 404;
+    }
+}
--- a/docker/nginx/nginx.with-collabora.conf
+++ b/docker/nginx/nginx.with-collabora.conf
@ -0,0 +1,82 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /dev/stdout main;
+    error_log /dev/stderr;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip  off;
+
+    #include /etc/nginx/conf.d/*.conf;
+
+    # permet l'upload de fichiers
+    client_max_body_size 3M;
+
+upstream phpfcgi {
+    server php:9000;
+    # server unix:/var/run/php5-fpm.sock; #for PHP-FPM running on UNIX socket
+}
+
+server {
+    listen 80;
+    listen 8001;
+
+    #server_name symfony4;
+    root /var/www/app/public;
+
+    error_log /dev/stderr;
+    access_log /dev/stdout main;
+
+    location / {
+        index index.php;
+        try_files $uri /index.php$is_args$args;
+    }
+
+    location /build/ {
+        expires 30d;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+    }
+
+    location ~ ^/index\.php(/|$) {
+        fastcgi_pass phpfcgi;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $document_root;
+        fastcgi_param HTTPS off;
+
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        proxy_buffer_size 16k;            
+        proxy_busy_buffers_size 16k;
+    }
+
+    location ~ \.php$ {
+        return 404;
+    }
+}
+
+}
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+
+#immediatly exit if a command fails:
+set -e
+
+# waiting for the database to be ready
+if [ -z "${DATABASE_HOST}" ]; then
+  while ! timeout 1 bash -c "cat < /dev/null > /dev/tcp/${DATABASE_HOST}/${DATABASE_PORT}"
+  do
+    echo "$(date) : waiting one second for database";
+    sleep 1;
+  done
+
+  echo "$(date) : the database is ready";
+else
+  echo "we assume the database is ready";
+fi
+
+
+if [ $(id -u) = "0" ]; then
+  { \
+    echo "[www]"; \
+    echo ""; \
+    echo "user=${PHP_FPM_USER}"; \
+    echo "group=${PHP_FPM_GROUP}"; \
+  } > /usr/local/etc/php-fpm.d/zz-user.conf
+fi
+
+{ \
+    echo ""; \
+    echo "session.save_handler = redis" ; \
+    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_PORT}?db=10\"" ; \
+    echo "session.gc_maxlifetime = ${SESSION_LIFETIME}" ; \
+} >> /usr/local/etc/php/conf.d/custom.ini
+
+if [ "${APP_ENV}" = "prod" ]; then
+  composer dump-env "${APP_ENV}"
+  chmod +r /var/www/app/.env.local.php
+
+  if [ "${PREVENT_MIGRATIONS}" != "true" ]; then
+    php /var/www/app/bin/console doctrine:migrations:status
+    php /var/www/app/bin/console doctrine:migrations:migrate -n
+    php /var/www/app/bin/console messenger:setup-transports
+    php /var/www/app/bin/console chill:db:sync-views
+  fi
+fi
+
+if [ "${CLEAR_CACHE}" != "false" ]; then
+  #prepare cache
+  php /var/www/app/bin/console cache:clear --no-warmup
+  chgrp ${PHP_FPM_GROUP} /var/www/app/var/cache -R && chmod g+rw /var/www/app/var/cache -R
+  chgrp ${PHP_FPM_GROUP} /var/www/app/var/log   -R && chmod g+rw /var/www/app/var/log   -R
+fi
+
+exec "${@}"
+