-
-
Notifications
You must be signed in to change notification settings - Fork 102
Expand file tree
/
Copy pathDockerfile
More file actions
101 lines (89 loc) · 3.27 KB
/
Dockerfile
File metadata and controls
101 lines (89 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# TODO: Refactor Docker with stricter permissions & modernized tooling
# Stage 0:
# Build the frontend (only if not in dev mode)
FROM --platform=$TARGETOS/$TARGETARCH node:lts-alpine AS frontend
ARG DEV=false
WORKDIR /app
RUN if [ "$DEV" = "false" ]; then \
apk add --no-cache git \
&& npm install -g corepack@latest turbo \
&& corepack enable \
&& echo "Building frontend"; \
fi
COPY pnpm-lock.yaml package.json ./
RUN if [ "$DEV" = "false" ]; then \
pnpm fetch \
&& echo "Fetched dependencies"; \
fi
COPY . .
RUN if [ "$DEV" = "false" ]; then \
pnpm install --frozen-lockfile \
&& pnpm run ship; \
fi
# Stage 1:
# Build the actual container with all of the needed PHP dependencies that will run the application
FROM --platform=$TARGETOS/$TARGETARCH php:8.4-fpm-alpine AS php
ARG DEV=false
WORKDIR /app
# Build-time deps & PHP extensions
RUN apk add --no-cache --virtual .build-deps \
libpng-dev libxml2-dev libzip-dev postgresql-dev \
&& docker-php-ext-configure zip \
&& docker-php-ext-install bcmath gd pdo pdo_mysql pdo_pgsql zip \
&& apk del .build-deps \
&& apk add --no-cache \
libpng libxml2 libzip libpq
# Runtime packages
RUN apk add --no-cache \
ca-certificates curl git supervisor nginx dcron \
tar unzip certbot certbot-nginx mysql-client postgresql17-client \
&& ln -s /bin/ash /bin/bash
# Copy frontend build
COPY . ./
RUN if [ "$DEV" = "false" ]; then \
echo "Copying frontend build"; \
else \
mkdir -p public/assets public/build; \
fi
COPY --from=frontend /app/public/assets public/assets
COPY --from=frontend /app/public/build public/build
# Fetch & install Composer packages
COPY composer.json composer.lock ./
RUN curl -sS https://getcomposer.org/installer \
| php -- --install-dir=/usr/local/bin --filename=composer \
&& composer install --no-dev --optimize-autoloader
# Clean up image for dev environment
# This is because we share local files with the container
RUN if [ "$DEV" = "true" ]; then \
echo "Cleaning up"; \
find . \
-mindepth 1 \
\( -path './vendor*' \) -prune \
-o \
-exec rm -rf -- {} \; \
>/dev/null 2>&1; \
fi; \
exit 0
# Env, directories, permissions
RUN mkdir -p bootstrap/cache storage/logs storage/framework/sessions storage/framework/views storage/framework/cache; \
rm -rf bootstrap/cache/*.php; \
chown -R nginx:nginx .; \
chmod -R 777 bootstrap storage; \
cp .env.example .env || true;
# Cron jobs & NGINX tweaks
RUN rm /usr/local/etc/php-fpm.conf \
&& { \
echo "* * * * * /usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1"; \
echo "0 23 * * * certbot renew --nginx --quiet"; \
} > /var/spool/cron/crontabs/root \
&& sed -i 's/ssl_session_cache/#ssl_session_cache/' /etc/nginx/nginx.conf \
&& mkdir -p /var/run/php /var/run/nginx
# Configs
COPY --chown=nginx:nginx .github/docker/default.conf /etc/nginx/http.d/default.conf
COPY --chown=nginx:nginx .github/docker/www.conf /usr/local/etc/php-fpm.conf
COPY --chown=nginx:nginx .github/docker/supervisord.conf /etc/supervisord.conf
RUN rm -rf bootstrap/cache/*.php \
&& rm -rf storage/framework/* || true
EXPOSE 80 443
ENTRYPOINT [ "/bin/ash", ".github/docker/entrypoint.sh" ]
CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]