Cache page assets during CI/CD

By default the container web address is now port 8080, so port mapping of -p 80:8080 will now be required

.dockerignore

@@ -1,10 +1,19 @@
 .dockerignore
 .editorconfig
 .env.testing
+.idea
 .git*
-docker/
+.phpunit.result.cache
+.styleci.yml
+node_modules/
+storage/debugbar
+storage/framework/cache/data
+storage/framework/sessions
+storage/framework/views
+storage/logs
 package.json
 package-lock.json
 phpunit.xml
+vendor/
 webpack.mix.js
 yarn.lock

.gitea/workflows/build_docker.yaml

@@ -0,0 +1,190 @@
+name: Create Docker Image
+run-name: ${{ gitea.actor }} Building Docker Image 🐳
+on: [push]
+env:
+  VERSION: latest
+  DOCKER_HOST: tcp://127.0.0.1:2375
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        arch:
+        - x86_64
+        # arm64
+
+    name: Test Application
+    runs-on: docker-${{ matrix.arch }}
+    container:
+      image: docker:dind
+      privileged: true
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git nodejs npm tar zstd
+        ## Some debugging info
+        # env|sort
+
+    - name: Code Checkout
+      uses: actions/checkout@v4
+
+    - name: Build Assets
+      run: |
+        # Build assets
+        npm i
+        npm run prod
+
+#    - name: Run Tests
+#      run: |
+#        mv .env.testing .env
+#        # Install Composer and project dependencies.
+#        mkdir -p ${COMPOSER_HOME}
+#        if [ -n "${{ secrets.COMPOSER_GITHUB_TOKEN }}" ]; then composer config github-oauth.github.com ${{ secrets.COMPOSER_GITHUB_TOKEN }}; fi
+#        composer install
+#        # Generate an application key. Re-cache.
+#        php artisan key:generate
+#        php artisan migrate
+#        php artisan db:seed
+#        # run laravel tests
+#        # XDEBUG_MODE=coverage php vendor/bin/phpunit --coverage-text --colors=never
+
+    - name: Cache page assets
+      id: cache-page-assets
+      uses: actions/cache@v3
+#      env:
+#        cache-name: page-assets
+      with:
+        path: |
+          public/css/app.css
+          public/js/app.js
+          public/js/vendor.js
+        #key: build-pla-page-assets-${{ hashFiles('**/package-lock.json') }}
+        key: build-pla-page-assets
+        #restore-keys: |
+        #  build-pla-page-assets-
+
+  build:
+    strategy:
+      matrix:
+        arch:
+        - x86_64
+        - arm64
+    needs: [test]
+
+    name: Build Docker Image
+    runs-on: docker-${{ matrix.arch }}
+    container:
+      image: docker:dind
+      privileged: true
+    env:
+      ARCH: ${{ matrix.arch }}
+      VERSIONARCH: ${{ env.VERSION }}-${{ env.ARCH }}
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git curl nodejs npm tar zstd
+        # Start docker
+        ( dockerd --host=tcp://0.0.0.0:2375 --tls=false & ) && sleep 3
+        ## Some debugging info
+        # docker info && docker version
+        # env|sort
+
+    - name: Registry FQDN Setup
+      id: registry
+      run: |
+        registry=${{ github.server_url }}
+        echo "registry=${registry##http*://}" >> "$GITHUB_OUTPUT"
+
+    - name: Container Registry Login
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ steps.registry.outputs.registry }}
+        username: ${{ gitea.actor }}
+        password: ${{ secrets.PKG_WRITE_TOKEN }}
+
+    - name: Code Checkout
+      uses: actions/checkout@v4
+
+    - name: Cache page assets
+      id: cache-page-assets
+      uses: actions/cache@v3
+#      env:
+#        cache-name: page-assets
+      with:
+        path: |
+          public/css/app.css
+          public/js/app.js
+          public/js/vendor.js
+        #key: build-pla-page-assets-${{ hashFiles('**/package-lock.json') }}
+        key: build-pla-page-assets
+        #restore-keys: |
+        #  build-pla-page-assets-
+
+    - if: ${{ steps.cache-page-assets.outputs.cache-hit != 'true' }}
+      name: List the state of page assets
+      continue-on-error: false
+      run: |
+        echo CACHE-HIT:${{ steps.cache-page-assets.outputs.cache-hit }}
+        ls -al public/css/
+        ls -al public/js/
+
+    - name: Record version and Delete Unnecessary files
+      run: |
+        echo ${GITHUB_SHA::8} > VERSION
+        rm -rf .git* tests/ storage/app/test/
+        ls -al public/css/
+        ls -al public/js/
+
+    - name: Build and Push Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: docker/Dockerfile
+        push: true
+        tags: "${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSIONARCH }}"
+
+  manifest:
+    name: Final Docker Image Manifest
+    runs-on: docker-x86_64
+    container:
+      image: docker:dind
+      privileged: true
+    needs: [build]
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git curl nodejs
+        # Start docker
+        ( dockerd --host=tcp://0.0.0.0:2375 --tls=false & ) && sleep 3
+
+    - name: Registry FQDN Setup
+      id: registry
+      run: |
+        registry=${{ github.server_url }}
+        echo "registry=${registry##http*://}" >> "$GITHUB_OUTPUT"
+
+    - name: Container Registry Login
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ steps.registry.outputs.registry }}
+        username: ${{ gitea.actor }}
+        password: ${{ secrets.PKG_WRITE_TOKEN }}
+
+    - name: Build Docker Manifest
+      run: |
+        docker manifest create ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }} \
+          ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-x86_64 \
+          ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-arm64
+        docker manifest push --purge ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}

.gitlab-ci.yml

@@ -1,38 +0,0 @@
-stages:
-- test
-- build
-- build-manifest
-
-variables:
-  DOCKER_HOST: tcp://docker:2375
-  VERSION: latest
-  VERSIONARCH: ${VERSION}-${ARCH}
-
-# This folder is cached between builds
-# http://docs.gitlab.com/ce/ci/yaml/README.html#cache
-cache:
-  key: ${CI_COMMIT_REF_SLUG}
-  paths:
-  - public/css/app.css
-  - public/js/app.js
-  - public/js/manifest.js
-  - public/js/vendor.js
-  - public/*/vendor/
-  - node_modules/
-  - vendor/
-
-image: docker:latest
-services:
-- docker:dind
-
-before_script:
-- docker info && docker version
-- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
-- if [ -n "$GITHUB_TOKEN" ]; then cat $GITHUB_TOKEN |base64 -d > auth.json; fi
-
-include:
-- .gitlab-test.yml
-- .gitlab-docker-x86_64.yml
-- .gitlab-docker-armv7l.yml
-- .gitlab-docker-arm64.yml
-- .gitlab-docker-manifest.yml

.gitlab-docker-arm64.yml

@@ -1,18 +0,0 @@
-arm64:build:
-  variables:
-    ARCH: arm64
-
-  stage: build
-
-  script:
-  - if [ -f init ]; then chmod 500 init; fi
-  - echo -n ${CI_COMMIT_SHORT_SHA} > VERSION
-  - rm -rf node_modules database/seeds database/schema database/factories/*
-  - docker build -f docker/Dockerfile -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
-
-  tags:
-  - docker
-  - arm64
-  only:
-  - master

.gitlab-docker-armv7l.yml

@@ -1,18 +0,0 @@
-armv7l:build:
-  variables:
-    ARCH: armv7l
-
-  stage: build
-
-  script:
-  - if [ -f init ]; then chmod 500 init; fi
-  - echo -n ${CI_COMMIT_SHORT_SHA} > VERSION
-  - rm -rf node_modules database/seeds database/schema database/factories/*
-  - docker build -f docker/Dockerfile -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
-
-  tags:
-  - docker
-  - armv7l
-  only:
-  - master

.gitlab-docker-manifest.yml

@@ -1,10 +0,0 @@
-x86_64:build-manifest:
-  stage: build-manifest
-  script:
-  - docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 ${CI_REGISTRY_IMAGE}:${VERSION}-armv7l ${CI_REGISTRY_IMAGE}:${VERSION}-arm64
-  - docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
-  tags:
-  - docker
-  - x86_64
-  only:
-  - master

.gitlab-docker-x86_64.yml

@@ -1,18 +0,0 @@
-x86_64:build:
-  variables:
-    ARCH: x86_64
-
-  stage: build
-
-  script:
-  - if [ -f init ]; then chmod 500 init; fi
-  - echo -n ${CI_COMMIT_SHORT_SHA} > VERSION
-  - rm -rf node_modules database/seeds database/schema database/factories/*
-  - docker build -f docker/Dockerfile -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
-
-  tags:
-  - docker
-  - x86_64
-  only:
-  - master

.gitlab-test.yml

@@ -1,52 +0,0 @@
-test:
-  image: ${CI_REGISTRY}/leenooks/php:8.3-fpm-ldap-test
-
-  stage: test
-
-  # NOTE: This service is dependant on project file configuration, which is not there if the cache was deleted
-  #       resulting in the testing to fail on the first run.
-  services:
-  - name: osixia/openldap:latest
-    alias: test_ldap
-    command: ["--loglevel","debug"]
-
-  variables:
-    LDAP_SEED_INTERNAL_LDIF_PATH: "${CI_PROJECT_DIR}/tests/server/openldap/data"
-    LDAP_SEED_INTERNAL_SCHEMA_PATH: "${CI_PROJECT_DIR}/tests/server/openldap/schema"
-    LDAP_BASE_DN: "dc=Test"
-    LDAP_DOMAIN: "Test"
-    LDAP_ADMIN_PASSWORD: test
-    #CI_DEBUG_SERVICES: "true"
-
-  tags:
-  - php
-  only:
-  - master
-
-  before_script:
-  - mv .env.testing .env
-
-  # Install npm and dependancies
-  - apk add --no-cache npm
-  - npm i
-  - npm run prod
-
-  # Install Composer and project dependencies.
-  - mkdir -p ${COMPOSER_HOME}
-  - if [ -n "$GITHUB_TOKEN" ]; then cat $GITHUB_TOKEN |base64 -d > ${COMPOSER_HOME}/auth.json; fi
-  - composer install
-
-  # Generate an application key. Re-cache.
-  - php artisan key:generate
-
-  script:
-  # Sleep if we need to, in case we want to jump in and see what is going on during the test
-  - if [ -n "$DEBUG_PAUSE" ]; then echo "Pausing for $DEBUG_PAUSE seconds, so you can jump into the containers"; sleep $DEBUG_PAUSE; fi
-  # run laravel tests
-  - XDEBUG_MODE=coverage php vendor/bin/phpunit --coverage-text --colors=never
-
-  # run frontend tests
-  # if you have any task for testing frontend
-  # set it in your package.json script
-  # comment this out if you don't have a frontend test
-  # npm test

docker/Dockerfile

@@ -1,10 +1,40 @@
-FROM registry.dege.au/leenooks/php:8.3-fpm-ldap
+FROM dunglas/frankenphp:latest-php8.3-alpine
+
+# Base
+RUN apk add --no-cache bash
+
+# Additional extensions:
+RUN install-php-extensions \
+    ldap \
+    memcached
+
+RUN curl -4 https://getcomposer.org/installer|php -- --install-dir=/usr/local/bin --filename=composer
+ENV COMPOSER_HOME=/var/cache/composer
+
+ENV SITE_USER=www-data
+
+COPY docker/init-docker /sbin/init-docker
+RUN chmod 550 /sbin/init-docker && chown ${SITE_USER}:0 /sbin/init-docker
 
 COPY . /var/www/html/
+WORKDIR /var/www/html
 
-RUN mkdir -p ${COMPOSER_HOME} && \
-	([ -r auth.json ] && mv auth.json ${COMPOSER_HOME}) || true && \
-	touch .composer.refresh && \
-	mv .env.example .env && \
-	FORCE_PERMS=1 NGINX_START=FALSE /sbin/init && \
-	rm -rf ${COMPOSER_HOME}/* composer.lock
+RUN mkdir -p ${COMPOSER_HOME} \
+	&& ([ -r auth.json ] && mv auth.json ${COMPOSER_HOME}) || true \
+	&& touch .composer.refresh \
+	&& mv .env.example .env \
+	&& FORCE_PERMS=1 /sbin/init-docker \
+	&& rm -rf ${COMPOSER_HOME}/* composer.lock
+
+# Fix start up items
+RUN sed -i -e 's/^{$CADDY_EXTRA_CONFIG}$/{$CADDY_EXTRA_CONFIG} /' /etc/caddy/Caddyfile
+RUN chown ${SITE_USER} /config/caddy /data/caddy
+
+USER ${SITE_USER}
+
+# Control which port to open
+ENV SERVER_NAME=:8080
+EXPOSE 8080
+
+ENTRYPOINT [ "/sbin/init-docker" ]
+CMD [ "--config","/etc/caddy/Caddyfile","--adapter","caddyfile" ]

docker/init-docker

@@ -0,0 +1,173 @@
+#!/bin/bash
+
+set -e
+role=${CONTAINER_ROLE:-app}
+env=${APP_ENV:-production}
+php=${PHP_DIR:-/var/www/html}
+composer=${COMPOSER_HOME:-/var/cache/composer}
+
+RUN_USER=$(id -u -n)
+SITE_USER=${SITE_USER:-www-data}
+MEMCACHED_START=${MEMCACHED_START:-FALSE}
+[ "${RUN_USER}" = "deon" ] && USE_SU=1
+
+# To run a local queue, running jobs from the queue "hostname"
+LOCAL_QUEUE=${LOCAL_QUEUE:-FALSE}
+# Optional additional queues to run for
+#LOCAL_QUEUES=
+
+function mp() {
+	set +e
+	mountpoint -q $1
+	local mp=$?
+	set -e
+	echo ${mp}
+}
+
+function wait_for_db() {
+	# Wait for DB to be active
+	if [ -n "${DB_HOST}" -a -n "${DB_PORT}" ]; then
+		while ! wait-for-it -h ${DB_HOST} -p ${DB_PORT} -t 5 -q; do
+			echo "? Waiting for database at ${DB_HOST}:${DB_PORT}"
+			sleep 1;
+		done
+		echo "- DB is active on ${DB_HOST}:${DB_PORT}"
+	fi
+}
+
+echo "* Started with [$@]"
+
+# Run any container setup
+[ -x /sbin/init-container ] && /sbin/init-container
+
+# General Setup
+if [ -x /usr/bin/memcached -a "${MEMCACHED_START}" == "TRUE" ]; then
+	echo "* Starting MEMCACHED..."
+	/usr/bin/memcached -d -P /run/memcached/memcached.pid -u memcached
+fi
+
+# Laravel Specific
+if [ -r artisan -a -e ${php}/.env ]; then
+	echo "* Laravel Setup..."
+	mp=$(mp ${php})
+	echo "  - [${php}] is a mount point [${mp}]"
+
+	# Only adjust perms if this is an external mountpoint
+	if [ -n "${FORCE_PERMS}" -o ${mp} -eq 0 ]; then
+		if [ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ]; then
+			echo "  - Setting Permissions..."
+			# Make sure our permissions are appropraite
+			find ${php} -type f -exec chmod 640 {} \;
+			find ${php} -type d -exec chmod 750 {} \;
+			find ${php}/public -type f -exec chmod 644 {} \;
+			find ${php}/public -type d -exec chmod 755 {} \;
+			chmod o+rx ${php}
+			chmod a+rx ${php}/artisan
+			chown -R ${SITE_USER}:www-data ${php}
+
+			#if [ "${SITE_USER}" -ne "www-data" ]; then
+			#	echo " - Extended Permissions for ${SITE_USER}..."
+			#	chown -R www-data:www-data ${php}/storage ${php}/bootstrap ${php}/composer.*
+			#	[ -e ${php}/vendor ] && chown -R www-data:www-data ${php}/vendor
+			#fi
+		fi
+	fi
+
+	# See if we need to refresh our dependancies (only need if web dir is externally mounted)
+	if [[ -r composer.json && ( -e .composer.refresh || ! -d vendor ) ]]; then
+		echo "  - Composer installing dependancies..."
+
+		rm -f ${php}/bootstrap/cache/*.php
+		if [ "${env}" != "local" ]; then
+			NODEV="--no-dev"
+		fi
+
+		mp=$(mp ${composer})
+		echo "  - [${composer}] is a mount point [${mp}]"
+
+		if [ -n "${FORCE_PERMS}" -o ${mp} -eq 0 ]; then
+			[ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && chown -R ${SITE_USER}:www-data ${composer}
+			[ ! -d ${php}/vendor ] && mkdir -m 750 ${php}/vendor && chown ${SITE_USER}:www-data ${php}/vendor
+			[ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && chmod g+w ${php}
+		fi
+
+		CMD="composer install --optimize-autoloader ${NODEV}"
+		(( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}) && ( test -e .composer.refresh && rm -f .composer.refresh )
+		[ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && [ ${mp} -eq 0 ] && chmod g-w ${php}
+	fi
+
+	# We only check for non mount points, in case this container has the app inside
+	mp=$(mp ${php})
+	if [ ${mp} -eq 1 ]; then
+		echo "  - Caching configuration..."
+		CMD="php artisan optimize"
+		( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+	fi
+
+	if [ "${role}" = "app" ]; then
+		if [ "${env}" != "local" ]; then
+			if [ -z "${IGNORE_MIGRATION}" ]; then
+				if [ -r .migrate ]; then
+					echo "  - Running migration..."
+					# If DB_HOST not set, source the env file
+					[ -z "${DB_HOST}" -a -r .env ] && . .env
+
+					wait_for_db
+
+					CMD="php artisan migrate"
+					(( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}) && rm -f .migrate
+				fi
+			else
+				[ -r .migrate ] && echo "! NOTE: Migration ignored due to IGNORE_MIGRATION"
+			fi
+
+			# If passport is installed
+			if [ -d ${php}/vendor/laravel/passport ]; then
+				echo "  - Generating OAUTH keys ..."
+				set +e
+				CMD="php artisan passport:keys"
+				( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+				set -e
+			fi
+		fi
+
+		if [ "${LOCAL_QUEUE}" = "TRUE" ]; then
+			echo "  - Starting local queue for [$(hostname)${LOCAL_QUEUES:+,${LOCAL_QUEUES}}] with job timeout of [${WORK_TIMEOUT:-90}], trying [${WORK_TRIES:-1}] times..."
+			CMD="(while true; do php ${PHP_OPTIONS} artisan queue:work --verbose --tries=${WORK_TRIES:-1} --timeout=${WORK_TIMEOUT:-90} --queue=$(hostname)${LOCAL_QUEUES:+,${LOCAL_QUEUES}} ${WORK_MEMORY:+--memory=${WORK_MEMORY}} ${WORK_ONCE:+--once}; done) &"
+			( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+		fi
+
+		set +e
+		[ -x init-php.sh ] && (( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "init-php.sh &" ) || init-php.sh &)
+
+		exec /usr/local/bin/docker-php-entrypoint "$@"
+
+	elif [ "$role" = "queue" ]; then
+		QUEUE_CMD=work
+
+		if [ "${env}" == "local" ]; then
+			QUEUE_CMD=listen
+		fi
+
+		echo "  - Running the queue..."
+		# We'll delay starting in case the app is caching
+		sleep 15
+
+		wait_for_db
+
+		CMD="while true; do php ${PHP_OPTIONS} artisan queue:${QUEUE_CMD} --verbose --tries=${WORK_TRIES:-1} --timeout=${WORK_TIMEOUT:-90} ${WORK_QUEUES:+--queue=${WORK_QUEUES}} ${WORK_MEMORY:+--memory=${WORK_MEMORY}} ${WORK_ONCE:+--once}; done"
+		( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+
+	elif [ "$role" = "scheduler" ]; then
+		echo "  - Running the scheduler..."
+		# We'll delay starting in case the app is caching
+		sleep 15
+
+		CMD="while true; do php ${PHP_OPTIONS} artisan schedule:work --verbose --no-interaction; done"
+		( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+	fi
+
+else
+	echo "? NO container role \"${role}\", AND/OR no laravel install, just starting php-fpm"
+	exec /usr/local/bin/docker-php-entrypoint "$@"
+fi