Dont call artisan optimize if BUILD is set

.gitea/workflows/build_docker.yaml

@@ -0,0 +1,190 @@
+name: Create Docker Image
+run-name: ${{ gitea.actor }} Building Docker Image 🐳
+on: [push]
+env:
+  VERSION: 8.4
+  DOCKER_HOST: tcp://127.0.0.1:2375
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        arch:
+        - x86_64
+        - arm64
+
+    name: Build Docker Image
+    runs-on: docker-${{ matrix.arch }}
+    container:
+      image: docker:dind
+      privileged: true
+    env:
+      ARCH: ${{ matrix.arch }}
+      VERSIONARCH: ${{ env.VERSION }}-${{ env.ARCH }}
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git curl nodejs
+        # Start docker
+        ( dockerd --host=tcp://0.0.0.0:2375 --tls=false & ) && sleep 3
+        ## Some debugging info
+        # docker info && docker version
+        # env|sort
+
+    - name: Registry FQDN Setup
+      id: registry
+      run: |
+        registry=${{ github.server_url }}
+        echo "registry=${registry##http*://}" >> "$GITHUB_OUTPUT"
+
+    - name: Container Registry Login
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ steps.registry.outputs.registry }}
+        username: ${{ gitea.actor }}
+        password: ${{ secrets.PKG_WRITE_TOKEN }}
+
+    - name: Code Checkout
+      uses: actions/checkout@v4
+
+    - name: Build and Push Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: docker/Dockerfile
+        push: true
+        tags: "${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSIONARCH }}"
+
+  manifest:
+    name: Final Docker Image Manifest
+    runs-on: docker-x86_64
+    container:
+      image: docker:dind
+      privileged: true
+    needs: [build]
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git curl nodejs
+        # Start docker
+        ( dockerd --host=tcp://0.0.0.0:2375 --tls=false & ) && sleep 3
+
+    - name: Registry FQDN Setup
+      id: registry
+      run: |
+        registry=${{ github.server_url }}
+        echo "registry=${registry##http*://}" >> "$GITHUB_OUTPUT"
+
+    - name: Container Registry Login
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ steps.registry.outputs.registry }}
+        username: ${{ gitea.actor }}
+        password: ${{ secrets.PKG_WRITE_TOKEN }}
+
+    - name: Build Docker Manifest
+      run: |
+        docker manifest create ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }} \
+          ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-x86_64 \
+          ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-arm64
+        docker manifest push --purge ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}
+
+  test:
+    strategy:
+      matrix:
+        arch:
+        - x86_64
+        # arm64
+
+    name: Build Docker Test Image
+    runs-on: docker-${{ matrix.arch }}
+    container:
+      image: docker:dind
+      privileged: true
+    env:
+      ARCH: ${{ matrix.arch }}
+      VERSIONARCH: ${{ env.VERSION }}-test-${{ env.ARCH }}
+    needs: [manifest]
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git curl nodejs
+        # Start docker
+        ( dockerd --host=tcp://0.0.0.0:2375 --tls=false & ) && sleep 3
+        ## Some debugging info
+        # docker info && docker version
+        # env|sort
+
+    - name: Registry FQDN Setup
+      id: registry
+      run: |
+        registry=${{ github.server_url }}
+        echo "registry=${registry##http*://}" >> "$GITHUB_OUTPUT"
+
+    - name: Container Registry Login
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ steps.registry.outputs.registry }}
+        username: ${{ gitea.actor }}
+        password: ${{ secrets.PKG_WRITE_TOKEN }}
+
+    - name: Code Checkout
+      uses: actions/checkout@v4
+
+    - name: Build and Push Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: docker/Dockerfile.phptest
+        push: true
+        tags: "${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSIONARCH }}"
+
+  manifest-test:
+    name: Final Docker Test Image Manifest
+    runs-on: docker-x86_64
+    container:
+      image: docker:dind
+      privileged: true
+    needs: [test]
+
+    steps:
+    - name: Environment Setup
+      run: |
+        # If we have a proxy use it
+        if [ -n "${HTTP_PROXY}" ]; then echo "HTTP PROXY [${HTTP_PROXY}]"; sed -i -e s'/https/http/' /etc/apk/repositories; fi
+        # Some pre-reqs
+        apk add git curl nodejs
+        # Start docker
+        ( dockerd --host=tcp://0.0.0.0:2375 --tls=false & ) && sleep 3
+
+    - name: Registry FQDN Setup
+      id: registry
+      run: |
+        registry=${{ github.server_url }}
+        echo "registry=${registry##http*://}" >> "$GITHUB_OUTPUT"
+
+    - name: Container Registry Login
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ steps.registry.outputs.registry }}
+        username: ${{ gitea.actor }}
+        password: ${{ secrets.PKG_WRITE_TOKEN }}
+
+    - name: Build Docker Manifest
+      run: |
+        docker manifest create ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-test \
+          ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-test-x86_64
+          #${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-test-arm64
+        docker manifest push --purge ${{ steps.registry.outputs.registry }}/${{ env.GITHUB_REPOSITORY }}:${{ env.VERSION }}-test

.gitlab-ci.yml

@@ -1,58 +0,0 @@
-image: docker:latest
-
-stages:
-- test
-- build
-- build-test
-
-variables:
-  BRANCH: mp
-  VERSION: 8.0-fpm-${BRANCH}
-  CACHETAG: build-${BRANCH}
-  DOCKER_HOST: tcp://docker:2375
-
-services:
-- docker:dind
-
-before_script:
-- docker info
-- docker version
-- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
-
-test:
-  stage: test
-  script:
-  - cat /etc/hosts
-  - env|sort
-  - docker build -t ${CI_REGISTRY_IMAGE}:${VERSION} .
-  - docker images
-  only:
-  - debug
-
-x86_64:build:
-  stage: build
-  script:
-  - if [ -f init ]; then chmod 500 init; fi
-  - ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || true
-  - docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSION}
-  - docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
-  - apk add curl && curl -LX POST --post301 -F token=${TRIGGER_TOKEN} -F ref=plus ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/trigger/pipeline
-  tags:
-  - docker
-  - x86_64
-  only:
-  - mysql
-
-x86_64:build-test:
-  stage: build-test
-  script:
-  - if [ -f init ]; then chmod 500 init; fi
-  - ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || true
-  - docker build --file Dockerfile.phptest --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION}-test .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSION}-test
-  tags:
-  - docker
-  - x86_64
-  only:
-  - mysql

Dockerfile

@@ -1,53 +0,0 @@
-# NAME leenooks/php
-# VERSION 8.0-fpm-mp
-
-FROM php:8.0-fpm
-
-RUN apt-get update && apt-get install -y openssh-server unzip git msmtp nginx wait-for-it \
-	&& rm /etc/nginx/sites-enabled/default \
-	&& apt-get -y autoremove \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-RUN useradd -c "Hosting Admin User" -u 1000 -g users -G www-data -d /var/www/html -M lamp
-RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
-COPY www.conf /usr/local/etc/php-fpm.d/
-COPY nginx-app.conf /etc/nginx/conf.d/
-
-COPY sshd_config.patch /tmp/
-RUN (cd / && patch -p0 ) < /tmp/sshd_config.patch && rm /tmp/sshd_config.patch
-
-COPY msmtprc /etc/
-RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini && sed -i -e 's#^memory_limit = 128M#memory_limit = 256M#' /usr/local/etc/php/php.ini
-
-EXPOSE 22/tcp
-
-# Add composer
-RUN curl https://getcomposer.org/installer|php -- --install-dir=/usr/local/bin --filename=composer
-
-# Mysql/Postgress/LDAP
-RUN apt-get update && apt-get install -y openssh-server libpq5 libpq-dev unzip git libldap2-dev \
-	&& docker-php-ext-install -j$(nproc) pdo_mysql pdo_pgsql ldap gettext \
-	&& apt-get -y purge libpq-dev libldap2-dev libx11-6 dbus ncurses-term systemd \
-	&& apt-get -y autoremove \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-# Enable phpredis
-RUN apt-get update && apt-get install -y redis \
-	&& pecl install -o -f igbinary && pecl install -o -f redis && docker-php-ext-enable redis igbinary \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-# Enable phpmemcache
-RUN apt-get update && apt-get install -y memcached libmemcachedutil2 zlib1g-dev libmemcached-dev \
-	&& pecl install -o -f memcached && docker-php-ext-enable memcached \
-	&& apt-get -y purge zlib1g-dev libmemcached-dev \
-	&& apt-get -y autoremove \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-COPY init /sbin/
-RUN chmod 550 /sbin/init && chown 0:0 /sbin/init
-ENTRYPOINT [ "/sbin/init" ]
-CMD [ "php-fpm" ]

Dockerfile.phptest

@@ -1,12 +0,0 @@
-# NAME leenooks/php
-# VERSION 8.0-fpm-test
-
-FROM registry.leenooks.net/leenooks/php:8.0-fpm-mp
-
-RUN pecl install xdebug \
-	&& docker-php-ext-enable xdebug
-
-RUN apt-get update && apt-get install -y npm \
-        && apt-get -y autoremove \
-        && apt-get clean \
-        && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

docker/Dockerfile

@@ -0,0 +1,56 @@
+# NAME docker/php
+# VERSION 8.4-fpm-alpine
+
+FROM dunglas/frankenphp:php8.4-alpine
+
+# Change to http respositories, so they we can cache the install packages
+RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
+
+# Base
+RUN apk add --no-cache bash msmtp memcached
+
+ENV SITE_USER=www-data
+ENV PHP_DIR=/app
+
+# Additional extensions:
+RUN install-php-extensions \
+    opcache igbinary msgpack memcached zip bz2 zstd brotli gd intl \
+    && echo opcache.memory_consumption=512 >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
+    && echo opcache.interned_strings_buffer=64 >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
+    && echo opcache.max_accelerated_files=32531 >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
+    && echo opcache.fast_shutdown=1 >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
+    && echo opcache.enable_cli=1 >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
+    && mkdir /tmp/opcache && chown ${SITE_USER}:0 /tmp/opcache && chmod 750 /tmp/opcache && echo opcache.file_cache=/tmp/opcache >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
+    && echo opcache.validate_timestamps=0 >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini
+
+# Tune PHP
+RUN cp /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
+RUN sed -i -e 's/^memory_limit = 128M/memory_limit = 256M/' /usr/local/etc/php/php.ini
+RUN sed -i -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini
+RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini
+
+# Wait for it
+COPY wait-for-it /usr/local/bin/
+
+# Add composer
+ENV COMPOSER_HOME=/var/cache/composer
+RUN curl -4 https://getcomposer.org/installer|php -- --install-dir=/usr/local/bin --filename=composer \
+	&& chown ${SITE_USER}:0 ${COMPOSER_HOME}
+
+# Other config
+COPY msmtprc /etc/
+
+# Startup for ${SITE_USER}
+COPY docker/init-docker /sbin/init-docker
+RUN chmod 550 /sbin/init-docker && chown ${SITE_USER}:0 /sbin/init-docker && chown -R ${SITE_USER}:0 ${XDG_DATA_HOME} ${XDG_CONFIG_HOME} /run
+
+VOLUME [ "/var/cache/composer" ]
+WORKDIR ${PHP_DIR}
+USER ${SITE_USER}
+
+# Control which port to open
+ENV SERVER_NAME=:8080
+EXPOSE 8080
+
+ENTRYPOINT [ "/sbin/init-docker" ]
+CMD [ "--config","/etc/caddy/Caddyfile","--adapter","caddyfile" ]

docker/Dockerfile.phptest

@@ -0,0 +1,9 @@
+# NAME docker/php
+# VERSION 8.4-fpm-test
+
+FROM gitea.dege.au/docker/php:8.4
+
+# Add xdebug
+USER root
+RUN install-php-extensions xdebug
+USER ${SITE_USER}

docker/init-docker

@@ -0,0 +1,175 @@
+#!/bin/bash
+
+set -e
+role=${CONTAINER_ROLE:-app}
+env=${APP_ENV:-production}
+php=${PHP_DIR:-/app}
+composer=${COMPOSER_HOME:-/var/cache/composer}
+
+SITE_USER=${SITE_USER:-www-data}
+MEMCACHED_START=${MEMCACHED_START:-FALSE}
+RUN_USER=$(id -u)
+[ "${RUN_USER}" = "0" ] && USE_SU=1
+
+# To run a local queue, running jobs from the queue "hostname"
+LOCAL_QUEUE=${LOCAL_QUEUE:-FALSE}
+# Optional additional queues to run for
+#LOCAL_QUEUES=
+
+function mp() {
+	set +e
+	mountpoint -q $1
+	local mp=$?
+	set -e
+	echo ${mp}
+}
+
+function wait_for_db() {
+	# Wait for DB to be active
+	if [ -n "${DB_HOST}" -a -n "${DB_PORT}" ]; then
+		while ! wait-for-it -h ${DB_HOST} -p ${DB_PORT} -t 5 -q; do
+			echo "? Waiting for database at ${DB_HOST}:${DB_PORT}"
+			sleep 1;
+		done
+		echo "- DB is active on ${DB_HOST}:${DB_PORT}"
+	fi
+}
+
+echo "* Started with [$@]"
+
+# Run any container setup
+[ -x /sbin/init-container ] && /sbin/init-container
+
+# General Setup
+if [ -x /usr/bin/memcached -a "${MEMCACHED_START}" == "TRUE" ]; then
+	echo "* Starting MEMCACHED..."
+	/usr/bin/memcached -d -P /run/memcached.pid -u memcached
+fi
+
+# Laravel Specific
+if [ -r artisan -a -e ${php}/.env ]; then
+	echo "* Laravel Setup..."
+	mp=$(mp ${php})
+	echo "  - ${php} is an external mount point ${mp}"
+
+	# Only adjust perms if this is an external mountpoint
+	if [ -n "${BUILD}" -o -n "${FORCE_PERMS}" -o ${mp} -eq 0 ]; then
+		if [ -n "${BUILD}" -o -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ]; then
+			echo "  - Setting Permissions..."
+			# Make sure our permissions are appropraite
+			find ${php} -type f -exec chmod 640 {} \;
+			find ${php} -type d -exec chmod 750 {} \;
+			find ${php}/public -type f -exec chmod 644 {} \;
+			find ${php}/public -type d -exec chmod 755 {} \;
+			chmod o+rx ${php}
+			chmod a+rx ${php}/artisan
+			chown -R ${SITE_USER}:www-data ${php}
+			chown -R ${SITE_USER}:www-data ${php}/storage ${php}/bootstrap ${php}/composer.*
+			[ -e ${php}/vendor ] && chown -R ${SITE_USER}:www-data ${php}/vendor
+		fi
+	fi
+
+	# See if we need to refresh our dependancies (only need if web dir is externally mounted)
+	if [[ -r composer.json && ( -e .composer.refresh || ! -d vendor ) ]]; then
+		echo "  - Composer installing dependancies..."
+
+		rm -f ${php}/bootstrap/cache/*.php
+		if [ "${env}" != "local" ]; then
+			NODEV="--no-dev"
+		fi
+
+		mp=$(mp ${composer})
+		echo "  - [${composer}] is a mount point [${mp}]"
+
+		if [ -n "${BUILD}" -o -n "${FORCE_PERMS}" -o ${mp} -eq 0 ]; then
+			[ -n "${BUILD}" -o -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && chown -R ${SITE_USER}:www-data ${composer}
+			[ ! -d ${php}/vendor ] && mkdir -m 750 ${php}/vendor && chown ${SITE_USER}:www-data ${php}/vendor
+			[ -n "${BUILD}" -o -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && chmod g+w ${php}
+		fi
+
+		CMD="composer install --optimize-autoloader ${NODEV}"
+		(( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}) && ( test -e .composer.refresh && rm -f .composer.refresh )
+		[ -n "${BUILD}" -o -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && [ ${mp} -eq 0 ] && chmod g-w ${php}
+	fi
+
+	# Generate our Encryption Key
+	[ -z "${BUILD}" ] && [ -z "${APP_KEY}" ] \
+		&& grep -qe '^APP_KEY=$' .env \
+		&& echo '  + Encryption Key auto created, replace with with "artisan key:generate --force"' \
+		&& ./artisan key:generate
+
+	# We only check for non mount points, in case this container has the app inside
+	mp=$(mp ${php})
+	if [ -z "${BUILD}" -o ${mp} -eq 0 ]; then
+		echo "  - Caching configuration..."
+		CMD="php artisan optimize"
+		( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+	fi
+
+	if [ "${role}" = "app" ]; then
+		if [ "${env}" != "local" ]; then
+			if [ -z "${IGNORE_MIGRATION}" ]; then
+				if [ -r .migrate ]; then
+					echo "  - Running migration..."
+					# If DB_HOST not set, source the env file
+					[ -z "${DB_HOST}" -a -r .env ] && . .env
+
+					wait_for_db
+
+					CMD="php artisan migrate"
+					(( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}) && rm -f .migrate
+				fi
+			else
+				[ -r .migrate ] && echo "! NOTE: Migration ignored due to IGNORE_MIGRATION"
+			fi
+
+			# If passport is installed
+			if [ -d ${php}/vendor/laravel/passport ]; then
+				echo "  - Generating OAUTH keys ..."
+				set +e
+				CMD="php artisan passport:keys"
+				( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+				set -e
+			fi
+		fi
+
+		if [ "${LOCAL_QUEUE}" = "TRUE" ]; then
+			echo "  - Starting local queue for [$(hostname)${LOCAL_QUEUES:+,${LOCAL_QUEUES}}] with job timeout of [${WORK_TIMEOUT:-90}], trying [${WORK_TRIES:-1}] times..."
+			CMD="(while true; do php ${PHP_OPTIONS} artisan queue:work --verbose --tries=${WORK_TRIES:-1} --timeout=${WORK_TIMEOUT:-90} --queue=$(hostname)${LOCAL_QUEUES:+,${LOCAL_QUEUES}} ${WORK_MEMORY:+--memory=${WORK_MEMORY}} ${WORK_ONCE:+--once}; done) &"
+			( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+		fi
+
+		set +e
+		[ -x init-php.sh ] && (( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "init-php.sh &" ) || init-php.sh &)
+
+		exec /usr/local/bin/docker-php-entrypoint "$@"
+
+	elif [ "$role" = "queue" ]; then
+		QUEUE_CMD=work
+
+		if [ "${env}" == "local" ]; then
+			QUEUE_CMD=listen
+		fi
+
+		echo "  - Running the queue..."
+		# We'll delay starting in case the app is caching
+		sleep 15
+
+		wait_for_db
+
+		CMD="while true; do php ${PHP_OPTIONS} artisan queue:${QUEUE_CMD} --verbose --tries=${WORK_TRIES:-1} --timeout=${WORK_TIMEOUT:-90} ${WORK_QUEUES:+--queue=${WORK_QUEUES}} ${WORK_MEMORY:+--memory=${WORK_MEMORY}} ${WORK_ONCE:+--once}; done"
+		( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+
+	elif [ "$role" = "scheduler" ]; then
+		echo "  - Running the scheduler..."
+		# We'll delay starting in case the app is caching
+		sleep 15
+
+		CMD="while true; do php ${PHP_OPTIONS} artisan schedule:work --verbose --no-interaction; done"
+		( [ -n "${USE_SU}" ] && su ${SITE_USER} -s /bin/sh -c "${CMD}" ) || ${CMD}
+	fi
+
+else
+	echo "? NO container role \"${role}\", AND/OR no laravel install, just starting php-fpm"
+	exec /usr/local/bin/docker-php-entrypoint "$@"
+fi

init

@@ -1,206 +0,0 @@
-#!/bin/bash
-
-set -e
-role=${CONTAINER_ROLE:-app}
-env=${APP_ENV:-live}
-php=${PHP_DIR:-/var/www/html}
-composer=${COMPOSER_DIR:-/var/www/.composer}
-
-NGINX_START=${NGINX_START:-TRUE}
-SSH_START=${SSH_START:-FALSE}
-REDIS_START=${REDIS_START:-FALSE}
-MEMCACHED_START=${MEMCACHED_START:-FALSE}
-
-# To run a local queue, running jobs from the queue "hostname"
-LOCAL_QUEUE=${LOCAL_QUEUE:-FALSE}
-# Optional additional queues to run for
-#LOCAL_QUEUES=
-
-function mp() {
-	set +e
-	mountpoint -q $1
-	local mp=$?
-	set -e
-	echo ${mp}
-}
-
-function nginx_start() {
-	# Start NGINX
-	if [ -x /usr/sbin/nginx -a "${NGINX_START}" == "TRUE" ]; then
-		echo "* Starting NGINX..."
-		start-stop-daemon --start --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx -- -g 'daemon on; master_process on;'
-	fi
-}
-
-# General Setup
-if [ -x /usr/sbin/sshd -a "${SSH_START}" == "TRUE" ]; then
-	echo "* Starting SSH..."
-	[ ! -d /var/run/sshd ] && mkdir /var/run/sshd
-	start-stop-daemon --start --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- -p 22
-fi
-
-if [ -x /usr/bin/redis-server -a "${REDIS_START}" == "TRUE" ]; then
-	echo "* Starting REDIS..."
-	start-stop-daemon --start --quiet --oknodo --umask 007 --pidfile /var/run/redis-server.pid --chuid redis:redis --exec /usr/bin/redis-server -- /etc/redis/redis.conf
-fi
-
-if [ -x /usr/bin/memcached -a "${MEMCACHED_START}" == "TRUE" ]; then
-	echo "* Starting MEMCACHED..."
-	start-stop-daemon --start --quiet --exec "/usr/share/memcached/scripts/start-memcached" -- /etc/memcached.conf /var/run/memcached.pid
-fi
-
-# Laravel Specific
-if [ "${role}" = "app" -a -e artisan ]; then
-	if [ ! -e ${php}/.env ]; then
-		echo "! ERROR: NO .env file..."
-		exec /bin/bash
-	fi
-
-	mp=$(mp ${php})
-
-	# Only adjust perms if this is an external mountpoint
-	if [ ${mp} -eq 0 -o -n "${FORCE_PERMS}" ] ; then
-		if [ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ]; then
-			echo "* Setting Permissions..."
-			# Make sure our permissions are appropraite
-			find ${php} -type f -exec chmod 640 {} \;
-			find ${php} -type d -exec chmod 750 {} \;
-			find ${php}/public -type f -exec chmod 644 {} \;
-			find ${php}/public -type d -exec chmod 755 {} \;
-			chmod o+rx ${php}
-			chmod a+rx ${php}/artisan
-			chown -R lamp:www-data ${php}
-			chown -R www-data:www-data ${php}/storage ${php}/bootstrap ${php}/composer.*
-			[ -e ${php}/vendor ] && chown -R www-data:www-data ${php}/vendor
-		fi
-	fi
-
-	if [ "${env}" != "local" -a -r "artisan" ]; then
-		# See if we need to refresh our dependancies
-		if [[ -r composer.json && ( -e .composer.refresh || ! -d vendor ) ]]; then
-			echo "* Composer installing dependancies..."
-
-			rm -f ${php}/bootstrap/cache/*.php
-			if [ "${env}" != "local" ]; then
-				NODEV="--no-dev"
-			fi
-
-			mp=$(mp ${composer})
-
-			if [ ${mp} -eq 0 -o -n "${FORCE_PERMS}" ] ; then
-				[ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && chown -R www-data:www-data ${composer}
-				[ ! -d ${php}/vendor ] && mkdir -m 750 ${php}/vendor && chown www-data:www-data ${php}/vendor
-				[ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && chmod g+w ${php}
-			fi
-
-			su www-data -s /bin/sh -c "composer install --optimize-autoloader ${NODEV}" && ( test -e .composer.refresh && rm -f .composer.refresh )
-			[ -n "${FORCE_PERMS}" -o "${env}" != "local" -a -z "${SKIP_PERM}" ] && [ ${mp} -eq 0 ] && chmod g-w ${php}
-		fi
-
-		if [ -e .lumen ]; then
-			echo "* Lumen detected..."
-		else
-			echo "* Caching configuration..."
-			su www-data -s /bin/sh -c "(php artisan optimize && php artisan view:cache)"
-		fi
-
-		if [ -r .migrate ]; then
-			echo "* Running migration..."
-			# If DB_HOST not set, source the env file
-			[ -z "${DB_HOST}" -a -r .env ] && . .env
-
-			if [ -n "${DB_HOST}" -a -n "${DB_PORT}" ]; then
-				while ! wait-for-it -h ${DB_HOST} -p ${DB_PORT} -t 5 -q; do
-					echo "? Waiting for database at ${DB_HOST}:${DB_PORT}"
-					sleep 1;
-				done
-				echo "- DB is active on ${DB_HOST}:${DB_PORT}"
-			fi
-
-			su www-data -s /bin/sh -c "php artisan migrate" && rm -f .migrate
-		fi
-
-		# If passport is installed
-		if [ -d ${php}/vendor/laravel/passport ]; then
-			echo "* Generating OAUTH keys ..."
-			su www-data -s /bin/sh -c "php artisan passport:keys"
-		fi
-	fi
-
-	nginx_start
-
-	if [ "${LOCAL_QUEUE}" = "TRUE" ]; then
-		echo "* Starting local queue for [$(hostname)${LOCAL_QUEUES:+,${LOCAL_QUEUES}}] with job timeout of [${WORK_TIMEOUT:-90}], trying [${WORK_TRIES:-1}] times..."
-		su www-data -s /bin/sh -c "
-		(while true; do php ${PHP_OPTIONS} artisan queue:work --verbose --tries=${WORK_TRIES:-1} --timeout=${WORK_TIMEOUT:-90} --queue=$(hostname)${LOCAL_QUEUES:+,${LOCAL_QUEUES}} ${WORK_MEMORY:+--memory=${WORK_MEMORY}} ${WORK_ONCE:+--once}; done) &
-		"
-	fi
-
-	exec /usr/local/bin/docker-php-entrypoint "$@"
-
-elif [ "$role" = "queue" -a -e artisan ]; then
-	if [ ! -e ${php}/.env ]; then
-		echo "! ERROR: NO .env file..."
-		exec /bin/bash
-	fi
-
-	QUEUE_CMD=work
-	if [ "${env}" == "local" ]; then
-		QUEUE_CMD=listen
-	fi
-
-	if [ -e .lumen ]; then
-		echo "* Lumen detected..."
-	else
-		# We only check for non mount points, in case this container has the app inside
-		mp=$(mp ${php})
-		if [ ${mp} -eq 1 ]; then
-			echo "* Caching configuration..."
-			su www-data -s /bin/sh -c "(php artisan config:cache && php artisan route:cache && php artisan view:cache)"
-		fi
-	fi
-
-	echo "* Running the queue..."
-	# We'll delay starting in case the app is caching
-	sleep 15
-
-	su www-data -s /bin/sh -c "
-	while true; do
-		php ${PHP_OPTIONS} artisan queue:${QUEUE_CMD} --verbose --tries=${WORK_TRIES:-1} --timeout=${WORK_TIMEOUT:-90} ${WORK_QUEUES:+--queue=${WORK_QUEUES}} ${WORK_MEMORY:+--memory=${WORK_MEMORY}} ${WORK_ONCE:+--once}
-	done
-	"
-
-elif [ "$role" = "scheduler" -a -e artisan ]; then
-	if [ ! -e ${php}/.env ]; then
-		echo "! ERROR: NO .env file..."
-		exec /bin/bash
-	fi
-
-	if [ -e .lumen ]; then
-		echo "* Lumen detected..."
-	else
-		# We only check for non mount points, in case this container has the app inside
-		mp=$(mp ${php})
-		if [ ${mp} -eq 1 ]; then
-			echo "* Caching configuration..."
-			su www-data -s /bin/sh -c "(php artisan config:cache && php artisan route:cache && php artisan view:cache)"
-		fi
-	fi
-
-	echo "* Running the scheduler..."
-	# We'll delay starting in case the app is caching
-	sleep 15
-
-	su www-data -s /bin/sh -c "
-	while true; do
-		(php ${PHP_OPTIONS} artisan schedule:run --verbose --no-interaction &)
-		sleep 60
-	done
-	"
-
-else
-	nginx_start
-
-	echo "? NO container role \"${role}\", AND/OR no laravel install, just starting php-fpm"
-	exec /usr/local/bin/docker-php-entrypoint "$@"
-fi

msmtprc

@@ -1,18 +1,26 @@
 # A system wide configuration file is optional.
+defaults
+port 25
+tls off
+
 # If it exists, it usually defines a default account.
 # This allows msmtp to be used like /usr/sbin/sendmail.
 account default
 
+# Authentication
+auth off
+
 # The SMTP smarthost
 host smtp
 
 # Envelope-from address
-#from user@example.com
+from nobody@%H
-domain example.com
+
+# Sets the argument of the SMTP EHLO
+domain web
 
 # Construct envelope-from addresses of the form "user@oursite.example"
-#auto_from on
+#allow_from_override on
-#maildomain example.com
 
 # Syslog logging with facility LOG_MAIL instead of the default LOG_USER
 syslog LOG_MAIL

nginx-app.conf

@@ -1,34 +0,0 @@
-server {
-	listen			80 default_server;
-	listen			[::]:80 default_server;
-
-	access_log		off;
-	client_max_body_size	10m;
-	fastcgi_buffers		16 16k;
-	fastcgi_buffer_size	16k;
-	index			index.php index.html;
-	root			/var/www/html/public;
-	server_tokens		off;
-
-	set $my_https "off";
-	if ($http_x_forwarded_proto = "https") {
-		set $my_https "on";
-	}
-
-	location / {
-		try_files $uri $uri/ /index.php?$query_string;
-	}
-
-	location ~ \.php$ {
-		try_files $uri =404;
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass 127.0.0.1:9000;
-		fastcgi_index index.php;
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-		fastcgi_param SERVER_NAME $host;
-		fastcgi_param PATH_INFO $fastcgi_path_info;
-		fastcgi_param HTTPS $my_https;
-		fastcgi_param PHP_ADMIN_VALUE "sendmail_path=/usr/sbin/sendmail -i -t";
-	}
-}

sshd_config.patch

@@ -1,18 +0,0 @@
---- /etc/ssh/sshd_config.orig   2018-02-27 08:33:29.613104521 +0000
-+++ /etc/ssh/sshd_config        2018-02-27 08:34:43.413485512 +0000
-@@ -30,6 +30,7 @@
- 
- #LoginGraceTime 2m
- #PermitRootLogin prohibit-password
-+PermitRootLogin no
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
-@@ -54,6 +55,7 @@
- 
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
-+PasswordAuthentication no
- #PermitEmptyPasswords no
- 
- # Change to yes to enable challenge-response passwords (beware issues with

wait-for-it

@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# Check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+
+WAITFORIT_BUSYTIMEFLAG=""
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+    WAITFORIT_ISBUSY=1
+    # Check if busybox timeout uses -t flag
+    # (recent Alpine versions don't support -t anymore)
+    if timeout &>/dev/stdout | grep -q -e '-t '; then
+        WAITFORIT_BUSYTIMEFLAG="-t"
+    fi
+else
+    WAITFORIT_ISBUSY=0
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi

www.conf

@@ -1,9 +0,0 @@
-[www]
-group = www-data
-listen = 127.0.0.1:9000
-pm = dynamic
-pm.max_children = 25
-pm.max_spare_servers = 10
-pm.min_spare_servers = 5
-pm.start_servers = 10
-user = www-data