From 2bb54b7cfd6b7e788059d4af8bc667bb0f8ecd00 Mon Sep 17 00:00:00 2001 From: Dov Benyomin Sohacheski Date: Fri, 15 Mar 2024 13:16:28 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20Initial=20commit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .editorconfig | 8 +++ .github/CODE_OF_CONDUCT.md | 128 +++++++++++++++++++++++++++++++++++ .github/workflows/build.yaml | 54 +++++++++++++++ .gitignore | 0 Dockerfile | 54 +++++++++++++++ LICENSE | 21 ++++++ README.md | 16 +++++ src/artisan | 13 ++++ src/entrypoint.sh | 70 +++++++++++++++++++ src/php.ini | 87 ++++++++++++++++++++++++ 10 files changed, 451 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/CODE_OF_CONDUCT.md create mode 100644 .github/workflows/build.yaml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100644 src/artisan create mode 100644 src/entrypoint.sh create mode 100644 src/php.ini diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..0daf12d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,8 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +indent_style = space +indent_size = 2 +trim_trailing_whitespace = true diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..78b1f16 --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, gendercharacteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or genderidentity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people. +- Being respectful of differing opinions, viewpoints, and experiences. +- Giving and gracefully accepting constructive feedback. +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience. +- Focusing on what is best not just for us as individuals, but for the + overall community. + +Examples of unacceptable behavior include: + +- The use of improper language or imagery, and genderattention or + advances of any kind. +- Trolling, insulting or derogatory comments, and personal or political attacks. +- Public or private harassment. +- Publishing others' private information, such as a physical or email + address, without their explicit permission. +- Other conduct which could reasonably be considered inappropriate in a + professional setting. + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +. Translations are available at +. diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..124e0ff --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,54 @@ +--- +name: 👷‍♂️ Build + +on: + push: + tags: + - v* + +jobs: + docker: + name: 🐳 Docker Build + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: 📁 Checkout repository + uses: actions/checkout@v4 + + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + + - name: 🔑 Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: 📃 Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + flavor: | + latest=false + tags: | + type=raw,value=latest + type=semver,pattern=v{{version}} + type=semver,pattern=v{{major}}.{{minor}} + + - name: 🐳 Docker Build & Push + uses: docker/build-push-action@v5 + id: docker_build + with: + cache-from: type=gha + cache-to: type=gha,mode=max + context: . + push: true + provenance: false + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e712d0b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,54 @@ +ARG php_version=8.3 + +FROM dunglas/frankenphp:1.1-php${php_version} AS base +WORKDIR /app + +ENV SERVER_NAME=:80 +ARG user=laravel + +COPY --from=composer:latest /usr/bin/composer /usr/bin/composer +COPY --chmod=755 src/entrypoint.sh /entrypoint.sh +COPY src/php.ini "${PHP_INI_DIR}/php.ini" + +RUN apt-get update \ + && apt-get satisfy -y --no-install-recommends \ + "curl (>=7.88)" \ + "supervisor (>=4.2)" \ + "unzip (>=6.0)" \ + && rm -rf /var/lib/apt/lists/* + +RUN useradd \ + --uid 1000 \ + --shell /bin/bash \ + "${user}" \ + && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp \ + && chown -R "${user}:${user}" \ + /app \ + /data/caddy \ + /config/caddy \ + && mv "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini" + +RUN install-php-extensions \ + curl \ + gd \ + intl \ + pcntl \ + pdo_pgsql \ + opcache \ + redis \ + zip + +USER ${user} + +COPY --chown=${user}:${user} src/artisan artisan + +RUN mkdir -p \ + bootstrap/cache \ + storage/framework/cache \ + storage/framework/sessions \ + storage/framework/testing \ + storage/framework/views \ + storage/logs \ + && chmod -R a+rw storage + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7d1cfb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 KloudKIT + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..84cd441 --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +# Laravel Docker Base + +> Docker base image for Laravel production applications + +## Environment Variables + +| `env` | Default | Mode | +| ------------------------------ | ------- | --------- | +| `CONTAINER_MANUAL_SETUP` | ➖ | `*` | +| `CONTAINER_MODE` | `"app"` | `*` | +| `CONTAINER_PORT` | `8000` | app | +| `CONTAINER_SCHEDULER_INTERVAL` | `60` | scheduler | +| `CONTAINER_WORKER_DELAY` | `10` | worker | +| `CONTAINER_WORKER_SLEEP` | `5` | worker | +| `CONTAINER_WORKER_TRIES` | `3` | worker | +| `CONTAINER_WORKER_TIMEOUT` | `300` | worker | diff --git a/src/artisan b/src/artisan new file mode 100644 index 0000000..04f054e --- /dev/null +++ b/src/artisan @@ -0,0 +1,13 @@ +#!/usr/bin/env php +handleCommand(new ArgvInput); + +exit($status); diff --git a/src/entrypoint.sh b/src/entrypoint.sh new file mode 100644 index 0000000..ac57431 --- /dev/null +++ b/src/entrypoint.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +set -e + +: "${CONTAINER_MODE:=app}" +: "${CONTAINER_PORT:=8000}" +: "${CONTAINER_WORKER_DELAY:=10}" +: "${CONTAINER_WORKER_SLEEP:=5}" +: "${CONTAINER_WORKER_TIMEOUT:=300}" +: "${CONTAINER_WORKER_TRIES:=3}" +: "${CONTAINER_SCHEDULER_INTERVAL:=60}" +: "${APP_ENV:=production}" + +ARTISAN="php -d variables_order=EGPCS /app/artisan" + +_setup() { + if [ -n "${CONTAINER_MANUAL_SETUP}" ]; then + echo DEBUG: Skipping setup... + + return + fi + + echo DEBUG: Preparing application... + + ${ARTISAN} storage:link || true + + ${ARTISAN} optimize || true + ${ARTISAN} config:cache || true + ${ARTISAN} route:cache || true + ${ARTISAN} view:cache || true + ${ARTISAN} events:cache || true + + ${ARTISAN} migrate --force || true +} + +_run() { + case "${CONTAINER_MODE}" in + app) + echo INFO: Running octane... + exec "${ARTISAN}" octane:frankenphp --host=0.0.0.0 --port="${CONTAINER_PORT}" + ;; + worker) + echo INFO: Running the queue... + exec "${ARTISAN}" queue:work -vv \ + --no-interaction \ + --tries="${CONTAINER_WORKER_TRIES}" \ + --sleep="${CONTAINER_WORKER_SLEEP}" \ + --timeout="${CONTAINER_WORKER_TIMEOUT}" \ + --delay="${CONTAINER_WORKER_DELAY}" + ;; + horizon) + echo INFO: Running horizon... + exec "${ARTISAN}" horizon + ;; + scheduler) + while true; do + echo "INFO: Running scheduled tasks." + "${ARTISAN}" schedule:run --verbose --no-interaction & + sleep "${CONTAINER_SCHEDULER_INTERVAL}s" + done + ;; + *) + echo "Could not match the container mode [${CONTAINER_MODE}]" + exit 1 + ;; + esac +} + +_setup +_run diff --git a/src/php.ini b/src/php.ini new file mode 100644 index 0000000..49b34e4 --- /dev/null +++ b/src/php.ini @@ -0,0 +1,87 @@ +[PHP] +allow_url_fopen = On +allow_url_include = Off +auto_append_file = +auto_globals_jit = On +auto_prepend_file = +default_mimetype = text/html +default_charset = UTF-8 +default_socket_timeout = 60 +display_errors = Off +display_startup_errors = Off +doc_root = +enable_dl = Off +engine = On +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +expose_php = On +file_uploads = On +ignore_repeated_errors = Off +ignore_repeated_source = Off +implicit_flush = Off +log_errors = On +max_execution_time = 600 +max_file_uploads = 20 +max_input_time = 180 +memory_limit = 256M +output_buffering = 4096 +post_max_size = 100M +precision = 14 +register_argc_argv = Off +report_memleaks = On +request_order = GP +serialize_precision = -1 +short_open_tag = Off +upload_max_filesize = 32M +user_dir = +variables_order = GPCS +zend.enable_gc = On +zend.exception_ignore_args = On +zend.exception_string_param_max_len = 0 +zlib.output_compression = Off + +[CLI Server] +cli_server.color = On + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.cookie_samesite = +session.serialize_handler = php +session.gc_probability = 1 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.sid_length = 26 +session.trans_sid_tags = "a=href,area=href,frame=src,form=" +session.sid_bits_per_character = 5 + +[opcache] +opcache.enable=1 +opcache.interned_strings_buffer=64 +opcache.max_accelerated_files=5000 +opcache.max_wasted_percentage=15 +opcache.memory_consumption=512 +opcache.revalidate_freq=2 +opcache.validate_timestamps=0