diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..dc5a875 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,34 @@ +**/*.log +**/*.md +**/*.php~ +**/*.dist.php +**/*.dist +**/*.cache +**/._* +**/.dockerignore +**/.DS_Store +**/.git/ +**/.gitattributes +**/.gitignore +**/.gitmodules +**/compose.*.yaml +**/compose.*.yml +**/compose.yaml +**/compose.yml +**/docker-compose.*.yaml +**/docker-compose.*.yml +**/docker-compose.yaml +**/docker-compose.yml +**/Dockerfile +**/Thumbs.db +.github/ +docs/ +public/bundles/ +tests/ +var/ +vendor/ +.editorconfig +.env.*.local +.env.local +.env.local.php +.env.test diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..9506ca4 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,76 @@ +name: CI + +on: + push: + branches: + - main + pull_request: ~ + workflow_dispatch: ~ + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Build Docker images + uses: docker/bake-action@v6 + with: + pull: true + load: true + files: | + compose.yaml + compose.override.yaml + set: | + *.cache-from=type=gha,scope=${{github.ref}} + *.cache-from=type=gha,scope=refs/heads/main + *.cache-to=type=gha,scope=${{github.ref}},mode=max + - + name: Start services + run: docker compose up --wait --no-build + - + name: Check HTTP reachability + run: curl -v --fail-with-body http://localhost + - + name: Check HTTPS reachability + if: false # Remove this line when the homepage will be configured, or change the path to check + run: curl -vk --fail-with-body https://localhost + - + name: Check Mercure reachability + run: curl -vkI --fail-with-body https://localhost/.well-known/mercure?topic=test + - + name: Create test database + if: false # Remove this line if Doctrine ORM is installed + run: docker compose exec -T php bin/console -e test doctrine:database:create + - + name: Run migrations + if: false # Remove this line if Doctrine Migrations is installed + run: docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction + - + name: Run PHPUnit + if: false # Remove this line if PHPUnit is installed + run: docker compose exec -T php bin/phpunit + - + name: Doctrine Schema Validator + if: false # Remove this line if Doctrine ORM is installed + run: docker compose exec -T php bin/console -e test doctrine:schema:validate + lint: + name: Docker Lint + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Lint Dockerfile + uses: hadolint/hadolint-action@v3.1.0 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..87ff4a1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,77 @@ +#syntax=docker/dockerfile:1 + +# Versions +FROM dunglas/frankenphp:1-php8.4 AS frankenphp_upstream + +# The different stages of this Dockerfile are meant to be built into separate images +# https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage +# https://docs.docker.com/compose/compose-file/#target + + +# Base FrankenPHP image +FROM frankenphp_upstream AS frankenphp_base + +WORKDIR /app + +VOLUME /app/var/ + +# persistent / runtime deps +# hadolint ignore=DL3008 +RUN apt-get update && apt-get install -y --no-install-recommends \ + acl \ + file \ + gettext \ + git \ + && rm -rf /var/lib/apt/lists/* + +RUN set -eux; \ + install-php-extensions \ + @composer \ + apcu \ + intl \ + opcache \ + zip \ + ; + +# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser +ENV COMPOSER_ALLOW_SUPERUSER=1 + +# Transport to use by Mercure (default to Bolt) +ENV MERCURE_TRANSPORT_URL=bolt:///data/mercure.db + +ENV PHP_INI_SCAN_DIR=":$PHP_INI_DIR/app.conf.d" + +###> recipes ### +###> doctrine/doctrine-bundle ### +#RUN install-php-extensions pdo pdo_mysql +RUN docker-php-ext-install pdo pdo_mysql +RUN docker-php-ext-enable pdo pdo_mysql +###< doctrine/doctrine-bundle ### +###< recipes ### + +COPY --link frankenphp/conf.d/10-app.ini $PHP_INI_DIR/app.conf.d/ +COPY --link --chmod=755 frankenphp/docker-entrypoint.sh /usr/local/bin/docker-entrypoint +COPY --link frankenphp/Caddyfile /etc/frankenphp/Caddyfile + +ENTRYPOINT ["docker-entrypoint"] + +HEALTHCHECK --start-period=60s CMD curl -f http://localhost:2019/metrics || exit 1 +CMD [ "frankenphp", "run", "--config", "/etc/frankenphp/Caddyfile" ] + +# Dev FrankenPHP image +FROM frankenphp_base AS frankenphp_dev + +ENV APP_ENV=dev +ENV XDEBUG_MODE=off +#ENV FRANKENPHP_WORKER_CONFIG=watch + +RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" + +RUN set -eux; \ + install-php-extensions \ + xdebug \ + ; + +COPY --link frankenphp/conf.d/20-app.dev.ini $PHP_INI_DIR/app.conf.d/ + +CMD [ "frankenphp", "run", "--config", "/etc/frankenphp/Caddyfile", "--watch" ] diff --git a/compose.override.yaml b/compose.override.yaml new file mode 100644 index 0000000..f61ee5d --- /dev/null +++ b/compose.override.yaml @@ -0,0 +1,32 @@ +# Development environment override +services: + php: + build: + context: . + target: frankenphp_dev + volumes: + - ./:/app + - ./frankenphp/Caddyfile:/etc/frankenphp/Caddyfile:ro + - ./frankenphp/conf.d/20-app.dev.ini:/usr/local/etc/php/app.conf.d/20-app.dev.ini:ro + # If you develop on Mac or Windows you can remove the vendor/ directory + # from the bind-mount for better performance by enabling the next line: + #- /app/vendor + environment: + #FRANKENPHP_WORKER_CONFIG: watch + MERCURE_EXTRA_DIRECTIVES: demo + # See https://xdebug.org/docs/all_settings#mode + XDEBUG_MODE: "${XDEBUG_MODE:-off}" + APP_ENV: "${APP_ENV:-dev}" + extra_hosts: + # Ensure that host.docker.internal is correctly defined on Linux + - host.docker.internal:host-gateway + tty: true + +###> symfony/mercure-bundle ### +###< symfony/mercure-bundle ### + +###> doctrine/doctrine-bundle ### + database: + ports: + - "3306" +###< doctrine/doctrine-bundle ### diff --git a/compose.prod.yaml b/compose.prod.yaml new file mode 100644 index 0000000..f0db05d --- /dev/null +++ b/compose.prod.yaml @@ -0,0 +1,10 @@ +# Production environment override +services: + php: + build: + context: . + target: frankenphp_prod + environment: + APP_SECRET: ${APP_SECRET} + MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET} + MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET} diff --git a/compose.yaml b/compose.yaml new file mode 100644 index 0000000..b87687f --- /dev/null +++ b/compose.yaml @@ -0,0 +1,69 @@ +version: "3" +services: + php: + image: ${IMAGES_PREFIX:-}app-php + restart: unless-stopped + depends_on: + - database + environment: + SERVER_NAME: ${SERVER_NAME:-localhost}, php:80 + MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!} + MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!} + # Run "composer require symfony/orm-pack" to install and configure Doctrine ORM + #DATABASE_URL: postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-!ChangeMe!}@database:5432/${POSTGRES_DB:-app}?serverVersion=${POSTGRES_VERSION:-15}&charset=${POSTGRES_CHARSET:-utf8} + DATABASE_URL: mysql://root:password@database:3306/snips?serverVersion=11.7.2-MariaDB + # Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration + MERCURE_URL: ${CADDY_MERCURE_URL:-http://php/.well-known/mercure} + MERCURE_PUBLIC_URL: ${CADDY_MERCURE_PUBLIC_URL:-https://${SERVER_NAME:-localhost}:${HTTPS_PORT:-443}/.well-known/mercure} + MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!} + # The two next lines can be removed after initial installation + SYMFONY_VERSION: ${SYMFONY_VERSION:-} + STABILITY: ${STABILITY:-stable} + volumes: + - caddy_data:/data + - caddy_config:/config + ports: + # HTTP + - target: 80 + published: ${HTTP_PORT:-80} + protocol: tcp + # HTTPS + - target: 443 + published: ${HTTPS_PORT:-443} + protocol: tcp + # HTTP/3 + - target: 443 + published: ${HTTP3_PORT:-443} + protocol: udp + +# Mercure is installed as a Caddy module, prevent the Flex recipe from installing another service +###> symfony/mercure-bundle ### +###< symfony/mercure-bundle ### + +###> doctrine/doctrine-bundle ### + database: + image: 'mariadb:latest' + environment: + MARIADB_USER: app + MARIADB_PASSWORD: password + MARIADB_DATABASE: snips + MARIADB_ROOT_PASSWORD: password + ports: + # To allow the host machine to access the ports below, modify the lines below. + # For example, to allow the host to connect to port 3306 on the container, you would change + # "3306" to "3306:3306". Where the first port is exposed to the host and the second is the container port. + # See https://docs.docker.com/compose/compose-file/compose-file-v3/#ports for more information. + - '3306' + volumes: + - database_data:/var/lib/mysql +###< doctrine/doctrine-bundle ### + +volumes: + caddy_data: + caddy_config: +###> symfony/mercure-bundle ### +###< symfony/mercure-bundle ### + +###> doctrine/doctrine-bundle ### + database_data: +###< doctrine/doctrine-bundle ### diff --git a/composer.json b/composer.json index 733d3ed..a0262ac 100644 --- a/composer.json +++ b/composer.json @@ -82,7 +82,8 @@ "extra": { "symfony": { "allow-contrib": false, - "require": "7.2.*" + "require": "7.2.*", + "docker": true } } } diff --git a/composer.lock b/composer.lock index c94fa3e..04957fa 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "638cbc9841226f386ba27215e24c5410", + "content-hash": "4f33fd23b3dd7a367af9ebf6f69f9c0a", "packages": [ { "name": "dflydev/dot-access-data", diff --git a/frankenphp/Caddyfile b/frankenphp/Caddyfile new file mode 100644 index 0000000..526e1d5 --- /dev/null +++ b/frankenphp/Caddyfile @@ -0,0 +1,57 @@ +{ + {$CADDY_GLOBAL_OPTIONS} + + frankenphp { + {$FRANKENPHP_CONFIG} + } +} + +{$CADDY_EXTRA_CONFIG} + +{$SERVER_NAME:localhost} { + log { + {$CADDY_SERVER_LOG_OPTIONS} + # Redact the authorization query parameter that can be set by Mercure + format filter { + request>uri query { + replace authorization REDACTED + } + } + } + + root /app/public + encode zstd br gzip + + mercure { + # Publisher JWT key + publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG} + # Subscriber JWT key + subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG} + # Allow anonymous subscribers (double-check that it's what you want) + anonymous + # Enable the subscription API (double-check that it's what you want) + subscriptions + # Extra directives + {$MERCURE_EXTRA_DIRECTIVES} + } + + vulcain + + {$CADDY_SERVER_EXTRA_DIRECTIVES} + + # Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics + header ?Permissions-Policy "browsing-topics=()" + + @phpRoute { + not path /.well-known/mercure* + not file {path} + } + rewrite @phpRoute index.php + + @frontController path index.php + php @frontController + + file_server { + hide *.php + } +} diff --git a/frankenphp/conf.d/10-app.ini b/frankenphp/conf.d/10-app.ini new file mode 100644 index 0000000..79a17dd --- /dev/null +++ b/frankenphp/conf.d/10-app.ini @@ -0,0 +1,13 @@ +expose_php = 0 +date.timezone = UTC +apc.enable_cli = 1 +session.use_strict_mode = 1 +zend.detect_unicode = 0 + +; https://symfony.com/doc/current/performance.html +realpath_cache_size = 4096K +realpath_cache_ttl = 600 +opcache.interned_strings_buffer = 16 +opcache.max_accelerated_files = 20000 +opcache.memory_consumption = 256 +opcache.enable_file_override = 1 diff --git a/frankenphp/conf.d/20-app.dev.ini b/frankenphp/conf.d/20-app.dev.ini new file mode 100644 index 0000000..e50f43d --- /dev/null +++ b/frankenphp/conf.d/20-app.dev.ini @@ -0,0 +1,5 @@ +; See https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host +; See https://github.com/docker/for-linux/issues/264 +; The `client_host` below may optionally be replaced with `discover_client_host=yes` +; Add `start_with_request=yes` to start debug session on each request +xdebug.client_host = host.docker.internal diff --git a/frankenphp/conf.d/20-app.prod.ini b/frankenphp/conf.d/20-app.prod.ini new file mode 100644 index 0000000..b716441 --- /dev/null +++ b/frankenphp/conf.d/20-app.prod.ini @@ -0,0 +1,5 @@ +; https://symfony.com/doc/current/performance.html#use-the-opcache-class-preloading +opcache.preload_user = root +opcache.preload = /app/config/preload.php +; https://symfony.com/doc/current/performance.html#don-t-check-php-files-timestamps +opcache.validate_timestamps = 0 diff --git a/frankenphp/docker-entrypoint.sh b/frankenphp/docker-entrypoint.sh new file mode 100755 index 0000000..637def1 --- /dev/null +++ b/frankenphp/docker-entrypoint.sh @@ -0,0 +1,67 @@ +#!/bin/sh +set -e + +if [ "$1" = 'frankenphp' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then + # Install the project the first time PHP is started + # After the installation, the following block can be deleted + if [ ! -f composer.json ]; then + rm -Rf tmp/ + composer create-project "symfony/skeleton $SYMFONY_VERSION" tmp --stability="$STABILITY" --prefer-dist --no-progress --no-interaction --no-install + + cd tmp + cp -Rp . .. + cd - + rm -Rf tmp/ + + composer require "php:>=$PHP_VERSION" runtime/frankenphp-symfony + composer config --json extra.symfony.docker 'true' + + if grep -q ^DATABASE_URL= .env; then + echo 'To finish the installation please press Ctrl+C to stop Docker Compose and run: docker compose up --build --wait' + sleep infinity + fi + fi + + if [ -z "$(ls -A 'vendor/' 2>/dev/null)" ]; then + composer install --prefer-dist --no-progress --no-interaction + fi + + # Display information about the current project + # Or about an error in project initialization + php bin/console -V + + if grep -q ^DATABASE_URL= .env.local; then + echo 'Waiting for database to be ready...' + ATTEMPTS_LEFT_TO_REACH_DATABASE=60 + until [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ] || DATABASE_ERROR=$(php bin/console dbal:run-sql -q "SELECT 1" 2>&1); do + if [ $? -eq 255 ]; then + # If the Doctrine command exits with 255, an unrecoverable error occurred + ATTEMPTS_LEFT_TO_REACH_DATABASE=0 + break + fi + sleep 1 + ATTEMPTS_LEFT_TO_REACH_DATABASE=$((ATTEMPTS_LEFT_TO_REACH_DATABASE - 1)) + echo "Still waiting for database to be ready... Or maybe the database is not reachable. $ATTEMPTS_LEFT_TO_REACH_DATABASE attempts left." + done + + if [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ]; then + echo 'The database is not up or not reachable:' + echo "$DATABASE_ERROR" + exit 1 + else + echo 'The database is now ready and reachable' + fi + + if [ "$( find ./migrations -iname '*.php' -print -quit )" ]; then + echo 'Migrating database...' + php bin/console doctrine:migrations:migrate --no-interaction --all-or-nothing + fi + fi + + setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var + setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var + + echo 'PHP app ready!' +fi + +exec docker-php-entrypoint "$@" diff --git a/symfony.lock b/symfony.lock index ce3a2e8..49617ad 100644 --- a/symfony.lock +++ b/symfony.lock @@ -14,7 +14,7 @@ ] }, "doctrine/doctrine-migrations-bundle": { - "version": "3.2", + "version": "3.4", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", @@ -39,7 +39,7 @@ ] }, "symfony/debug-bundle": { - "version": "6.2", + "version": "7.2", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", @@ -95,7 +95,7 @@ ] }, "symfony/maker-bundle": { - "version": "1.48", + "version": "1.63", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", @@ -161,8 +161,7 @@ "branch": "main", "version": "7.0", "ref": "0df5844274d871b37fc3816c57a768ffc60a43a5" - }, - "files": [] + } }, "symfony/validator": { "version": "7.2", @@ -190,6 +189,6 @@ ] }, "twig/extra-bundle": { - "version": "v3.5.1" + "version": "v3.21.0" } }