feat: create docker workflow (#41)

* Create workflow to publish * Create entrypoint and docker file Credit: lychee docker * wip * Switch to sqlite * update * Bump php deps * Update .env.example * Switch to php8.2 * Public css and js * Restyle feat: create docker (#42) * Restyled by clang-format * Restyled by jq * Restyled by prettier * Restyled by prettier-json * Restyled by shellharden * Restyled by shfmt Co-authored-by: Restyled.io <[email protected]> * Create restyled.yml * Restyle feat: create docker (#43) * Restyled by clang-format * Restyled by prettier Co-authored-by: Restyled.io <[email protected]> * npm run dev * Update phpstan-baseline.neon * Update filament-shield.php * Fix socials * Update BrowserSessionsTest.php Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com> Co-authored-by: Restyled.io <[email protected]>
Simoneu01 · Jan 26, 2023 · afaef66 · afaef66
1 parent 2e5e097
commit afaef66
Show file tree

Hide file tree

Showing 17 changed files with 30,157 additions and 1,426 deletions.
diff --git a/.env.example b/.env.example
@@ -2,18 +2,14 @@ APP_NAME=BeSerious.GG
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
-APP_URL=http://localhost
+APP_URL=http://beserious.gg
 
 LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=deprecations
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_PORT=3306
-DB_DATABASE=beseriousgg
-DB_USERNAME=root
-DB_PASSWORD=
+DB_CONNECTION=sqlite
+DB_FOREIGN_KEYS=true
 
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file

diff --git a/.github/restyled.yml b/.github/restyled.yml
@@ -0,0 +1,4 @@
+exclude:
+  - "**/public/**"
+  - "**/node_modules/**/*"
+  - "**/vendor/**/*"
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,42 @@
+name: Create and publish a Docker image
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.TOKEN_GITHUB }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.gitignore b/.gitignore
@@ -11,5 +11,3 @@ Homestead.yaml
 npm-debug.log
 yarn-error.log
 .idea
-/public/css
-/public/js
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
@@ -0,0 +1,93 @@
+FROM debian:bookworm-slim
+
+# Set version label
+LABEL maintainer="Simoneu01"
+
+# Environment variables
+ENV PUID='1000'
+ENV PGID='1000'
+ENV USER='beserious'
+ENV PHP_TZ=UTC
+
+# Arguments
+# To use the latest BeSerious release instead of master pass `--build-arg TARGET=release` to `docker build`
+ARG TARGET=dev
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Install php reposotory
+RUN \
+    set -ev && \
+    apt-get update && \
+    apt-get upgrade -y
+
+# Install base dependencies
+RUN apt-get install -y --no-install-recommends \
+    git  \
+    curl  \
+    webp  \
+    cron  \
+    composer  \
+    unzip  \
+    adduser  \
+    nginx-light
+
+# Install php dependencies
+RUN apt-get install -y --no-install-recommends  \
+    php8.2 \
+    php8.2-sqlite3 \
+    php8.2-mbstring \
+    php8.2-gd \
+    php8.2-xml \
+    php8.2-zip \
+    php8.2-fpm \
+    php8.2-redis \
+    php8.2-bcmath \
+    php8.2-intl
+
+# Add user
+RUN addgroup --gid "$PGID" "$USER" && \
+    adduser --gecos '' --no-create-home --disabled-password --uid "$PUID" --gid "$PGID" "$USER"
+
+# Clone the repository
+RUN cd /var/www/html && \
+    git clone -b docker https://github.com/Simoneu01/BeSerious.GG.git && \
+    mv BeSerious.GG/.git/refs/heads/main BeSerious.GG/main || cp BeSerious.GG/.git/HEAD BeSerious.GG/main && \
+    mv BeSerious.GG/.git/HEAD BeSerious.GG/HEAD && \
+    rm -r BeSerious.GG/.git/* && \
+    mkdir -p BeSerious.GG/.git/refs/heads && \
+    mv BeSerious.GG/HEAD BeSerious.GG/.git/HEAD && \
+    mv BeSerious.GG/main BeSerious.GG/.git/refs/heads/main && \
+    cd /var/www/html/BeSerious.GG && \
+    composer install --no-dev --prefer-dist && \
+    find . -wholename '*/[Tt]ests/*' -delete && \
+    find . -wholename '*/[Tt]est/*' -delete && \
+    rm -r storage/framework/cache/data/* 2> /dev/null || true && \
+    rm    storage/framework/sessions/* 2> /dev/null || true && \
+    rm    storage/framework/views/* 2> /dev/null || true && \
+    rm    storage/logs/* 2> /dev/null || true && \
+    chown -R www-data:www-data /var/www/html/BeSerious.GG && \
+    echo "* * * * * www-data cd /var/www/html/BeSerious.GG && php artisan schedule:run >> /dev/null 2>&1" >> /etc/crontab && \
+    apt-get purge -y --autoremove git && \
+    apt-get clean -qy &&\
+    rm -rf /var/lib/apt/lists/*
+
+# Add custom Nginx configuration
+COPY default.conf /etc/nginx/nginx.conf
+
+EXPOSE 80
+#VOLUME /conf /uploads /sym
+VOLUME /conf
+
+WORKDIR /var/www/html/BeSerious.GG
+
+COPY entrypoint.sh inject.sh /
+
+RUN chmod +x /entrypoint.sh && \
+    chmod +x /inject.sh && \
+    if [ ! -e /run/php ] ; then mkdir /run/php ; fi
+
+HEALTHCHECK CMD curl --fail http://localhost:80/ || exit 1
+
+ENTRYPOINT [ "/entrypoint.sh" ]
+
+CMD [ "nginx" ]
diff --git a/Docker/default.conf b/Docker/default.conf
@@ -0,0 +1,107 @@
+user www-data;
+worker_processes auto;
+daemon off;
+
+error_log /var/log/nginx/error.log;
+error_log stderr;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Maps to exclude successful Docker health checks from stdout
+    map $remote_addr $loggable_ip {
+        127.0.0.1 "";
+        default 1;
+    }
+    map $status $loggable_status {
+        200 "";
+        default 1;
+    }
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+    access_log  /dev/stdout  main if=$loggable_status$loggable_ip;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    # By default, if the processing of images takes more than 60s,
+    # a 504 Gateway timeout occurs, so we increase the timeout here
+    # to allow procesing of large images or when multiple images are
+    # being processed at the same time. We set max_execution_time
+    # below to the same value.
+    fastcgi_read_timeout 3600;
+
+    # We also set the send timeout since this can otherwise also cause
+    # issues with slow connections
+    fastcgi_send_timeout 3600;
+
+    gzip  on;
+
+    server {
+        root /var/www/html/BeSerious.GG/public;
+        listen       80;
+        server_name  localhost;
+        client_max_body_size 100M;
+
+        # serve static files directly
+        location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
+            access_log off;
+            expires max;
+            log_not_found off;
+        }
+
+        # removes trailing slashes (prevents SEO duplicate content issues)
+        if (!-d $request_filename)
+        {
+            rewrite ^/(.+)/$ /$1 permanent;
+        }
+
+        # If the request is not for a valid file (image, js, css, etc.), send to bootstrap
+        if (!-e $request_filename)
+        {
+            rewrite ^/(.*)$ /index.php?/$1 last;
+            break;
+        }
+
+        location / {
+            index  index.php
+            try_files $uri $uri/ /index.php?$query_string;
+        }
+
+        # Serve /index.php through PHP
+        location = /index.php {
+            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+            try_files $uri $document_root$fastcgi_script_name =404;
+
+            # Mitigate https://httpoxy.org/ vulnerabilities
+            fastcgi_param HTTP_PROXY "";
+
+            fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+            fastcgi_index index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PHP_VALUE "post_max_size=100M
+                max_execution_time=3600
+                upload_max_filesize=100M
+                memory_limit=256M";
+            fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
+            include fastcgi_params;
+        }
+
+        # Deny access to other .php files, rather than exposing their contents
+        location ~ [^/]\.php(/|$) {
+            return 403;
+        }
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+set -e
+
+# Read Last commit hash from .git
+# This prevents installing git, and allows display of commit
+read -r longhash </var/www/html/BeSerious.GG/.git/refs/heads/main
+shorthash=$(echo "$longhash" | cut -c1-7)
+BeSeriousVersion='1.0.0'
+echo '
+-------------------------------------
+  _               _
+ | |   _   _  ___| |__   ___  ___
+ | |  | | | |/ __|  _ \ / _ \/ _ \
+ | |__| |_| | (__| | | |  __/  __/
+ |_____\__, |\___|_| |_|\___|\___|
+ | |   |___/ _ __ __ ___   _____| |
+ | |   / _'\'' | '\''__/ _'\'' \ \ / / _ \ |
+ | |__| (_| | | | (_| |\ V /  __/ |
+ |_____\__,_|_|  \__,_| \_/ \___|_|
+-------------------------------------
+BeSerious.GG Version: '"$BeSeriousVersion"'
+BeSerious.GG Commit:  '"$shorthash"'
+https://github.com/Simoneu01/BeSerious.GG/commit/'"$longhash"'
+-------------------------------------'
+
+if [ -n "$STARTUP_DELAY" ]; then
+  echo "**** Delaying startup ($STARTUP_DELAY seconds)... ****"
+  sleep "$STARTUP_DELAY"
+fi
+
+echo "**** Make sure the /conf folder exist ****"
+[ ! -d /conf ] && mkdir -p /conf
+
+cd /var/www/html/BeSerious.GG
+
+if
+  [ "$DB_CONNECTION" = "sqlite" ] || [ -z "$DB_CONNECTION" ]
+  echo "**** DATABASE PATH  ****"
+  echo "$DB_DATABASE"
+then
+  if [ -n "$DB_DATABASE" ]; then
+    if [ ! -e "$DB_DATABASE" ]; then
+      echo "**** Specified sqlite database doesn't exist. Creating it ****"
+      echo "**** Please make sure your database is on a persistent volume ****"
+      touch "$DB_DATABASE"
+      chown www-data:www-data "$DB_DATABASE"
+    fi
+    chown www-data:www-data "$DB_DATABASE"
+  else
+    DB_DATABASE="/var/www/html/BeSerious.GG/database/database.sqlite"
+    export DB_DATABASE
+    if [ ! -L database/database.sqlite ]; then
+      [ ! -e /conf/database.sqlite ] &&
+        echo "**** Create the database  ****"
+      touch "$DB_DATABASE"
+      chown www-data:www-data "$DB_DATABASE"
+
+      echo "**** Copy the default database to /conf ****" &&
+        cp database/database.sqlite /conf/database.sqlite
+      echo "**** Create the symbolic link for the database ****"
+      rm database/database.sqlite
+      ln -s /conf/database.sqlite database/database.sqlite
+      chown -h www-data:www-data /conf /conf/database.sqlite database/database.sqlite
+    fi
+  fi
+fi
+
+echo "**** Copy the .env to /conf ****" &&
+  [ ! -e /conf/.env ] &&
+  sed 's|^#DB_DATABASE=$|DB_DATABASE='"$DB_DATABASE"'|' /var/www/html/BeSerious.GG/.env.example >/conf/.env
+[ ! -L /var/www/html/BeSerious.GG/.env ] &&
+  ln -s /conf/.env /var/www/html/BeSerious.GG/.env
+echo "**** Inject .env values ****" &&
+  /inject.sh
+
+[ ! -e /tmp/first_run ] &&
+  echo "**** [DEBUG] List files ****" &&
+  ls -la /var/www/html/BeSerious.GG &&
+  echo "**** Generate the key (to make sure that cookies cannot be decrypted etc) ****" &&
+  php artisan key:generate -n &&
+  echo "**** Migrate the database ****" &&
+  php artisan migrate --force &&
+  touch /tmp/first_run
+
+echo "**** Create user and use PUID/PGID ****"
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+if [ ! "$(id -u "$USER")" -eq "$PUID" ]; then usermod -o -u "$PUID" "$USER"; fi
+if [ ! "$(id -g "$USER")" -eq "$PGID" ]; then groupmod -o -g "$PGID" "$USER"; fi
+echo -e " \tUser UID :\t$(id -u "$USER")"
+echo -e " \tUser GID :\t$(id -g "$USER")"
+
+echo "**** Make sure Laravel's log exists ****" &&
+  touch /var/www/html/BeSerious.GG/storage/logs/laravel.log
+
+echo "**** Set Permissions ****" &&
+  # Set ownership of directories, then files and only when required. See LycheeOrg/Lychee-Docker#120
+  find /conf/.env \( ! -user "$USER" -o ! -group "$USER" \) -exec chown "$USER":"$USER" \{\} \;
+# Laravel needs to be able to chmod user.css for no good reason
+find /var/www/html/BeSerious.GG/storage/logs/laravel.log \( ! -user "www-data" -o ! -group "$USER" \) -exec chown www-data:"$USER" \{\} \;
+usermod -a -G "$USER" www-data
+find /conf/.env /var/www/html/BeSerious.GG/storage/logs/laravel.log \( ! -perm -ug+w -o ! -perm -ugo+rX \) -exec chmod ug+w,ugo+rX \{\} \;
+
+# Update CA Certificates if we're using armv7 because armv7 is weird (#76)
+if [[ $(uname -a) == *"armv7"* ]]; then
+  echo "**** Updating CA certificates ****"
+  update-ca-certificates -f
+fi
+
+echo "**** Start cron daemon ****"
+service cron start
+
+echo "**** Setup complete, starting the server. ****"
+php-fpm8.2
+exec "$@"