Skip to content

Commit 10e3473

Browse files
marcomoscardini01marcomoscardini01
committed
push to dockerhub
1 parent 6597e6e commit 10e3473

File tree

6 files changed

+82
-24
lines changed

6 files changed

+82
-24
lines changed

.env

+1-9
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,3 @@
1-
APP_ENV=dev
2-
APP_SECRET="secret"
3-
DATABASE_URL=mysql://root:openchurch@db:3306/openchurch?serverVersion=11.5.2-MariaDB&charset=utf8mb4
4-
HOST_API=api.openchurch.local/api
5-
HOST_ADMIN=admin.openchurch.local
61
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
72
LOCK_DSN=flock
8-
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
9-
10-
ELASTIC_PASSWORD=admin
11-
ELASTICSEARCH_IRI=https://elastic:admin@elasticsearch:9200
3+
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'

.github/workflows/github-actions.yml

+48
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,54 @@ permissions:
77
contents: read
88

99
jobs:
10+
build-docker-image:
11+
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/preprod' || github.ref == 'refs/heads/prod' || github.ref == 'refs/heads/feat/v2'
12+
runs-on: ubuntu-latest
13+
needs: tests
14+
env:
15+
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
16+
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
17+
DOCKER_REGISTRY: docker.pkg.github.com
18+
DOCKER_REPOSITORY: docker.io
19+
DOCKER_IMAGE_PHP: hozanaci/openchurch-backend
20+
DOCKER_IMAGE_PYTHON: hozanaci/openchurch-sync
21+
steps:
22+
- name: Checkout
23+
uses: actions/checkout@v4
24+
- name: Create version.json file
25+
run: |
26+
echo "{ \"version\": \"$(git rev-parse --short HEAD)\", \"build\": \"$(date)\", \"branch\": \"$(git rev-parse --abbrev-ref HEAD)\", \"tag\": \"$(git name-rev --tags --name-only $(git rev-parse HEAD))\" } " > public/version.json
27+
- name: Build and push the image to DockerHub
28+
run: |
29+
echo "$DOCKER_PASSWORD" | docker login $DOCKER_REPOSITORY -u $DOCKER_USERNAME --password-stdin
30+
docker build -t $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD) docker/php/.
31+
docker push $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD)
32+
docker build -t $DOCKER_IMAGE_PYTHON:$(git rev-parse --short HEAD) docker/python/.
33+
docker push $DOCKER_IMAGE_PYTHON:$(git rev-parse --short HEAD)
34+
35+
publish-docker-image:
36+
runs-on: ubuntu-latest
37+
needs: build-docker-image
38+
if: github.ref == 'refs/heads/preprod' || github.ref == 'refs/heads/prod' || github.ref == 'refs/heads/feat/v2'
39+
env:
40+
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
41+
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
42+
DOCKER_REGISTRY: docker.pkg.github.com
43+
DOCKER_REPOSITORY: docker.io
44+
DOCKER_IMAGE_PHP: hozanaci/openchurch-backend
45+
DOCKER_IMAGE_PYTHON: hozanaci/openchurch-sync
46+
steps:
47+
- name: Checkout
48+
uses: actions/checkout@v4
49+
- name: Publish latest tag for docker image to DockerHub
50+
run: |
51+
echo "$DOCKER_PASSWORD" | docker login $DOCKER_REPOSITORY -u $DOCKER_USERNAME --password-stdin
52+
docker pull $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD)
53+
docker tag $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD) $DOCKER_IMAGE_PHP:$(git rev-parse --abbrev-ref HEAD)
54+
docker push $DOCKER_IMAGE_PHP:$(git rev-parse --abbrev-ref HEAD)
55+
docker tag $DOCKER_IMAGE_PYTHON:$(git rev-parse --short HEAD) $DOCKER_IMAGE_PYTHON:$(git rev-parse --abbrev-ref HEAD)
56+
docker push $DOCKER_IMAGE_PYTHON:$(git rev-parse --abbrev-ref HEAD)
57+
1058
tests:
1159
runs-on: ubuntu-latest
1260
# Docs: https://docs.github.com/en/actions/using-containerized-services

.github/workflows/security.yml

+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
name: Security
2+
3+
on:
4+
push: ~
5+
schedule:
6+
- cron: "0 7 * * *"
7+
8+
permissions:
9+
contents: read
10+
11+
jobs:
12+
security-check:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- uses: actions/checkout@v4
16+
- uses: symfonycorp/security-checker-action@v5

compose.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,13 @@ services:
6060
- app-network
6161
environment:
6262
SERVER_NAME: localhost api.openchurch.local admin.openchurch.local
63+
APP_ENV: dev
64+
APP_SECRET: "secret"
6365
DATABASE_URL: mysql://root:openchurch@db:3306/openchurch?serverVersion=11.5.2-MariaDB&charset=utf8mb4
66+
HOST_API: api.openchurch.local/api
67+
HOST_ADMIN: admin.openchurch.local
68+
ELASTIC_PASSWORD: admin
69+
ELASTICSEARCH_IRI: https://elastic:admin@elasticsearch:9200
6470

6571
python:
6672
container_name: openchurch_python

docker/php/Dockerfile

+8-10
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,7 @@ RUN docker-php-ext-install \
3333
gmp
3434

3535
# add PECL extensions
36-
RUN pecl install apcu && docker-php-ext-enable apcu && \
37-
pecl install xdebug && docker-php-ext-enable xdebug
36+
RUN pecl install apcu && docker-php-ext-enable apcu
3837

3938
COPY src/ /var/www/html/src/
4039
COPY public/ /var/www/html/public/
@@ -48,20 +47,19 @@ COPY composer.lock /var/www/html/
4847
COPY symfony.lock /var/www/html/
4948
COPY usr/local/bin/docker-php-entrypoint /usr/local/bin/
5049
COPY .env /var/www/html/
51-
COPY .env.test /var/www/html/
5250
COPY etc/cron.d/backend /etc/cron.d/backend
5351

5452
# The following line is needed only for load tests
55-
COPY tests/ /var/www/html/tests/
5653
COPY etc/caddy/Caddyfile /etc/caddy/Caddyfile
5754
COPY etc/logrotate.d/symfony /etc/logrotate.d/symfony
58-
RUN mkdir -p var/{cache,log} && mkdir -p var/cache/prod && chown -R ${USER}:${USER} var
5955

60-
RUN \
61-
# Ajouter la capacité supplémentaire de se lier aux ports 80 et 443
62-
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp &&\
63-
# Donner l'accès en écriture à /data/caddy et /config/caddy
64-
chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy;
56+
RUN COMPOSER_MEMORY_LIMIT=-1 composer install --no-scripts --no-progress --no-suggest --prefer-dist --no-interaction
57+
RUN mkdir -p var/cache && mkdir -p var/log && mkdir -p var/cache/prod && chown -R ${USER}:${USER} var
58+
59+
# Ajouter la capacité supplémentaire de se lier aux ports 80 et 443
60+
# Donner l'accès en écriture à /data/caddy et /config/caddy
61+
RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp && \
62+
chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy;
6563

6664
RUN rm -f /var/run/crond.pid
6765

usr/local/bin/docker-php-entrypoint

+3-5
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@ if [ "$APP_ENV" != 'prod' ]; then
1616
apt update && apt install -y mycli inetutils-telnet zip
1717
fi
1818

19+
pecl install xdebug
20+
docker-php-ext-enable xdebug
21+
1922
# Install composer dependencies
2023
COMPOSER_MEMORY_LIMIT=-1 /usr/local/bin/composer -n install --optimize-autoloader --classmap-authoritative
2124
fi
@@ -45,11 +48,6 @@ fi
4548
# Clear cache https://github.com/symfony/symfony/issues/23592#issuecomment-318627886
4649
rm -rf var/cache/prod/* var/cache/dev/* var/cache/test/*
4750

48-
if [ "$APP_ENV" == 'prod' ]; then
49-
# Install composer dependencies
50-
COMPOSER_MEMORY_LIMIT=-1 composer install --no-scripts --no-progress --no-suggest --prefer-dist --no-interaction
51-
fi
52-
5351
# Dump parameters
5452
# Disabled for now, portainer env variables values does not seem to be taken into account
5553
#composer dump-env "${APP_ENV:=prod}"

0 commit comments

Comments
 (0)