-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(docker): add basic docker support #1433
Open
desaintmartin
wants to merge
5
commits into
fossar:master
Choose a base branch
from
desaintmartin:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
f310943
feat(docker): add basic docker support
desaintmartin e6d264c
changes following review.
desaintmartin b405f3a
use more modern syntax, upgrade to php 8.3
desaintmartin e83ad76
Introduce github workflow
desaintmartin 0bf1e20
changes following review (again).
desaintmartin File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Taken from .gitignore | ||
/assets/.parcel-cache | ||
/data/favicons/*.png | ||
/data/favicons/*.jpg | ||
/data/thumbnails/*.png | ||
/data/thumbnails/*.jpg | ||
/data/cache/*.spc | ||
/data/logs/*.log | ||
/data/sqlite/*.db | ||
/public | ||
docs/public/ | ||
docs/static/processed_images/ | ||
user.css | ||
user.js | ||
*.ini | ||
node_modules | ||
.env | ||
vendor/ | ||
.php_cs.cache | ||
__pycache__ | ||
|
||
# Regular docker ignore | ||
.dockerignore | ||
Dockerfile | ||
.git | ||
.github | ||
.gitignore | ||
*.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# According to https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio | ||
name: Create and publish a Container image | ||
|
||
on: | ||
push: | ||
tags: | ||
- '*' | ||
branches: | ||
- master | ||
- docker | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
build-and-push-image: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4.1.1 | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@v3.2.0 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@v5.0.0 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
push: true | ||
file: Dockerfile | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# syntax=docker/dockerfile:1.9@sha256:5510f694edfe648d961b59dcf217026485e560d2663c73e45067b8c8d7a6d247 | ||
|
||
### Stage 1: build client | ||
FROM node:20 AS client-builder | ||
WORKDIR /client-builder | ||
|
||
# Install node packages | ||
RUN --mount=type=bind,source=package.json,target=package.json \ | ||
--mount=type=bind,source=client/package.json,target=client/package.json \ | ||
--mount=type=bind,source=client/package-lock.json,target=client/package-lock.json \ | ||
--mount=type=cache,sharing=locked,id=npmcache,mode=0777,target=/root/.npm \ | ||
npm run install-dependencies-ci:client | ||
|
||
# Build client | ||
COPY client/ client/ | ||
RUN --mount=type=bind,source=package.json,target=package.json \ | ||
--mount=type=bind,source=client/package.json,target=client/package.json \ | ||
--mount=type=bind,source=client/package-lock.json,target=client/package-lock.json \ | ||
--mount=type=cache,sharing=locked,id=npmcache,mode=0777,target=/root/.npm \ | ||
npm run build | ||
|
||
|
||
### Stage 2: final container | ||
FROM php:8.3-apache | ||
# Install runtime & development package dependencies & php extensions | ||
# then clean-up dev package dependencies | ||
RUN export DEBIAN_FRONTEND=noninteractive \ | ||
&& apt update \ | ||
&& apt install -y --no-install-recommends \ | ||
unzip \ | ||
libjpeg62-turbo libpng16-16 libpq5 libonig5 libtidy5deb1 \ | ||
libjpeg62-turbo-dev libpng-dev libpq-dev libonig-dev libtidy-dev \ | ||
&& update-ca-certificates --fresh \ | ||
&& docker-php-ext-configure gd --with-jpeg \ | ||
&& docker-php-ext-install -j$(nproc) gd mbstring pdo_pgsql pdo_mysql tidy \ | ||
&& apt remove -y libjpeg62-turbo-dev libpng-dev libpq-dev libonig-dev libtidy-dev \ | ||
&& apt autoremove -y \ | ||
&& apt clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Install Apache modules | ||
RUN a2enmod headers rewrite | ||
|
||
# Install Selfoss PHP dependencies | ||
RUN --mount=type=bind,source=composer.json,target=composer.json \ | ||
--mount=type=bind,source=composer.lock,target=composer.lock \ | ||
--mount=type=bind,from=composer:2,source=/usr/bin/composer,target=/usr/bin/composer \ | ||
COMPOSER_ALLOW_SUPERUSER=1 composer install --optimize-autoloader --no-dev | ||
|
||
# Install Selfoss and copy frontend from the first stage | ||
WORKDIR /var/www/html | ||
COPY . . | ||
COPY --from=client-builder /client-builder/public /var/www/html/public | ||
|
||
# Use www-data user as owner and drop root user | ||
RUN chown -R www-data:www-data /var/www/html/data | ||
USER www-data | ||
|
||
VOLUME /var/www/html/data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIUC, each
RUN
creates a new layer which is suboptimal https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#minimize-the-number-of-layersThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, but having more separate, atomic layers with fine-grained
COPY
is far better than a few non-atomic layers. Each layer actually add a few bytes (technically speaking, a layer is a tar file, and all layers of an image are mounted on top of the previous ones)