Skip to content

Commit

Permalink
push to dockerhub
Browse files Browse the repository at this point in the history
  • Loading branch information
@marcomoscardini01
marcomoscardini01 committed Dec 16, 2024
1 parent 6597e6e commit 10e3473
Show file tree
Hide file tree
Showing 6 changed files with 82 additions and 24 deletions.
10 changes: 1 addition & 9 deletions .env
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,3 @@
APP_ENV=dev
APP_SECRET="secret"
DATABASE_URL=mysql://root:openchurch@db:3306/openchurch?serverVersion=11.5.2-MariaDB&charset=utf8mb4
HOST_API=api.openchurch.local/api
HOST_ADMIN=admin.openchurch.local
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
LOCK_DSN=flock
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'

ELASTIC_PASSWORD=admin
ELASTICSEARCH_IRI=https://elastic:admin@elasticsearch:9200
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
48 changes: 48 additions & 0 deletions .github/workflows/github-actions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,54 @@ permissions:
contents: read

jobs:
build-docker-image:
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/preprod' || github.ref == 'refs/heads/prod' || github.ref == 'refs/heads/feat/v2'
runs-on: ubuntu-latest
needs: tests
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_REGISTRY: docker.pkg.github.com
DOCKER_REPOSITORY: docker.io
DOCKER_IMAGE_PHP: hozanaci/openchurch-backend
DOCKER_IMAGE_PYTHON: hozanaci/openchurch-sync
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create version.json file
run: |
echo "{ \"version\": \"$(git rev-parse --short HEAD)\", \"build\": \"$(date)\", \"branch\": \"$(git rev-parse --abbrev-ref HEAD)\", \"tag\": \"$(git name-rev --tags --name-only $(git rev-parse HEAD))\" } " > public/version.json
- name: Build and push the image to DockerHub
run: |
echo "$DOCKER_PASSWORD" | docker login $DOCKER_REPOSITORY -u $DOCKER_USERNAME --password-stdin
docker build -t $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD) docker/php/.
docker push $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD)
docker build -t $DOCKER_IMAGE_PYTHON:$(git rev-parse --short HEAD) docker/python/.
docker push $DOCKER_IMAGE_PYTHON:$(git rev-parse --short HEAD)
publish-docker-image:
runs-on: ubuntu-latest
needs: build-docker-image
if: github.ref == 'refs/heads/preprod' || github.ref == 'refs/heads/prod' || github.ref == 'refs/heads/feat/v2'
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_REGISTRY: docker.pkg.github.com
DOCKER_REPOSITORY: docker.io
DOCKER_IMAGE_PHP: hozanaci/openchurch-backend
DOCKER_IMAGE_PYTHON: hozanaci/openchurch-sync
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Publish latest tag for docker image to DockerHub
run: |
echo "$DOCKER_PASSWORD" | docker login $DOCKER_REPOSITORY -u $DOCKER_USERNAME --password-stdin
docker pull $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD)
docker tag $DOCKER_IMAGE_PHP:$(git rev-parse --short HEAD) $DOCKER_IMAGE_PHP:$(git rev-parse --abbrev-ref HEAD)
docker push $DOCKER_IMAGE_PHP:$(git rev-parse --abbrev-ref HEAD)
docker tag $DOCKER_IMAGE_PYTHON:$(git rev-parse --short HEAD) $DOCKER_IMAGE_PYTHON:$(git rev-parse --abbrev-ref HEAD)
docker push $DOCKER_IMAGE_PYTHON:$(git rev-parse --abbrev-ref HEAD)
tests:
runs-on: ubuntu-latest
# Docs: https://docs.github.com/en/actions/using-containerized-services
Expand Down
16 changes: 16 additions & 0 deletions .github/workflows/security.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Security

on:
push: ~
schedule:
- cron: "0 7 * * *"

permissions:
contents: read

jobs:
security-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: symfonycorp/security-checker-action@v5
6 changes: 6 additions & 0 deletions compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,13 @@ services:
- app-network
environment:
SERVER_NAME: localhost api.openchurch.local admin.openchurch.local
APP_ENV: dev
APP_SECRET: "secret"
DATABASE_URL: mysql://root:openchurch@db:3306/openchurch?serverVersion=11.5.2-MariaDB&charset=utf8mb4
HOST_API: api.openchurch.local/api
HOST_ADMIN: admin.openchurch.local
ELASTIC_PASSWORD: admin
ELASTICSEARCH_IRI: https://elastic:admin@elasticsearch:9200

python:
container_name: openchurch_python
Expand Down
18 changes: 8 additions & 10 deletions docker/php/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@ RUN docker-php-ext-install \
gmp

# add PECL extensions
RUN pecl install apcu && docker-php-ext-enable apcu && \
pecl install xdebug && docker-php-ext-enable xdebug
RUN pecl install apcu && docker-php-ext-enable apcu

COPY src/ /var/www/html/src/
COPY public/ /var/www/html/public/
Expand All @@ -48,20 +47,19 @@ COPY composer.lock /var/www/html/
COPY symfony.lock /var/www/html/
COPY usr/local/bin/docker-php-entrypoint /usr/local/bin/
COPY .env /var/www/html/
COPY .env.test /var/www/html/
COPY etc/cron.d/backend /etc/cron.d/backend

# The following line is needed only for load tests
COPY tests/ /var/www/html/tests/
COPY etc/caddy/Caddyfile /etc/caddy/Caddyfile
COPY etc/logrotate.d/symfony /etc/logrotate.d/symfony
RUN mkdir -p var/{cache,log} && mkdir -p var/cache/prod && chown -R ${USER}:${USER} var

RUN \
# Ajouter la capacité supplémentaire de se lier aux ports 80 et 443
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp &&\
# Donner l'accès en écriture à /data/caddy et /config/caddy
chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy;
RUN COMPOSER_MEMORY_LIMIT=-1 composer install --no-scripts --no-progress --no-suggest --prefer-dist --no-interaction
RUN mkdir -p var/cache && mkdir -p var/log && mkdir -p var/cache/prod && chown -R ${USER}:${USER} var

# Ajouter la capacité supplémentaire de se lier aux ports 80 et 443
# Donner l'accès en écriture à /data/caddy et /config/caddy
RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp && \
chown -R ${USER}:${USER} /data/caddy && chown -R ${USER}:${USER} /config/caddy;

RUN rm -f /var/run/crond.pid

Expand Down
8 changes: 3 additions & 5 deletions usr/local/bin/docker-php-entrypoint
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ if [ "$APP_ENV" != 'prod' ]; then
apt update && apt install -y mycli inetutils-telnet zip
fi

pecl install xdebug
docker-php-ext-enable xdebug

# Install composer dependencies
COMPOSER_MEMORY_LIMIT=-1 /usr/local/bin/composer -n install --optimize-autoloader --classmap-authoritative
fi
Expand Down Expand Up @@ -45,11 +48,6 @@ fi
# Clear cache https://github.com/symfony/symfony/issues/23592#issuecomment-318627886
rm -rf var/cache/prod/* var/cache/dev/* var/cache/test/*

if [ "$APP_ENV" == 'prod' ]; then
# Install composer dependencies
COMPOSER_MEMORY_LIMIT=-1 composer install --no-scripts --no-progress --no-suggest --prefer-dist --no-interaction
fi

# Dump parameters
# Disabled for now, portainer env variables values does not seem to be taken into account
#composer dump-env "${APP_ENV:=prod}"
Expand Down

0 comments on commit 10e3473

Please sign in to comment.