5402: Update infrastructure for 3.0

Author: turegjorup

.dockerignore

@@ -0,0 +1,68 @@
+/.git
+!/.git/config
+
+# Unneeded application files
+/.docker/data/README.md
+/.github
+/docs
+/fixtures
+/infrastructure
+/public/build
+/public/fixtures
+public/build
+public/fixtures
+public/media/*
+!public/media/thumbnail_other.png
+!public/media/thumbnail_video.png
+/scripts
+/tests
+
+###> symfony/framework-bundle ###
+/.env.local
+/.env.local.php
+/.env.*.local
+/config/secrets/prod/prod.decrypt.private.php
+/var/
+/vendor/
+###< symfony/framework-bundle ###
+
+###> friendsofphp/php-cs-fixer ###
+/.php-cs-fixer.php
+/.php-cs-fixer.cache
+###< friendsofphp/php-cs-fixer ###
+
+###> phpunit/phpunit ###
+/phpunit.xml
+.phpunit.result.cache
+###< phpunit/phpunit ###
+
+###> lexik/jwt-authentication-bundle ###
+/config/jwt/*.pem
+###< lexik/jwt-authentication-bundle ###
+
+xdebug.ini
+launch.json
+
+###> liip/imagine-bundle ###
+/public/media/cache/
+###< liip/imagine-bundle ###
+
+###> phpstan/phpstan ###
+phpstan.neon
+###< phpstan/phpstan ###
+
+###> pentatrion/vite-bundle ###
+/node_modules/
+/public/build/
+###< pentatrion/vite-bundle ###
+
+#> Playwright
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
+#< Playwright
+
+###> vincentlanglet/twig-cs-fixer ###
+/.twig-cs-fixer.cache
+###< vincentlanglet/twig-cs-fixer ###

.github/Taskfile.yml

@@ -0,0 +1,46 @@
+# Task file for GitHub Actions, https://taskfile.dev/
+
+version: "3"
+
+# https://taskfile.dev/usage/#env-files
+dotenv: [".env.local", ".env"]
+
+tasks:
+  default:
+    desc: "List all tasks"
+    cmds:
+      - task --list-all
+    silent: true
+
+  build-prod:
+    desc: "Build application for production"
+    cmds:
+      - task setup-network
+      - task composer-install
+      - task npm-install
+      - task install-cleanup
+
+  setup-network:
+    desc: "Setup docker frontend network"
+    cmds:
+      - docker network create frontend
+
+  composer-install:
+    desc: "Install dependencies with composer."
+    cmds:
+      - docker compose run --rm --env APP_ENV=prod phpfpm composer install --no-dev -o --classmap-authoritative
+      - docker compose run --rm --env APP_ENV=prod phpfpm composer clear-cache
+
+  npm-install:
+    desc: "Installs node dependencies with npm."
+    cmds:
+      - docker compose run --rm node npm install
+      - docker compose run --rm node npm run build
+
+  install-cleanup:
+    desc: "Cleanup after install"
+    cmds:
+      - rm -rf infrastructure
+      - rm -rf fixtures
+      - rm -rf tests
+      - rm -rf node_modules

.github/workflows/docker_build_images_from_develop.yml

@@ -14,24 +14,27 @@ jobs:
       APP_VERSION: develop
       COMPOSER_ALLOW_SUPERUSER: 1
     steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       # Build api
       - name: Docker meta (API)
         id: meta-api
         uses: docker/metadata-action@v5
         with:
-          images: os2display/os2display-api-service
+          images: os2display/display-api-service
 
       - name: Build and push (API)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./infrastructure/display-api-service/
           file: ./infrastructure/display-api-service/Dockerfile
@@ -40,16 +43,19 @@ jobs:
           push: true
           tags: ${{ steps.meta-api.outputs.tags }}
           labels: ${{ steps.meta-api.outputs.labels }}
+          provenance: mode=max
+          sbom: true
+          platforms: linux/amd64,linux/arm64
 
       # Build nginx (depends on api build)
       - name: Docker meta (Nginx)
         id: meta-nginx
         uses: docker/metadata-action@v5
         with:
-          images: os2display/os2display-api-service-nginx
+          images: os2display/display-api-service-nginx
 
       - name: Build and push (Nginx)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./infrastructure/nginx/
           file: ./infrastructure/nginx/Dockerfile
@@ -58,3 +64,6 @@ jobs:
           push: true
           tags: ${{ steps.meta-nginx.outputs.tags }}
           labels: ${{ steps.meta-nginx.outputs.labels }}
+          provenance: mode=max
+          sbom: true
+          platforms: linux/amd64,linux/arm64

.github/workflows/docker_build_images_from_tag.yml

@@ -10,27 +10,28 @@ name: Build docker image (tag)
 jobs:
   docker:
     runs-on: ubuntu-latest
-    env:
-      COMPOSER_ALLOW_SUPERUSER: 1
     steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       # Build api
       - name: Docker meta (API)
         id: meta-api
         uses: docker/metadata-action@v5
         with:
-          images: os2display/os2display-api-service
+          images: os2display/display-api-service
 
       - name: Build and push (API)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./infrastructure/display-api-service/
           file: ./infrastructure/display-api-service/Dockerfile
@@ -39,13 +40,15 @@ jobs:
           push: true
           tags: ${{ steps.meta-api.outputs.tags }}
           labels: ${{ steps.meta-api.outputs.labels }}
+          provenance: mode=max
+          sbom: true
 
       # Build nginx (depends on api build)
       - name: Docker meta (Nginx)
         id: meta-nginx
         uses: docker/metadata-action@v5
         with:
-          images: os2display/os2display-api-service-nginx
+          images: os2display/display-api-service-nginx
 
       - name: Get the tag
         id: get_tag
@@ -61,3 +64,5 @@ jobs:
           push: true
           tags: ${{ steps.meta-nginx.outputs.tags }}
           labels: ${{ steps.meta-nginx.outputs.labels }}
+          provenance: mode=max
+          sbom: true

.github/workflows/github_build_release.yml

@@ -8,23 +8,23 @@ name: Create Github Release
 permissions:
   contents: write
 
+env:
+  COMPOSE_USER: runner
+
 jobs:
   create-release:
     runs-on: ubuntu-latest
-    env:
-      COMPOSER_ALLOW_SUPERUSER: 1
-      APP_ENV: prod
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Composer install
-        run: |
-          docker network create frontend
-          docker compose run --rm --user=root --env APP_ENV=prod phpfpm composer install --no-dev -o --classmap-authoritative
-          docker compose run --rm --user=root --env APP_ENV=prod phpfpm composer clear-cache
-          rm -rf infrastructure
+      - name: Install Task task runner
+        uses: go-task/setup-task@v1
 
+      - name: Install, Build, Cleanup
+        run: |
+          task --taskfile=.github/Taskfile.yaml build-prod
+          
       - name: Make assets dir
         run: |
           mkdir -p ../assets
@@ -39,7 +39,7 @@ jobs:
 
       - name: Create a release in GitHub and uploads assets
         run: |
-          gh release create ${{ github.ref_name }} --verify-tag --generate-notes ../assets/*.*
+          gh release create ${{ github.ref_name }} --verify-tag --generate-notes ${{ steps.prerelease.outputs.flag }} ../assets/*.*
         env:
           GITHUB_TOKEN: ${{ github.TOKEN }}
         shell: bash

.gitignore

@@ -25,8 +25,6 @@
 /.php-cs-fixer.cache
 ###< friendsofphp/php-cs-fixer ###
 
-node_modules
-
 public/media/*
 !public/media/thumbnail_video.png
 !public/media/thumbnail_other.png

docker-compose.server.yml

@@ -8,7 +8,7 @@ networks:
 
 services:
   phpfpm:
-    image: itkdev/php8.3-fpm:alpine
+    image: itkdev/php8.4-fpm:alpine
     restart: unless-stopped
     networks:
       - app

docker-compose.yml

@@ -27,7 +27,7 @@ services:
       #- ENCRYPT=1 # Uncomment to enable database encryption.
 
   phpfpm:
-    image: itkdev/php8.3-fpm:latest
+    image: itkdev/php8.4-fpm:latest
     user: ${COMPOSE_USER:-deploy}
     networks:
       - app

infrastructure/build-n-push.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -eux
+
+APP_VERSION=develop
+
+docker pull itkdev/php8.4-fpm:alpine
+docker pull nginxinc/nginx-unprivileged:alpine
+
+docker build --build-context repository-root=.. \
+      --platform linux/amd64,linux/arm64 \
+      --pull \
+      --no-cache \
+      --build-arg APP_VERSION=${APP_VERSION} \
+      --tag=turegjorup/display-api-service:${APP_VERSION} \
+      --file="display-api-service/Dockerfile" display-api-service
+
+
+docker build --build-context repository-root=.. \
+      --platform linux/amd64,linux/arm64 \
+      --no-cache \
+      --build-arg VERSION=${APP_VERSION} \
+      --tag=turegjorup/display-api-service-nginx:${APP_VERSION} \
+      --file="nginx/Dockerfile" nginx
+
+docker push os2display/display-api-service:${APP_VERSION}
+docker push os2display/display-api-service-nginx:${APP_VERSION}