diff --git a/.docker/nginx/Dockerfile b/.docker/nginx/Dockerfile index d5af7c0..c48b4f2 100644 --- a/.docker/nginx/Dockerfile +++ b/.docker/nginx/Dockerfile @@ -1,22 +1,4 @@ FROM nginx:latest LABEL authors="andreas@heigl.org" -COPY ./ssl /etc/nginx/ssl -WORKDIR /etc/nginx -# -# This requires to have these commands run inside the nginx-folder to create the CA certificates -# -# > openssl genrsa -out ssl/ca.key 4096; \ -# > openssl req -x509 -new -nodes -subj "/C=ug/O=php/CN=development certificates;" -key ssl/ca.key -sha512 -days 3650 -out ssl/ca.crt; -# -RUN apt-get update && apt-get install -y openssl && \ - openssl genrsa -out "ssl/php.ug.lo.key" 2048 && \ - openssl req -new -subj "/C=ug/O=php/CN=php.ug.lo.lo" -key "ssl/php.ug.lo.key" -out "ssl/php.ug.lo.csr" && \ - openssl x509 -req -in "ssl/php.ug.lo.csr" -extfile "ssl/php.ug.lo.ext" -CA "ssl/ca.crt" -CAkey "ssl/ca.key" -CAcreateserial -out "ssl/php.ug.lo.crt" -days=365 -sha512 && \ - rm "ssl/php.ug.lo.csr" "ssl/ca.key" && \ - apt-get remove -y openssl - -WORKDIR /var/www/php.ug/public - - - +COPY build/ /var/www/html diff --git a/.docker/nginx/default.conf b/.docker/nginx/default.conf index ff686f5..7306f20 100644 --- a/.docker/nginx/default.conf +++ b/.docker/nginx/default.conf @@ -1,29 +1,15 @@ server { # Set the port to listen on and the server name - listen 80; - listen [::]:80; - server_name php.ug php.ug.lo; + listen 80 default_server; + listen [::]:80 default_server; + server_name _; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443 ssl; - listen 443 ssl; - server_name php.ug php.ug.lo; - # Set the document root of the project - root /var/www/php.ug/public; + root /var/www/html/public; # Set the directory index files index index.html index.php; - ssl_certificate /etc/nginx/ssl/php.ug.lo.crt; - ssl_certificate_key /etc/nginx/ssl/php.ug.lo.key; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - # Specify the default character set charset utf-8; @@ -58,7 +44,7 @@ server { sendfile off; - client_max_body_size 100m; + client_max_body_size 20m; # Specify what happens what .ht files are requested location ~ /\.ht { diff --git a/.docker/nginx/ssl/ca.crt b/.docker/nginx/ssl/ca.crt deleted file mode 100644 index 1ebe525..0000000 --- a/.docker/nginx/ssl/ca.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFZTCCA02gAwIBAgIUfQsM+KFueIgCAjvbKpV+IoPALVUwDQYJKoZIhvcNAQEN -BQAwQjELMAkGA1UEBhMCY2gxDzANBgNVBAoMBnRlYW11cDEiMCAGA1UEAwwZZGV2 -ZWxvcG1lbnQgY2VydGlmaWNhdGVzOzAeFw0yMTA0MTUxMDA3MTJaFw0zMTA0MTMx -MDA3MTJaMEIxCzAJBgNVBAYTAmNoMQ8wDQYDVQQKDAZ0ZWFtdXAxIjAgBgNVBAMM -GWRldmVsb3BtZW50IGNlcnRpZmljYXRlczswggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQDHFUrSML5xpF6Z5+AC9rw4lNZjpRlXSZjbLTFA8znOqaIdywaR -k+Q5MUefnn2SIJJjQUjyAkxW8kKtS/1ZfbrcdOqyNId87G8CvDIevjaZC8UfUbrN -7eVKD5mgR5p1YhxlB40fLmhjzJ2gLUnFl87KOzkM0hDU2wgCLnuVbm4rBThJG5lU -rtc+N502agHeN8hm85KciMa0vxaaBWM7nIv9G+1LoihyG1TrnmGadyWPIoPcZXIS -27+Jz6Vt79PaYW/cu/X3mVScMZ4ZeS4hHM3Q+nSiO+YyIvYW0ZAKpo/1sHF1f/Cz -uKQxyyzDf96jpgBe12Fe0N7MWx+avRXFwzqPzwavQaNrJYNKKPwoFrSs6zPrbGfR -SWrvV4JxDj+pE6o5rHlak/8g/c+LXsKNphT+OKRbSbghPUk3e/Ic3REa+BR2NxU+ -7J7yreoMDapdeGUAl03Vu7oFMWT8B8TyXpBfcu++5+7Sa9IRI3OByjO1HGDbyNWG -vb6K+5AJKyhp75j6tO7vgzrxkjUB6OSNZwR+tfL0oabxOJ8RZIBnmgEVTnb028u2 -QPRVYcZF/+g+3KpP+DDObpZkgn47bz1fm9L9cjro5iQswforBC1WHVajWG/1NBuY -ZfCTVQ0mp7V9h10tObFbg9/0LYmvU4rsU4CrBsFUEMdIboTaTqvWQUS9kwIDAQAB -o1MwUTAdBgNVHQ4EFgQUP6rd/kCTwMbKeyebRLzqA+YC7M4wHwYDVR0jBBgwFoAU -P6rd/kCTwMbKeyebRLzqA+YC7M4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQ0FAAOCAgEADiRtxM5ZvdiXoAr74AabmDExLHwWFOYQdsttng0k/fjSNM6tsmZ5 -K6waGwCRM/qUsmfM9bnbtyrXdlyETEhCk0NSj/uIVFccbVFa92ZdF3VmSbtFDqy3 -U+JrC4D1pfWbFlkvk2ZN4MpziYfH8YH9m6LlLNJPrCB7+4U+cP4QeOK1860mwghl -miPeXaI9b/3lndQsry0CyTTU4K3XTosGtFTiExpmNRoo9bJovU4NQw3AJS0gM4D3 -xSVjKIvDIIiprcHGHOCM44r0+iOppt8YrlnaPbvhxNYiawFlFnbhuYCg4csJYoDU -fkpJSXf4+z+e1JMBSb828+JHRDttDv9+K4ff3fExZi3vBfPofWfIvMG1ihuLeCaC -Kl2tOG92UsFiCnpRTmRPIGBBIOwWxRqRrZGhp9+C5ekxr8OlY7zhgceaw9gwGCey -rpPETGc7cayRYVe0POFE1WxI6eTe77dPbFWfxS1Q4JEmXHlw86U+xWZAoYe0wdEE -1VN5gCkDe9o7Sq9+7I7VGK1jfX5r7N2lZftChN6nBz9XVc2JrPMulnPc5rJS9WPs -ZnEpqzCqneNMVSZJFQVZFtEGYQbKebbVIidodSr7iypeNly6Uvd0akJo8Y85d5F6 -ja/wy+Jl8actMzuygHDdj61CNn2cOKz0qMLqxFut6/NxERAYojii/ak= ------END CERTIFICATE----- diff --git a/.docker/nginx/ssl/ca.key b/.docker/nginx/ssl/ca.key deleted file mode 100644 index 467f143..0000000 --- a/.docker/nginx/ssl/ca.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAxxVK0jC+caRemefgAva8OJTWY6UZV0mY2y0xQPM5zqmiHcsG -kZPkOTFHn559kiCSY0FI8gJMVvJCrUv9WX263HTqsjSHfOxvArwyHr42mQvFH1G6 -ze3lSg+ZoEeadWIcZQeNHy5oY8ydoC1JxZfOyjs5DNIQ1NsIAi57lW5uKwU4SRuZ -VK7XPjedNmoB3jfIZvOSnIjGtL8WmgVjO5yL/RvtS6IochtU655hmncljyKD3GVy -Etu/ic+lbe/T2mFv3Lv195lUnDGeGXkuIRzN0Pp0ojvmMiL2FtGQCqaP9bBxdX/w -s7ikMcssw3/eo6YAXtdhXtDezFsfmr0VxcM6j88Gr0GjayWDSij8KBa0rOsz62xn -0Ulq71eCcQ4/qROqOax5WpP/IP3Pi17CjaYU/jikW0m4IT1JN3vyHN0RGvgUdjcV -Puye8q3qDA2qXXhlAJdN1bu6BTFk/AfE8l6QX3Lvvufu0mvSESNzgcoztRxg28jV -hr2+ivuQCSsoae+Y+rTu74M68ZI1AejkjWcEfrXy9KGm8TifEWSAZ5oBFU529NvL -tkD0VWHGRf/oPtyqT/gwzm6WZIJ+O289X5vS/XI66OYkLMH6KwQtVh1Wo1hv9TQb -mGXwk1UNJqe1fYddLTmxW4Pf9C2Jr1OK7FOAqwbBVBDHSG6E2k6r1kFEvZMCAwEA -AQKCAgEAxArbmxAU+aN65OPJXCHMR4uJcqZpxeLbezmNfwAEtNWmpt/+n+yamRdG -CJDx5qvce5EWW/qXYic+MZja6v08vUsEsme34/SPfIoGcO+upBdLDgRVh+P0HnIu -Pf9EwsLSY0qEVWhFs8ESl2EBfGp5X/vhuhZCLNljkYJkgEo2gnapbpSW8SUbIFFz -ptnM7R7RYVAJ18t4oRRrFVCo31LRJ3YQvqH4YiU4Aq38PzeE7OZ4Ithi9N8gRn0L -0q6QWEQK+7q8BA4hm43gugTyv/i1VEzN/dQuYsC6xM2oolRS/wW5NJPAW7o/Nil0 -8y8/9rbJNpuxbsUQIPy6qo34mr4dMzNxhCxWqNPl/dQdr85bzcUPSptVAMIXQkBv -Fss3AHYGBh3pBTpmAO1ZP8KJaXaysZwpbv6YrlI/yNxeujlnzF6hcvHdyqvrDhE2 -GoMJugwDxibFDi4Zjx3lSJcmbhf1f+Ny/WugpUBYYPDV1Cv/4pdWlrhD+C6dhcMq -XPl1/y3R39IdhGk26bQTKh3gtT02J6+oeRa/i4MdxzW11oe6YZ3V/VJrRTFS+X5M -s4/ZMSiI0CYLTAi1US7ptt6h95F1zqdSy+FaJ5zOmwLTJNkbRqtD5B/CY49oBpZJ -awyEr14W8Of4qhjIiXYAekdR6/MMhuJa8G/LQYlyCPUadxDCI4ECggEBAOM9+l9z -5qZKM5fFg/ll7c41q+dlibYpOGptrNQoelHcf4irWTEoCMW7bA1lguzUk54fgwfh -KW1coRDCp+pwBo1P7curShSxASigcmJBjj7pkt9qLgtQxlAvRo2lZEWfjC7CumiX -B9rtnvDxe708e7wpIdv0ZMtxHCFYsP/9jie4TfGxoZgWdbidV7mnP2BzH3pCS8tV -1Mi7FlmtcCXFp+R9VKrvbsipMjON0kaUMAbrQkZOHtsHZvZITh15gSfKwPtokKoC -HpZYH+kCTpd86pEpKXGHnWI76Xi7Hv94CpmP0oLV+PV5HRosNGBnHdZeL0jBWYzx -tAYetMjwh80dHjsCggEBAOBHCsPOAnChQ8e4CaXgnMX9VENqcmNmw028/iH7NdBY -Ckjv6rbcEE3O04V/hWhgVv8SlsoTdzanxoLkeXQYykKqD2+BMxln/EL6aJqa7eul -kCPN/h7hBYnDub5bEVMopXhV40b1eaPInC1G0cbxpP1cYxLCaX82J4r5rysv9xa7 -pn7Ef34PDTZtbwcdv6R2wmEq5ZRe3/DqsvXDp2XyuA1QDqf06A7/qYnH6kPUUt3E -afNnKwGz48thyuLqBUhH9UOQrIEpqvEPBPnKfsNh9SyoQREoa4lzhWeaF9Funx+p -0OWYYsXMmleWB5Cew4VR+1mV6WY+TCFdF8DOpdZFsIkCggEBAMxyj5dffG2yJrbu -8qzowsqbST1YAk1MysAeSrdab6rE+k0o9IcgYLwdwrpO0TtoiiNicI4fSxlklFiy -+UYYYhyzg9uREYaKNeOqbx7toiACH604J5LwqmusDQsVeaCWShYsBnBhKaUT0sMu -UEjSaPTCAP+W4zSSYF+0HxNBuasMy7ufOCbQVjux/CJBUejhyrlBelXHtDig8hve -yh6BtWsCQ7HC12Zbq5nsh/oOCyO+eBMu593hzAXaycUE82mspnHLAxSh8YkMYjFO -bQ0oSxYs9Wd6PuQJySVhHSN1ifvdBOXHw0R/IerRSJJPU+3xMROBOaNwNqqm57o9 -hcDJ6M8CggEBAMjoWwhUf3MNw34hquLhdw8VhGpv7NCGueXlq3Ida3Obqnr0ELqG -IETTRkCMn6GEy+nraRDUpzJa0UVoDjSmEGnvlaw5fOEBecU2NIZqyz8RLTIl0cMv -qJpkrvuK8NYhzzkhF1v1gmXpy53zlvA0f6xHGqkvZvoCNSIV0YlKinne16Mvu1Xd -feSH27HwQEC/8hjBKK/k3Y8fb/kgr9BvwdiLItXqWgc1l1ZJs93XUfQ/gvn8LVZ1 -I1aJ4AmtwdWiQF+qNh3uiacv4TEy6KN2GP9MKh2Iq+yRg6vvKe7+vaTLpspF3BV8 -17YmO9idoGDJs/PoixCANgqdLi4V8BEmlKECggEAEgMVO0J6C85fCw8r1h1hd4Bo -8cdjqfc3Ph1FQsM8qjyN4A0d792hdQ8xjj//g/n3QUMpQPqWIIuWQUH3INS+pBSO -vlWQyuOASxnLLce9GKRE4sJPhj29BhYyeEH/Qd0R93zns4p/c1TotQWViLXbTbER -pymsDi7gAdh/5Z3C+rp85jac5Rz4Td3yu2nm4WEjVdGZuhy9fE5dQAQ/2EKmJSqF -ODB6T2cbepR7IJloxtX17FmKHYrGe2/M16DD34qEjJAn8GQcvGQ/HA0VEkrk4/mI -lUlyG5xRTXACmbY4VN7Osa8+HHYOCNZD0hzqweDOt3+2U6DwPyXAMYWGd6mTww== ------END RSA PRIVATE KEY----- diff --git a/.docker/nginx/ssl/php.ug.lo.ext b/.docker/nginx/ssl/php.ug.lo.ext deleted file mode 100644 index e528a9a..0000000 --- a/.docker/nginx/ssl/php.ug.lo.ext +++ /dev/null @@ -1,8 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -extendedKeyUsage = serverAuth, clientAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = php.ug.lo -DNS.2 = *.php.ug.lo diff --git a/.docker/php/Dockerfile b/.docker/php/Dockerfile index 3bf9630..be54540 100644 --- a/.docker/php/Dockerfile +++ b/.docker/php/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.4-fpm +FROM php:8.4-fpm AS base LABEL authors="andreas@heigl.org" COPY --from=ghcr.io/php/pie:bin /pie /usr/bin/pie @@ -6,4 +6,10 @@ COPY scripts /tmp RUN bash -c "/tmp/php-build.sh" RUN bash -c "/tmp/php-install-composer.sh" RUN bash -c "/tmp/php-install-phive.sh" -WORKDIR "/var/www/php.ug" +WORKDIR "/var/www/html" + +FROM base AS prod + +RUN rm /usr/bin/pie /usr/local/bin/composer /usr/local/bin/phive +COPY build /var/www/html + diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..0e5de97 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,7 @@ +tests export-ignore +.justfiles export-ignore +.docker export-ignore +.editorconfig export-ignore +.gitattributes export-ignore +.gitignore export-ignore +Justfile export-ignore diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..4fdadf8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,152 @@ +name: Build and deploy + +on: + push: + release: + types: [published] +jobs: + buildBackend: + name: Build backend + runs-on: ubuntu-latest + environment: deploy_on_release + steps: + - name: "Checkout" + uses: "actions/checkout@v4" + with: + ref: ${{ github.head_ref || github.ref_name }} + fetch-depth: 100 + - name: "install PHP and composer" + uses: "shivammathur/setup-php@v2" + with: + coverage: "none" + extensions: "intl, zip, xml, apcu" + ini-values: "memory_limit=-1" + php-version: "8.4" + tools: "composer" + - name: "Export Git repo" + run: | + # Remove a possibly existing extraction folder + rm -rf extract + # No that we are sure it's not there, create an empty extraction folder + mkdir extract + # Create an archive from the repository based on the given tag + # and extract that into the just created extraction folder. + git archive --prefix="./" --format=tar ${{ github.head_ref || github.ref_name }} .| tar xv -C extract/ + # Do some shell magic to replace occurrences of the string '%release-tag%' + # with the current release tag in all files within the extraction folder + find extract/ -type f -exec sed -i "s/%release-tag%/:${{ github.head_ref || github.ref_name }}/" {} \; + # Move into the extraction folder + cd extract + # Call composer install to add all your dependencies, prefer the + # distribution ones and create an authoritative and optimized autoloader + composer install --no-dev --prefer-dist -a + # Go back one level + rm -rf frontend compose* + cd .. + # Create the actual archive that you want to deploy + tar cvzf backend-${{ github.head_ref || github.ref_name }}.tgz -C extract/ . + # clean up the extraction folder + rm -rf extract + - uses: actions/upload-artifact@v4 + with: + name: backend + path: backend-${{ github.head_ref || github.ref_name }}.tgz + retention-days: 1 + + buildFrontend: + name: "Build Frontend" + runs-on: ubuntu-latest + environment: deploy_on_release + steps: + - name: "Checkout" + uses: "actions/checkout@v4" + with: + ref: ${{ github.head_ref || github.ref_name }} + fetch-depth: 100 + - name: "install Node" + uses: actions/setup-node@v4 + with: + node-version: '20.x' + - name: "Export Git repo" + run: | + # Remove a possibly existing extraction folder + rm -rf extract + # No that we are sure it's not there, create an empty extraction folder + mkdir extract + # Create an archive from the repository based on the given tag + # and extract that into the just created extraction folder. + git archive --prefix="./" --format=tar ${{ github.head_ref || github.ref_name }} .| tar xv -C extract/ + # Do some shell magic to replace occurrences of the string '%release-tag%' + # with the current release tag in all files within the extraction folder + find extract/ -type f -exec sed -i "s/%release-tag%/:${{ github.head_ref || github.ref_name }}/" {} \; + # Move into the extraction folder + cd extract/frontend + # Call Node.js install to add all your dependencies, prefer the + npm ci + npm run build + # Go back one level + cd .. + rm -rf config src templates vendor frontend compose* + cd .. + # Create the actual archive that you want to deploy + tar cvzf frontend-${{ github.head_ref || github.ref_name }}.tgz -C extract/ . + # clean up the extraction folder + rm -rf extract + - uses: actions/upload-artifact@v4 + with: + name: frontend + path: frontend-${{ github.head_ref || github.ref_name }}.tgz + retention-days: 1 + + buildFrontendContainer: + needs: buildFrontend + name: "Build Frontend-COntainer" + + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@main + + - name: 'Login to GitHub Container Registry' + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{github.actor}} + password: ${{secrets.GITHUB_TOKEN}} + + - uses: actions/download-artifact@v4 + with: + name: frontend + - name: 'Build Inventory Image' + run: | + mkdir -p .docker/nginx/build + tar xvzf frontend-${{ github.head_ref || github.ref_name }}.tgz -C .docker/nginx/build + cp .env.dist .env + docker compose build nginx + docker compose push nginx + buildBackendContainer: + needs: buildBackend + name: "Build Backend-COntainer" + + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@main + + - name: 'Login to GitHub Container Registry' + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{github.actor}} + password: ${{secrets.GITHUB_TOKEN}} + + - uses: actions/download-artifact@v4 + with: + name: backend + - name: 'Build Inventory Image' + run: | + mkdir -p .docker/php/build + tar xvzf backend-${{ github.head_ref || github.ref_name }}.tgz -C .docker/php/build + cp .env.dist .env + docker compose build php + docker compose push php diff --git a/.justfiles/build.Justfile b/.justfiles/build.Justfile new file mode 100644 index 0000000..eef66ad --- /dev/null +++ b/.justfiles/build.Justfile @@ -0,0 +1,14 @@ +# Start the local instance +[group("Build")] +extract-php tag: + docker compose exec php bash -c <<- DELIMITER + rm -rf extract \ + mkdir extract \ + git archive --prefix=\"./\" --format=tar {{tag}} .| tar xv -C extract/ \ + find extract/ -type f -exec sed -i \"s/%release-tag%/:{{tag}}/\" {} \; \ + cd extract \ + composer install --no-dev --prefer-dist -a \ + cd .. \ + tar cvzf archive.tgz -C extract/ . \ + rm -rf extract \ + DELIMITER diff --git a/Justfile b/Justfile index 9bcd6d0..8de58a6 100644 --- a/Justfile +++ b/Justfile @@ -2,6 +2,7 @@ export COMPOSE_BAKE := "true" +import '.justfiles/build.Justfile' import '.justfiles/docker.Justfile' import '.justfiles/init.Justfile' diff --git a/compose.override.yml b/compose.override.yml index 6e8693a..bb0c700 100644 --- a/compose.override.yml +++ b/compose.override.yml @@ -1,4 +1,12 @@ services: php: volumes: - - .:/var/www/php.ug + - .:/var/www/html + + nginx: + volumes: + - .:/var/www/html + smtp: + image: mailhog/mailhog + ports: + - 8025:8025 diff --git a/compose.yml b/compose.yml index 94a6cdd..7ad3c34 100644 --- a/compose.yml +++ b/compose.yml @@ -1,5 +1,6 @@ services: nginx: + image: ghcr.io/php-ug/nginx:latest build: context: .docker/nginx dockerfile: Dockerfile @@ -12,10 +13,10 @@ services: links: - php:php php: + image: ghcr.io/php-ug/php:latest build: context: .docker/php dockerfile: Dockerfile - image: php-ug:latest env_file: - .env links: @@ -25,7 +26,4 @@ services: volumes: - .:/app working_dir: /app - smtp: - image: mailhog/mailhog - ports: - - 8025:8025 +