fix: fixed build stages and docker images. Docker image is now sleeker. The pulbish build should now have less garbage
This commit is contained in:
@@ -1,3 +1,6 @@
|
|||||||
|
# Build descriptors (not application code)
|
||||||
|
Dockerfile*
|
||||||
|
|
||||||
# Version control
|
# Version control
|
||||||
.git
|
.git
|
||||||
.gitea
|
.gitea
|
||||||
|
|||||||
@@ -73,10 +73,30 @@ jobs:
|
|||||||
username: ${{ gitea.actor }}
|
username: ${{ gitea.actor }}
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
|
||||||
|
# Build a single-arch image locally so Trivy can inspect it before the real push.
|
||||||
|
- name: Build local image for scanning
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
target: final
|
||||||
|
platforms: linux/amd64
|
||||||
|
load: true
|
||||||
|
tags: scan-target:${{ inputs.tag }}
|
||||||
|
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ gitea.repository }}:buildcache
|
||||||
|
|
||||||
|
- name: Scan image with Trivy
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: scan-target:${{ inputs.tag }}
|
||||||
|
format: table
|
||||||
|
exit-code: '1'
|
||||||
|
severity: CRITICAL,HIGH
|
||||||
|
|
||||||
- name: Build and push
|
- name: Build and push
|
||||||
uses: docker/build-push-action@v5
|
uses: docker/build-push-action@v5
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
|
target: final
|
||||||
platforms: linux/amd64,linux/arm64
|
platforms: linux/amd64,linux/arm64
|
||||||
push: true
|
push: true
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
|
|||||||
+6
-17
@@ -1,7 +1,7 @@
|
|||||||
FROM dunglas/frankenphp:1-php8.4-alpine AS base
|
FROM dunglas/frankenphp:1-php8.4-alpine AS base
|
||||||
|
|
||||||
RUN apk add --no-cache icu-dev libzip-dev \
|
RUN apk add --no-cache icu-dev libzip-dev \
|
||||||
&& docker-php-ext-install -j$(nproc) intl \
|
&& docker-php-ext-install -j$(nproc) intl zip \
|
||||||
&& apk del icu-dev libzip-dev \
|
&& apk del icu-dev libzip-dev \
|
||||||
&& apk add --no-cache curl icu-libs libzip
|
&& apk add --no-cache curl icu-libs libzip
|
||||||
|
|
||||||
@@ -25,21 +25,6 @@ RUN composer dump-autoload --optimize --no-dev --no-interaction && \
|
|||||||
mkdir -p var/cache var/log && \
|
mkdir -p var/cache var/log && \
|
||||||
APP_ENV=prod APP_SECRET=placeholder php bin/console cache:warmup --no-debug
|
APP_ENV=prod APP_SECRET=placeholder php bin/console cache:warmup --no-debug
|
||||||
|
|
||||||
# ── dev stage (all deps + Xdebug, source is mounted at runtime) ───────────────
|
|
||||||
FROM base AS dev
|
|
||||||
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
|
|
||||||
RUN apk add --no-cache ${PHPIZE_DEPS} linux-headers \
|
|
||||||
&& pecl install xdebug \
|
|
||||||
&& docker-php-ext-enable xdebug \
|
|
||||||
&& apk del ${PHPIZE_DEPS}
|
|
||||||
COPY docker/php/xdebug.ini /usr/local/etc/php/conf.d/docker-xdebug.ini
|
|
||||||
COPY docker/frankenphp/Caddyfile.dev /etc/caddy/Caddyfile
|
|
||||||
COPY composer.json composer.lock* ./
|
|
||||||
RUN composer install --no-scripts --no-interaction --prefer-dist
|
|
||||||
EXPOSE 8080
|
|
||||||
ENV APP_ENV=dev APP_DEBUG=1
|
|
||||||
CMD ["frankenphp", "run", "--config", "/etc/caddy/Caddyfile"]
|
|
||||||
|
|
||||||
# ── final (prod) stage — no composer binary ────────────────────────────────────
|
# ── final (prod) stage — no composer binary ────────────────────────────────────
|
||||||
FROM base AS final
|
FROM base AS final
|
||||||
|
|
||||||
@@ -47,7 +32,11 @@ RUN addgroup -S app && adduser -S -G app app
|
|||||||
|
|
||||||
COPY --from=build /app/vendor /app/vendor
|
COPY --from=build /app/vendor /app/vendor
|
||||||
COPY --from=build /app/var/cache/prod /app/var/cache/prod
|
COPY --from=build /app/var/cache/prod /app/var/cache/prod
|
||||||
COPY . .
|
COPY bin/ ./bin/
|
||||||
|
COPY config/ ./config/
|
||||||
|
COPY public/ ./public/
|
||||||
|
COPY src/ ./src/
|
||||||
|
COPY composer.json composer.lock ./
|
||||||
COPY docker/frankenphp/Caddyfile /etc/caddy/Caddyfile
|
COPY docker/frankenphp/Caddyfile /etc/caddy/Caddyfile
|
||||||
|
|
||||||
RUN mkdir -p var/cache/prod/pools var/log && chown -R app:app /app
|
RUN mkdir -p var/cache/prod/pools var/log && chown -R app:app /app
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
FROM dunglas/frankenphp:1-php8.4-alpine
|
||||||
|
|
||||||
|
RUN apk add --no-cache icu-dev libzip-dev \
|
||||||
|
&& docker-php-ext-install -j$(nproc) intl zip \
|
||||||
|
&& apk del icu-dev libzip-dev \
|
||||||
|
&& apk add --no-cache curl icu-libs libzip
|
||||||
|
|
||||||
|
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
|
||||||
|
|
||||||
|
RUN apk add --no-cache ${PHPIZE_DEPS} linux-headers \
|
||||||
|
&& pecl install xdebug \
|
||||||
|
&& docker-php-ext-enable xdebug \
|
||||||
|
&& apk del ${PHPIZE_DEPS}
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
COPY docker/php/xdebug.ini /usr/local/etc/php/conf.d/docker-xdebug.ini
|
||||||
|
COPY docker/frankenphp/Caddyfile.dev /etc/caddy/Caddyfile
|
||||||
|
COPY composer.json composer.lock* ./
|
||||||
|
RUN composer install --no-scripts --no-interaction --prefer-dist
|
||||||
|
|
||||||
|
EXPOSE 8080
|
||||||
|
ENV APP_ENV=dev APP_DEBUG=1
|
||||||
|
CMD ["frankenphp", "run", "--config", "/etc/caddy/Caddyfile"]
|
||||||
@@ -3,7 +3,7 @@
|
|||||||
services:
|
services:
|
||||||
graph:
|
graph:
|
||||||
build:
|
build:
|
||||||
target: dev
|
dockerfile: Dockerfile.dev
|
||||||
volumes:
|
volumes:
|
||||||
- .:/app
|
- .:/app
|
||||||
- /app/vendor # keeps vendor from the dev image, not your local dir
|
- /app/vendor # keeps vendor from the dev image, not your local dir
|
||||||
|
|||||||
@@ -28,6 +28,7 @@ services:
|
|||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
start_period: 10s
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
cache:
|
cache:
|
||||||
|
|||||||
Reference in New Issue
Block a user