Docker: Use single container for server

2022-04-20 00:07:09 +02:00 · 2022-04-20 00:07:09 +02:00 · 59e54fc1f5
parent 6ea938460a
commit 59e54fc1f5
13 changed files with 107 additions and 130 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,7 +1,7 @@
 # Docker config
 docker/
-!docker/nginx/entrypoint.sh
-!docker/nginx/nginx.conf
+!docker/entrypoint.sh
+!docker/nginx.conf

 # Configuration
 config/config.php
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -2,9 +2,7 @@ image: php

 variables:
  TEST_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:${CI_COMMIT_REF_SLUG}
-  TEST_IMAGE_NGINX: ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_REF_SLUG}
  RELEASE_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:latest
-  RELEASE_IMAGE_NGINX: ${CI_REGISTRY_IMAGE}/nginx:latest
  MYSQL_DATABASE: engelsystem
  MYSQL_USER: engel
  MYSQL_PASSWORD: engelsystem
@ -78,23 +76,12 @@ generate-version:
 .container_template: &container_definition
  image:
    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [ "" ]
+    entrypoint: [ '' ]
  before_script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}"
      > /kaniko/.docker/config.json

-build-image-nginx:
-  <<: *container_definition
-  stage: build
-  needs:
-    - check-editorconfig
-    - validate-yarn
-  script:
-    - /kaniko/executor --force --context ${CI_PROJECT_DIR}
-      --dockerfile ${CI_PROJECT_DIR}/docker/nginx/Dockerfile
-      --destination "${TEST_IMAGE_NGINX}"
-
 build-image:
  <<: *container_definition
  stage: build
@ -103,10 +90,11 @@ build-image:
    - check-style
    - generate-version
    - validate-composer
+    - validate-yarn
  dependencies:
    - generate-version
  script:
-    - /kaniko/executor --force --context ${CI_PROJECT_DIR}
+    - /kaniko/executor --context ${CI_PROJECT_DIR}
      --dockerfile ${CI_PROJECT_DIR}/docker/Dockerfile
      --destination "${TEST_IMAGE}"

@ -132,7 +120,9 @@ audit-yarn:
    - yarn audit

 test:
-  image: ${TEST_IMAGE}
+  image:
+    name: ${TEST_IMAGE}
+    entrypoint: [ '' ]
  stage: test
  needs: [ build-image ]
  services:
@ -164,7 +154,9 @@ test:
    - '"${DOCROOT}/bin/migrate" down'

 dump-database:
-  image: ${TEST_IMAGE}
+  image:
+    name: ${TEST_IMAGE}
+    entrypoint: [ '' ]
  stage: test
  needs: [ build-image ]
  services:
@ -185,10 +177,10 @@ dump-database:

 generate-assets:
  image:
-    name: $TEST_IMAGE_NGINX
-    entrypoint: [ "" ]
+    name: $TEST_IMAGE
+    entrypoint: [ '' ]
  stage: test
-  needs: [ build-image-nginx ]
+  needs: [ build-image ]
  artifacts:
    name: "${CI_JOB_NAME}_${CI_JOB_ID}_assets"
    expire_in: 1 day
@ -202,32 +194,21 @@ generate-assets:
 #

 release-image:
-  <<: *container_definition
-  stage: release
-  needs: [ test ]
-  dependencies: [ ]
-  script:
-    - echo -e "FROM ${TEST_IMAGE}" | /kaniko/executor --force --dockerfile /dev/stdin --destination "${RELEASE_IMAGE}"
-  only:
-    - main
-
-release-image-nginx:
  <<: *container_definition
  stage: release
  needs:
    - test
-    - build-image-nginx
  dependencies: [ ]
  script:
-    - >-
-      echo -e "FROM ${TEST_IMAGE_NGINX}" |
-        /kaniko/executor --force --dockerfile /dev/stdin --destination "${RELEASE_IMAGE_NGINX}"
+    - echo -e "FROM ${TEST_IMAGE}" | /kaniko/executor --dockerfile /dev/stdin --destination "${RELEASE_IMAGE}"
  only:
    - main

 .deploy_template: &deploy_definition
  stage: release
-  image: ${TEST_IMAGE}
+  image:
+    name: ${TEST_IMAGE}
+    entrypoint: [ '' ]
  before_script:
    - apk add -q bash rsync openssh-client

@ -236,7 +217,6 @@ build-release-file:
  stage: release
  needs:
    - build-image
-    - build-image-nginx
    - audit-yarn
    - audit-composer
    - test
@ -314,7 +294,6 @@ deploy:
  needs:
    - test
    - build-image
-    - build-image-nginx
  before_script:
    - &kubectl_deployment_script if [[ -z "${KUBE_INGRESS_BASE_DOMAIN}" ]]; then echo "Skipping deployment"; exit; fi

@ -331,7 +310,6 @@ deploy:
    # CI_ENVIRONMENT_URL is the URL configured in the GitLab environment
    - export CI_ENVIRONMENT_URL="${CI_ENVIRONMENT_URL:-https://${CI_PROJECT_PATH_SLUG}.${KUBE_INGRESS_BASE_DOMAIN}/}"
    - export CI_IMAGE=$RELEASE_IMAGE
-    - export CI_IMAGE_NGINX=$RELEASE_IMAGE_NGINX
    - export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1)
    - export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)')
    - export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE
@ -380,7 +358,6 @@ deploy-k8s-review:
  before_script:
    - *kubectl_deployment_script
    - RELEASE_IMAGE=$TEST_IMAGE
-    - RELEASE_IMAGE_NGINX=$TEST_IMAGE_NGINX

 stop-k8s-review:
  <<: *deploy_k8s_stop
@ -426,7 +403,6 @@ deploy-k8s-production:
  stage: deploy-production
  needs:
    - release-image
-    - release-image-nginx
    - audit-yarn
    - audit-composer
  environment:
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@ -74,7 +74,7 @@ To view the output of `dump` call the following commands:
 ```bash
 vendor/bin/var-dump-server
 # or for running in docker
-docker-compose exec es_php_fpm vendor/bin/var-dump-server
+docker-compose exec es_server vendor/bin/var-dump-server
 ```

 For more information check out the Var Dump Server documentation: [Symfony VarDumper](https://symfony.com/components/VarDumper)
--- a/README.md
+++ b/README.md
@ -53,16 +53,15 @@ The Engelsystem can now be used.

 ### Docker
 #### Build
-To build the `es_nginx` and the `es_php_fpm` containers:
+To build the `es_server` container:
 ```bash
 cd docker
 docker-compose build
 ```

-or to build the containers separately
+or to build the container by its own:
 ```bash
-docker build -f docker/nginx/Dockerfile . -t es_nginx
-docker build -f docker/Dockerfile . -t es_php_fpm
+docker build -f docker/Dockerfile . -t es_server
 ```

 #### Run
@ -76,7 +75,7 @@ docker-compose up -d
 Import database changes to migrate it to the newest version
 ```bash
 cd docker
-docker-compose exec es_php_fpm bin/migrate
+docker-compose exec es_server bin/migrate
 ```

 ### Scripts
--- a/deployment.tpl.yaml
+++ b/deployment.tpl.yaml
@ -131,7 +131,7 @@ spec:
              value: '<CI_SETUP_ADMIN_PASSWORD>'
      containers:
        - image: <CI_IMAGE>
-          name: engelsystem-fpm
+          name: engelsystem-server
          imagePullPolicy: Always
          env:
            - name: MYSQL_HOST
@ -146,12 +146,6 @@ spec:
              value: <CI_ENVIRONMENT_URL>
            - name: APP_NAME
              value: '<CI_APP_NAME>'
-        - image: <CI_IMAGE_NGINX>
-          name: engelsystem-nginx
-          imagePullPolicy: Always
-          env:
-            - name: PHP_FPM_HOST
-              value: localhost
          livenessProbe:
            httpGet:
              path: /health
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,15 +1,24 @@
-# composer install
+# Composer install
 FROM composer:latest AS composer
 COPY ./ /app/
 RUN composer --no-ansi install --no-dev --ignore-platform-reqs
 RUN composer --no-ansi dump-autoload --optimize

-# Intermediate containers for less layers
+# Generate .mo files
 FROM alpine as translation
 RUN apk add gettext
 COPY resources/lang/ /data
 RUN find /data -type f -name '*.po' -exec sh -c 'file="{}"; msgfmt "${file%.*}.po" -o "${file%.*}.mo"' \;

+# Build the themes
+FROM node:14-alpine as themes
+WORKDIR /app
+COPY .babelrc .browserslistrc package.json webpack.config.js yarn.lock /app/
+RUN yarn --frozen-lockfile
+COPY resources/assets/ /app/resources/assets
+RUN yarn build
+
+# Generate application structure
 FROM alpine as data
 COPY .babelrc .browserslistrc composer.json LICENSE package.json README.md webpack.config.js yarn.lock /app/
 COPY bin/ /app/bin
@ -24,14 +33,20 @@ COPY storage/ /app/storage
 COPY --from=translation /data/ /app/resources/lang
 COPY --from=composer /app/vendor/ /app/vendor
 COPY --from=composer /app/composer.lock /app/
+COPY --from=themes /app/public/assets /app/public/assets/

 RUN find /app/storage/ -type f -not -name VERSION -exec rm {} \;

-# Build the PHP container
+# Build the PHP/Nginx container
 FROM php:8-fpm-alpine
 WORKDIR /var/www
-RUN apk add --no-cache icu-dev && \
-    docker-php-ext-install intl pdo_mysql
+RUN apk add --no-cache icu-dev nginx && \
+    docker-php-ext-install intl pdo_mysql && \
+    sed -i 's/9000/127.0.0.1:9000/' /usr/local/etc/php-fpm.d/zz-docker.conf
+COPY docker/entrypoint.sh /
+COPY docker/nginx.conf /etc/nginx/nginx.conf
+ENTRYPOINT /entrypoint.sh
+EXPOSE 80
 COPY --from=data /app/ /var/www
 RUN chown -R www-data:www-data /var/www/storage/ && \
    rm -r /var/www/html
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -1,5 +1,5 @@
-# Engelsystem PHP FPM development image including Xdebug
-FROM php:8-fpm-alpine AS es_php_fpm
+# Engelsystem PHP FPM/Nginx development image including Xdebug
+FROM php:8-fpm-alpine AS es_base
 WORKDIR /var/www
 RUN apk add --no-cache icu-dev $PHPIZE_DEPS && \
    pecl install pcov xdebug && \
@ -7,6 +7,14 @@ RUN apk add --no-cache icu-dev $PHPIZE_DEPS && \
    docker-php-ext-enable pcov xdebug
 RUN echo -e "xdebug.mode=debug\nxdebug.discover_client_host=1\n" >> /usr/local/etc/php/conf.d/xdebug.ini

+FROM es_base AS es_webserver
+RUN apk add --no-cache nginx && \
+    sed -i 's/9000/127.0.0.1:9000/' /usr/local/etc/php-fpm.d/zz-docker.conf
+COPY docker/entrypoint.sh /
+COPY docker/nginx.conf /etc/nginx/nginx.conf
+ENTRYPOINT /entrypoint.sh
+EXPOSE 80
+
 ENV TRUSTED_PROXIES 10.0.0.0/8,::ffff:10.0.0.0/8,\
                    127.0.0.0/8,::ffff:127.0.0.0/8,\
                    172.16.0.0/12,::ffff:172.16.0.0/12,\
@ -15,6 +23,7 @@ ENV TRUSTED_PROXIES 10.0.0.0/8,::ffff:10.0.0.0/8,\

 # Engelsystem development workspace
 # Contains all tools required to build / manage the system
-FROM es_php_fpm AS es_workspace
+FROM es_base AS es_workspace
 RUN apk add --no-cache gettext nodejs npm yarn
 COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+ENTRYPOINT php -r 'sleep(PHP_INT_MAX);'
--- a/docker/dev/docker-compose.yml
+++ b/docker/dev/docker-compose.yml
@ -1,30 +1,15 @@
 version: "3.6"
 services:
-  es_nginx:
-    image: es_dev_nginx
-    build:
-      context: ./../..
-      dockerfile: docker/nginx/Dockerfile
-      target: es_nginx
-    volumes:
-      - ./../..:/var/www
-    ports:
-      - 5000:80
-    networks:
-      - fpm
-      - internet
-    depends_on:
-      - es_php_fpm
-  es_php_fpm:
-    image: es_dev_php_fpm
+  es_server:
+    image: es_dev_webserver
    build:
      context: ./../..
      dockerfile: docker/dev/Dockerfile
-      target: es_php_fpm
-    user: "${UID}:${GID}"
+      target: es_webserver
    volumes:
      - ./../..:/var/www
    environment:
+      RUN_USER: "${UID}:${GID}"
      MYSQL_HOST: es_database
      MYSQL_USER: engelsystem
      MYSQL_PASSWORD: engelsystem
@ -34,9 +19,10 @@ services:
      MAIL_DRIVER: log
      APP_NAME: Engelsystem DEV
    env_file: deployment.env
+    ports:
+      - "5000:80"
    networks:
      - database
-      - fpm
      - internet
    depends_on:
      - es_database
@ -60,7 +46,6 @@ services:
      APP_NAME: Engelsystem DEV
    networks:
      - database
-      - fpm
      - internet
    depends_on:
      - es_database
@ -82,6 +67,4 @@ volumes:
 networks:
  database:
    internal: true
-  fpm:
-    internal: true
  internet:
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -1,20 +1,8 @@
 ---
 version: "3.6"
 services:
-  es_nginx:
-    image: es_nginx
-    build:
-      context: ..
-      dockerfile: docker/nginx/Dockerfile
-    ports:
-      - 5000:80
-    networks:
-      - fpm
-      - internet
-    depends_on:
-      - es_php_fpm
-  es_php_fpm:
-    image: es_php_fpm
+  es_server:
+    image: es_server
    build:
      context: ..
      dockerfile: docker/Dockerfile
@ -23,10 +11,11 @@ services:
      MYSQL_USER: engelsystem
      MYSQL_PASSWORD: engelsystem
      MYSQL_DATABASE: engelsystem
+    ports:
+      - "5000:80"
    env_file: deployment.env
    networks:
      - database
-      - fpm
      - internet
    depends_on:
      - es_database
@ -48,6 +37,4 @@ volumes:
 networks:
  database:
    internal: true
-  fpm:
-    internal: true
  internet:
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -0,0 +1,40 @@
+#!/usr/bin/env sh
+set -e
+
+nginx -g 'daemon off;'&
+
+# If first arg starts with a `-` or is empty
+if [[ "${1#-}" != "${1}" ]] || [[ -z "${1}" ]]; then
+  set -- php-fpm "$@"
+fi
+
+function get_name() {
+    echo "$1" | cut -d: -f1
+}
+
+# Create users for user mapping from RUN_USER=[uid]:[gid]
+if [[ -n "${RUN_USER}" ]]; then
+  echo "Setting user to $RUN_USER"
+
+  gid=${RUN_USER#*:}
+  grp=$(getent group $gid || true)
+  if [[ -z "$grp" ]]; then # Group not present
+    addgroup -g $gid php
+    grp=$(getent group $gid)
+  fi
+  group=$(get_name "$grp")
+
+  uid=${RUN_USER%:*}
+  usr=$(getent passwd $uid || true)
+  if [[ -z "$usr" ]]; then # User not present
+    adduser -D -h "$PWD" -u $uid -G "$group" php
+    usr=$(getent passwd $uid)
+  fi
+  user=$(get_name "$usr")
+
+  echo -e "user = $user\ngroup = $group" >> /usr/local/etc/php-fpm.d/zz-docker.conf
+
+  echo "Running as $user:$group"
+fi
+
+exec "$@"
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@ -36,7 +36,7 @@ http {
    }

    location ~ \.php$ {
-      fastcgi_pass  es_php_fpm:9000;
+      fastcgi_pass  localhost:9000;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include       fastcgi_params;
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@ -1,15 +0,0 @@
-FROM nginx:alpine as es_nginx
-COPY docker/nginx/entrypoint.sh /
-ENTRYPOINT /entrypoint.sh
-RUN mkdir -p /var/www/public/ && touch /var/www/public/index.php
-COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
-
-FROM node:14-alpine as themes
-WORKDIR /app
-COPY .babelrc .browserslistrc package.json webpack.config.js yarn.lock /app/
-RUN yarn --frozen-lockfile
-COPY resources/assets/ /app/resources/assets
-RUN yarn build
-
-FROM es_nginx
-COPY --from=themes /app/public/assets /var/www/public/assets/
--- a/docker/nginx/entrypoint.sh
+++ b/docker/nginx/entrypoint.sh
@ -1,11 +0,0 @@
-#!/usr/bin/env sh
-set -e
-
-sed -i "s/es_php_fpm:/${PHP_FPM_HOST:-es_php_fpm}:/g" /etc/nginx/nginx.conf
-
-# If first arg starts with a `-` or is empty
-if [[ "${1#-}" != "${1}" ]] || [[ -z "${1}" ]]; then
-  set -- nginx -g 'daemon off;' "$@"
-fi
-
-exec "$@"