docker: build the images from the local sources

Relates to https://github.com/shaarli/Shaarli/issues/1153 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-16 23:46:33 +02:00 · 2018-06-16 23:46:33 +02:00 · decae8c119
commit decae8c119
parent 865d57b84a
11 changed files with 272 additions and 2 deletions
--- a/.docker/.htaccess
+++ b/.docker/.htaccess
@ -0,0 +1,13 @@
+<IfModule version_module>
+  <IfVersion >= 2.4>
+     Require all denied
+  </IfVersion>
+  <IfVersion < 2.4>
+     Allow from none
+     Deny from all
+  </IfVersion>
+</IfModule>
+
+<IfModule !version_module>
+    Require all denied
+</IfModule>
--- a/.docker/nginx.conf
+++ b/.docker/nginx.conf
@ -0,0 +1,73 @@
+user nginx nginx;
+daemon off;
+worker_processes 4;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  768;
+}
+
+http {
+    include            mime.types;
+    default_type       application/octet-stream;
+    keepalive_timeout  20;
+
+    client_max_body_size 10m;
+
+    index index.html index.php;
+
+    server {
+        listen       80;
+        root         /var/www/shaarli;
+
+        access_log  /var/log/nginx/shaarli.access.log;
+        error_log   /var/log/nginx/shaarli.error.log;
+
+        location ~ /\. {
+            # deny access to dotfiles
+            access_log off;
+            log_not_found off;
+            deny all;
+        }
+        
+        location ~ ~$ {
+            # deny access to temp editor files, e.g. "script.php~"
+            access_log off;
+            log_not_found off;
+            deny all;
+        }
+
+        location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+            # cache static assets
+            expires    max;
+            add_header Pragma public;
+            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+        }
+
+        location = /favicon.ico {
+            # serve the Shaarli favicon from its custom location
+            alias /var/www/shaarli/images/favicon.ico;
+        }
+
+        location / {
+            # Slim - rewrite URLs
+            try_files $uri /index.php$is_args$args;
+        }
+
+        location ~ (index)\.php$ {
+            # Slim - split URL path into (script_filename, path_info)
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+            # filter and proxy PHP requests to PHP-FPM
+            fastcgi_pass   unix:/var/run/php-fpm.sock;
+            fastcgi_index  index.php;
+            include        fastcgi.conf;
+        }
+
+        location ~ \.php$ {
+            # deny access to all other PHP scripts
+            deny all;
+        }
+    }
+}
--- a/.docker/php-fpm.conf
+++ b/.docker/php-fpm.conf
@ -0,0 +1,16 @@
+[global]
+daemonize = no
+
+[www]
+user = nginx
+group = nginx
+listen.owner = nginx
+listen.group = nginx
+catch_workers_output = yes
+listen = /var/run/php-fpm.sock
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2048
--- a/.docker/services.d/.s6-svscan/finish
+++ b/.docker/services.d/.s6-svscan/finish
@ -0,0 +1,2 @@
+#!/bin/sh
+/bin/true
--- a/.docker/services.d/nginx/run
+++ b/.docker/services.d/nginx/run
@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+nginx
--- a/.docker/services.d/php-fpm/run
+++ b/.docker/services.d/php-fpm/run
@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+php-fpm7 -F
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,44 @@
+# Docker-ignore
+.dev
+.git
+.github
+tests
+
+# Shaarli runtime resources
+cache/*
+data/*
+pagecache/*
+tmp/*
+
+# Eclipse project files
+.settings
+.buildpath
+.project
+
+# Raintpl generated pages
+*.rtpl.php
+
+# 3rd-party dependencies
+vendor/
+
+# Release archives
+*.tar.gz
+*.zip
+inc/languages/*/LC_MESSAGES/shaarli.mo
+
+# Development and test resources
+coverage
+doxygen
+sandbox
+phpmd.html
+
+# User plugin configuration
+plugins/*/config.php
+
+# HTML documentation
+doc/html/
+
+# 3rd party themes
+tpl/*
+!tpl/default
+!tpl/vintage
--- a/.gitattributes
+++ b/.gitattributes
@ -32,7 +32,9 @@ Dockerfile      text
 .travis.yml     export-ignore
 doc/**/*.json   export-ignore
 doc/**/*.md     export-ignore
-docker/         export-ignore
+.docker/        export-ignore
+.dockerignore   export-ignore
+Dockerfile*     export-ignore
 Doxyfile        export-ignore
 Makefile        export-ignore
 mkdocs.yml      export-ignore
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,8 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).

+## [v0.9.7](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7) - UNPUBLISHED
+### Changed
+- Build the Docker images from the local Git sources
+
+
 ## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25
-## Changed
+### Changed
 - htaccess: prevent accessing resources not managed by SCM
 - htaccess: always forward the 'Authorization' HTTP header

--- a/61
+++ b/61
@ -0,0 +1,61 @@
+# Stage 1:
+# - Copy Shaarli sources
+# - Build documentation
+FROM python:3-alpine as docs
+ADD . /usr/src/app/shaarli
+RUN cd /usr/src/app/shaarli \
+    && pip install --no-cache-dir mkdocs \
+    && mkdocs build
+
+# Stage 2:
+# - Resolve PHP dependencies with Composer
+FROM composer:latest as composer
+COPY --from=docs /usr/src/app/shaarli /app/shaarli
+RUN cd shaarli \
+    && composer --prefer-dist --no-dev install
+
+# Stage 3:
+# - Shaarli image
+FROM alpine:3.6
+LABEL maintainer="Shaarli Community"
+
+RUN apk --update --no-cache add \
+        ca-certificates \
+        nginx \
+        php7 \
+        php7-ctype \
+        php7-curl \
+        php7-fpm \
+        php7-gd \
+        php7-iconv \
+        php7-intl \
+        php7-json \
+        php7-mbstring \
+        php7-openssl \
+        php7-session \
+        php7-xml \
+        php7-zlib \
+        s6
+
+COPY .docker/nginx.conf /etc/nginx/nginx.conf
+COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf
+COPY .docker/services.d /etc/services.d
+
+RUN rm -rf /etc/php7/php-fpm.d/www.conf \
+    && sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
+    && sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini
+
+
+WORKDIR /var/www
+COPY --from=composer /app/shaarli shaarli
+
+RUN chown -R nginx:nginx . \
+    && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \
+    && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log
+
+VOLUME /var/www/shaarli/data
+
+EXPOSE 80
+
+ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
+CMD []
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@ -0,0 +1,50 @@
+FROM lsiobase/alpine.armhf:3.6
+LABEL maintainer="Shaarli Community"
+MAINTAINER Shaarli Community
+
+RUN apk --update --no-cache add \
+        ca-certificates \
+        curl \
+        nginx \
+        php7 \
+        php7-ctype \
+        php7-curl \
+        php7-fpm \
+        php7-gd \
+        php7-iconv \
+        php7-intl \
+        php7-json \
+        php7-mbstring \
+        php7-openssl \
+        php7-phar \
+        php7-session \
+        php7-xml \
+        php7-zlib \
+        s6
+
+COPY .docker/nginx.conf /etc/nginx/nginx.conf
+COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf
+COPY .docker/services.d /etc/services.d
+
+RUN curl -sS https://getcomposer.org/installer | php7 -- --install-dir=/usr/local/bin --filename=composer \
+    && rm -rf /etc/php7/php-fpm.d/www.conf \
+    && sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \
+    && sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini
+
+
+WORKDIR /var/www
+RUN curl -L https://github.com/shaarli/Shaarli/archive/latest.tar.gz | tar xzf - \
+    && mv Shaarli-latest shaarli \
+    && cd shaarli \
+    && composer --prefer-dist --no-dev install \
+    && rm -rf ~/.composer \
+    && chown -R nginx:nginx . \
+    && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \
+    && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log
+
+VOLUME /var/www/shaarli/data
+
+EXPOSE 80
+
+ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
+CMD []