-
Notifications
You must be signed in to change notification settings - Fork 5
/
Dockerfile
152 lines (119 loc) · 6.02 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# syntax = docker/dockerfile:1.11
FROM python:3.13-bookworm AS docs-source
COPY --link docs/ /docs/
WORKDIR /docs/
SHELL ["/bin/bash", "-c"]
RUN set -euxo pipefail && \
curl -sSL https://install.python-poetry.org | python3 - && \
/root/.local/bin/poetry install --no-interaction && \
/root/.local/bin/poetry run sphinx-build -M dirhtml "." "_build"
FROM node:22.11.0 AS docs-minification
COPY --link --from=docs-source /docs/_build/dirhtml/ /docs/
RUN set -eux && \
npm install -g npm@latest && \
npx html-minifier --input-dir /docs/ --output-dir /docs/ --file-ext html --collapse-whitespace --collapse-inline-tag-whitespace --minify-css --minify-js --minify-urls ROOT_PATH_RELATIVE --remove-comments --remove-empty-attributes --conservative-collapse && \
find /docs/ -type f -size +0 | while read file; do \
filename=$(basename -- "$file"); \
extension="${filename##*.}"; \
if [ "$extension" = "js" ]; then \
npx terser "$file" --compress --output "$file"; \
fi; \
if [ "$extension" = "css" ]; then \
npx clean-css-cli "$file" -O2 --output "$file"; \
fi; \
if [ "$extension" = "map" ]; then \
rm -f "$file"; \
fi; \
done;
FROM scratch AS frontend-source
# artisan is not strictly required for JS builds but it triggers some behavior inside Laravel Mix
# https://github.com/laravel-mix/laravel-mix/issues/1326#issuecomment-363975710
COPY --link package.json package-lock.json webpack.mix.js artisan /app/
COPY --link resources/ /app/resources/
COPY --link public/ /app/public/
FROM node:22.11.0 AS nova-components
COPY --link /nova-components/ /nova-components/
WORKDIR /nova-components/ClientIdAndSecretModal/
RUN set -eux && \
npm install -g npm@latest && \
npm install --no-progress && \
npm run production --no-progress
WORKDIR /nova-components/PersonalAccessTokenModal/
RUN set -eux && \
npm install -g npm@latest && \
npm install --no-progress && \
npm run production --no-progress
FROM node:22.11.0 AS frontend
COPY --link --from=frontend-source /app/ /app/
WORKDIR /app/
RUN set -eux && \
npm install -g npm@latest && \
npm ci --no-progress && \
npm run production --no-progress
FROM scratch AS backend-source
COPY --link app/ /app/app/
COPY --link bootstrap/ /app/bootstrap/
COPY --link config/ /app/config/
COPY --link config-validation/ /app/config-validation/
COPY --link database/ /app/database/
COPY --link resources/ /app/resources/
COPY --link routes/ /app/routes/
COPY --link lang/ /app/lang/
COPY --link artisan composer.json composer.lock /app/
COPY --link --from=frontend /app/public/ /app/public/
COPY --link nova-components/ /app/nova-components/
COPY --link --from=nova-components /nova-components/ClientIdAndSecretModal/dist/ /app/nova-components/ClientIdAndSecretModal/dist/
COPY --link --from=nova-components /nova-components/PersonalAccessTokenModal/dist/ /app/nova-components/PersonalAccessTokenModal/dist/
COPY --link --from=docs-minification /docs/ /app/public/docs/
FROM ubuntu:noble AS backend-uncompressed
LABEL maintainer="developers@robojackets.org"
ENV DEBIAN_FRONTEND=noninteractive \
COMPOSER_NO_INTERACTION=1 \
HOME=/tmp
RUN set -eux && \
apt-get update && \
apt-get upgrade -qq --assume-yes && \
apt-get install -qq --assume-yes \
php8.3-fpm php8.3-mysql php8.3-gd php8.3-xml php8.3-mbstring php8.3-zip php8.3-curl php8.3-intl \
php8.3-opcache php8.3-bcmath php8.3-ldap php8.3-uuid php8.3-sqlite sqlite3 exiftool ghostscript \
unzip libfcgi-bin default-mysql-client zopfli php8.3-redis file && \
apt-get autoremove -qq --assume-yes && \
mkdir /app && \
chown www-data:www-data /app && \
sed -i '/pid/c\\' /etc/php/8.3/fpm/php-fpm.conf && \
sed -i '/systemd_interval/c\systemd_interval = 0' /etc/php/8.3/fpm/php-fpm.conf && \
sed -i '/error_log/c\error_log = /local/error.log' /etc/php/8.3/fpm/php-fpm.conf && \
sed -i '/expose_php/c\expose_php = Off' /etc/php/8.3/fpm/php.ini && \
sed -i '/expose_php/c\expose_php = Off' /etc/php/8.3/cli/php.ini && \
sed -i '/allow_url_fopen/c\allow_url_fopen = Off' /etc/php/8.3/fpm/php.ini && \
sed -i '/allow_url_fopen/c\allow_url_fopen = Off' /etc/php/8.3/cli/php.ini && \
sed -i '/allow_url_include/c\allow_url_include = Off' /etc/php/8.3/fpm/php.ini && \
sed -i '/allow_url_include/c\allow_url_include = Off' /etc/php/8.3/cli/php.ini
COPY --link --from=composer /usr/bin/composer /usr/bin/composer
COPY --link --from=backend-source --chown=33:33 /app/ /app/
WORKDIR /app/
USER www-data
RUN --mount=type=secret,id=composer_auth,dst=/app/auth.json,uid=33,gid=33,required=true \
set -eux && \
mkdir --parents /app/storage/app/ /app/storage/framework/cache/ /app/storage/framework/sessions/ /app/storage/framework/testing/ /app/storage/framework/views/ /app/storage/logs/ && \
composer check-platform-reqs --lock --no-dev && \
composer install --no-interaction --no-progress --no-dev --optimize-autoloader --classmap-authoritative --no-cache && \
php artisan nova:publish && \
sed -i '/"\$1\\n\$2"/c\\' /app/vendor/mrclay/minify/lib/Minify/HTML.php && \
chmod 664 /app/bootstrap/app.php /app/public/index.php && \
chmod 775 /app/bootstrap/cache/
# This target is the default, but skipped during pull request builds and in our recommended local build invocation
# precompressed_assets var on the Nomad job must match whether this stage ran or not
FROM backend-uncompressed AS backend-compressed
RUN set -eux && \
cd /app/public/ && \
find . -type f -size +0 | while read file; do \
filename=$(basename -- "$file"); \
extension="${filename##*.}"; \
if [ "$extension" = "css" ] || [ "$extension" = "js" ] || [ "$extension" = "svg" ] || [ "$extension" = "html" ]; then \
zopfli --gzip -v --i10 "$file"; \
touch "$file".gz "$file"; \
elif [ "$extension" = "png" ]; then \
zopflipng -m -y --lossy_transparent --lossy_8bit --filters=01234mepb --iterations=5 "$file" "$file"; \
fi; \
done;