diff --git a/.github/workflows/build-push.yaml b/.github/workflows/build-push.yaml deleted file mode 100644 index a375722..0000000 --- a/.github/workflows/build-push.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Build and Push Container Image -on: - push: - tags: - - 'v*.*.*' -jobs: - build-push: - name: Build and Push Container Image - runs-on: ubuntu-latest - continue-on-error: true - strategy: - fail-fast: false - matrix: - images: - - name: laravel-nginx - file: laravel-nginx.Dockerfile - - name: laravel-swoole - file: laravel-swoole.Dockerfile - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Build and Push - uses: stafftastic/docker-build-push-action@main - with: - name: ${{matrix.images.name}} - file: ${{matrix.images.file}} - project: stafftastic - repository: base-images - serviceAccountKey: ${{secrets.GOOGLE_ARTIFACT_REGISTRY_SA_KEY}} diff --git a/.gitignore b/.gitignore index 9f11b75..690d363 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .idea/ +/result diff --git a/config/entrypoint-sh.nix b/config/entrypoint-sh.nix new file mode 100644 index 0000000..92f76d3 --- /dev/null +++ b/config/entrypoint-sh.nix @@ -0,0 +1,14 @@ +{ writeText +, bash +, busybox +, nginxConf +, phpFpmConf +, phpIni +}: writeText "entrypoint.sh" '' + #!${bash}/bin/bash + find /entrypoint.d -type f -executable -print0 | xargs -0I{} {} + nginx -e /dev/null -c ${nginxConf} & + php-fpm -Fy ${phpFpmConf} -c ${phpIni} & + wait -n + echo $? +'' diff --git a/config/nginx-conf.nix b/config/nginx-conf.nix new file mode 100644 index 0000000..65f9ea9 --- /dev/null +++ b/config/nginx-conf.nix @@ -0,0 +1,40 @@ +{ nginx +, writeText +}: writeText "nginx.conf" '' + user nobody nobody; + worker_processes 1; + daemon off; + error_log /dev/stdout info; + pid /dev/null; + events { + worker_connections 1024; + } + http { + access_log /dev/stdout; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + include ${nginx}/conf/mime.types; + default_type application/octet-stream; + upstream php { + server 127.0.0.1:9000; + } + server { + listen 80; + index index.php; + client_max_body_size 50m; + root /app/public; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php; + include ${nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_read_timeout 600; + } + } + } +'' diff --git a/config/php-fpm-conf.nix b/config/php-fpm-conf.nix new file mode 100644 index 0000000..9f1b125 --- /dev/null +++ b/config/php-fpm-conf.nix @@ -0,0 +1,20 @@ +{ writeText }: writeText "php-fpm.conf" '' + [global] + error_log = /dev/stderr + log_limit = 8192 + [www] + access.log = /dev/stderr + access.format = "[php-fpm:access] %R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + clear_env = no + catch_workers_output = yes + decorate_workers_output = no + user = nobody + group = nobody + listen = 127.0.0.1:9000 + pm = dynamic + pm.max_children = 20 + pm.max_requests = 1000 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 +'' diff --git a/config/php-ini.nix b/config/php-ini.nix new file mode 100644 index 0000000..1a6f059 --- /dev/null +++ b/config/php-ini.nix @@ -0,0 +1,20 @@ +{ writeText }: writeText "php.ini" '' + display_errors = On + log_errors = On + error_log = /dev/stderr + short_open_tag = Off + variables_order = 'GPCS' + request_order = 'GP' + memory_limit = 512M + max_execution_time = 300 + max_input_time = 300 + post_max_size = 50M + upload_max_size = 50M + max_input_vars = 5000 + expose_php = Off + date.timezone = UTC + opcache.memory_consumption = 512 + opcache.interned_strings_buffer = 64 + opcache.max_accelerated_files = 32531 + opcache.fast_shutdown = Off +'' diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..7255aa1 --- /dev/null +++ b/flake.lock @@ -0,0 +1,42 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1693428224, + "narHash": "sha256-FWUUlhYqkGEySUD0blTADRiDQ7fw+H1ikivfu88uy+w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "841889913dfd06a70ffb39f603e29e46f45f0c1a", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "systems": "systems" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d322542 --- /dev/null +++ b/flake.nix @@ -0,0 +1,24 @@ +{ + inputs = { + nixpkgs.url = "nixpkgs/nixos-23.05"; + systems.url = "github:nix-systems/default"; + }; + + outputs = { self, nixpkgs, systems }: + let + lib = nixpkgs.lib; + eachSystem = lib.genAttrs (import systems); + pkgsFor = eachSystem (system: nixpkgs.legacyPackages.${system}); + in { + packages = eachSystem (system: let + pkgs = pkgsFor.${system}; + in { + default = pkgs.callPackage ./image.nix {}; + php74 = pkgs.callPackage ./image.nix { php = pkgs.php74; }; + php80 = pkgs.callPackage ./image.nix { php = pkgs.php80; }; + php81 = pkgs.callPackage ./image.nix { php = pkgs.php81; }; + php82 = pkgs.callPackage ./image.nix { php = pkgs.php82; }; + php83 = pkgs.callPackage ./image.nix { php = pkgs.php83; }; + }); + }; +} diff --git a/image.nix b/image.nix new file mode 100644 index 0000000..f51e44f --- /dev/null +++ b/image.nix @@ -0,0 +1,60 @@ +{ lib +, pkgs +, hiPrio +, nginx +, php +, busybox +, bash +, buildEnv +, runCommand +, dockerTools +, imageName ? "laravel-base-image" +, imageTag ? "local" +, extraEnv ? [] +, extraPkgs ? [] +, extraPhpExtensions ? ({enabled, all}: enabled) +}: let + callPackage = lib.callPackageWith (pkgs // config); + config = { + entrypointSh = callPackage ./config/entrypoint-sh.nix {}; + phpFpmConf = callPackage ./config/php-fpm-conf.nix {}; + phpIni = callPackage ./config/php-ini.nix {}; + nginxConf = callPackage ./config/nginx-conf.nix {}; + }; + phpWithExtensions = php.withExtensions extraPhpExtensions; + bin = buildEnv { + name = "bin"; + paths = [ + (hiPrio busybox) + bash + nginx + phpWithExtensions + phpWithExtensions.packages.composer + ] ++ extraPkgs; + pathsToLink = [ "/bin" ]; + }; +in dockerTools.buildImage { + name = imageName; + tag = imageTag; + copyToRoot = buildEnv { + name = "laravel-base"; + paths = with dockerTools; [ + bin + usrBinEnv + caCertificates + fakeNss + ]; + }; + runAsRoot = '' + #!${bash}/bin/bash + mkdir -pm1777 /tmp + mkdir -p /entrypoint.d /var/cache/nginx /app + ''; + config = { + Cmd = [ "${bash}/bin/bash" config.entrypointSh ]; + WorkingDir = "/app"; + Env = [ + "PHPRC=${config.phpIni}" + ] ++ extraEnv; + }; +} diff --git a/laravel-nginx.Dockerfile b/laravel-nginx.Dockerfile deleted file mode 100644 index 99b5827..0000000 --- a/laravel-nginx.Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM webdevops/php-nginx:8.2-alpine - -ENV WEB_DOCUMENT_ROOT=/app/public -ENV php.opcache.enable=1 -ENV php.opcache.memory_consumption=512 -ENV php.opcache.interned_strings_buffer=64 -ENV php.opcache.max_accelerated_files=32531 -ENV php.opcache.fast_shutdown=0 -ENV FPM_PM_MAX_CHILDREN=20 -ENV FPM_MAX_REQUESTS=1000 - -RUN apk --update --no-cache add \ - gcompat \ - libstdc++ \ - curl \ - autoconf \ - gcc \ - g++ \ - make \ - librdkafka-dev \ - less - -RUN pecl install rdkafka && docker-php-ext-enable rdkafka -RUN rm -rf /tmp/pear - -WORKDIR /app -USER 1000 diff --git a/laravel-swoole.Dockerfile b/laravel-swoole.Dockerfile deleted file mode 100644 index 86e07f5..0000000 --- a/laravel-swoole.Dockerfile +++ /dev/null @@ -1,73 +0,0 @@ -FROM composer:2.4.4 AS composer - -FROM phpswoole/swoole:5.0-php8.1-alpine - -RUN apk --update --no-cache add \ - gcompat \ - libstdc++ \ - git \ - wget \ - curl \ - build-base \ - nodejs \ - npm \ - libmcrypt-dev \ - libxml2-dev \ - pcre-dev \ - zlib-dev \ - autoconf \ - oniguruma-dev \ - openssl \ - openssl-dev \ - freetype-dev \ - libjpeg-turbo-dev \ - jpeg-dev \ - libpng-dev \ - imagemagick-dev \ - imagemagick \ - postgresql-dev \ - libzip-dev \ - gettext-dev \ - libxslt-dev \ - libgcrypt-dev \ - librdkafka-dev \ - less - -RUN pecl channel-update pecl.php.net && \ - pecl install mcrypt && \ - pecl install xdebug && \ - pecl install rdkafka && \ - pecl install redis && \ - docker-php-ext-install \ - mysqli \ - mbstring \ - pdo \ - pdo_mysql \ - tokenizer \ - xml \ - pcntl \ - bcmath \ - pdo_pgsql \ - zip \ - intl \ - gettext \ - soap \ - sockets \ - xsl && \ - docker-php-ext-configure gd --with-freetype=/usr/lib/ --with-jpeg=/usr/lib/ && \ - docker-php-ext-install gd && \ - docker-php-ext-enable xdebug && \ - docker-php-ext-enable rdkafka && \ - docker-php-ext-enable redis && \ - rm -rf /tmp/pear && \ - rm /var/cache/apk/* - -COPY --from=composer /usr/bin/composer /usr/bin/composer - -RUN adduser --shell /bin/sh --disabled-password --uid 1000 application -RUN mkdir /app && chown 1000:1000 -R /app - -WORKDIR /app -USER 1000 - -EXPOSE 8000