-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
76 lines (63 loc) · 3.29 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# syntax = docker/dockerfile:1.11
FROM scratch AS backend-source
COPY --link app/ /app/app/
COPY --link bootstrap/ /app/bootstrap/
COPY --link config/ /app/config/
COPY --link database/ /app/database/
COPY --link lang/ /app/lang/
COPY --link public/ /app/public/
COPY --link resources/ /app/resources/
COPY --link routes/ /app/routes/
COPY --link storage/ /app/storage/
COPY --link artisan composer.json composer.lock /app/
FROM ubuntu:noble AS backend-uncompressed
LABEL maintainer="[email protected]"
ENV DEBIAN_FRONTEND=noninteractive \
COMPOSER_NO_INTERACTION=1 \
HOME=/tmp
RUN set -eux && \
apt-get update && \
apt-get upgrade -qq --assume-yes && \
apt-get install -qq --assume-yes \
php8.3-fpm php8.3-mysql php8.3-xml unzip libfcgi-bin php8.3-curl php8.3-mbstring php8.3-intl php8.3-redis php8.3-uuid php8.3-gmp php8.3-sqlite zopfli default-mysql-client && \
apt-get autoremove -qq --assume-yes && \
mkdir /app && \
chown www-data:www-data /app && \
sed -i '/pid/c\\' /etc/php/8.3/fpm/php-fpm.conf && \
sed -i '/systemd_interval/c\systemd_interval = 0' /etc/php/8.3/fpm/php-fpm.conf && \
sed -i '/error_log/c\error_log = /local/error.log' /etc/php/8.3/fpm/php-fpm.conf && \
sed -i '/upload_max_filesize/c\upload_max_filesize = 10M' /etc/php/8.3/fpm/php.ini && \
sed -i '/max_file_uploads/c\max_file_uploads = 1' /etc/php/8.3/fpm/php.ini && \
sed -i '/expose_php/c\expose_php = Off' /etc/php/8.3/fpm/php.ini && \
sed -i '/expose_php/c\expose_php = Off' /etc/php/8.3/cli/php.ini && \
sed -i '/allow_url_fopen/c\allow_url_fopen = Off' /etc/php/8.3/fpm/php.ini && \
sed -i '/allow_url_fopen/c\allow_url_fopen = Off' /etc/php/8.3/cli/php.ini && \
sed -i '/allow_url_include/c\allow_url_include = Off' /etc/php/8.3/fpm/php.ini && \
sed -i '/allow_url_include/c\allow_url_include = Off' /etc/php/8.3/cli/php.ini
COPY --link --from=composer /usr/bin/composer /usr/bin/composer
COPY --link --from=backend-source --chown=33:33 /app/ /app/
WORKDIR /app/
USER www-data
RUN --mount=type=secret,id=composer_auth,dst=/app/auth.json,uid=33,gid=33,required=true \
set -eux && \
composer check-platform-reqs --lock --no-dev && \
composer install --no-interaction --no-progress --no-dev --optimize-autoloader --classmap-authoritative --no-cache && \
mkdir --parents /app/resources/views/ && \
sed -i '/"\$1\\n\$2"/c\\' /app/vendor/mrclay/minify/lib/Minify/HTML.php && \
chmod 664 /app/bootstrap/app.php /app/public/index.php && \
chmod 775 /app/bootstrap/cache/
# This target is the default, but skipped during pull request builds and in our recommended local build invocation
# precompressed_assets var on the Nomad job must match whether this stage ran or not
FROM backend-uncompressed AS backend-compressed
RUN set -eux && \
cd /app/public/ && \
find . -type f -size +0 | while read file; do \
filename=$(basename -- "$file"); \
extension="${filename##*.}"; \
if [ "$extension" = "css" ] || [ "$extension" = "js" ] || [ "$extension" = "svg" ]; then \
zopfli --gzip -v --i10 "$file"; \
touch "$file".gz "$file"; \
elif [ "$extension" = "png" ]; then \
zopflipng -m -y --lossy_transparent --lossy_8bit --filters=01234mepb --iterations=5 "$file" "$file"; \
fi; \
done;