build: implement prod-ready docker image

And remove laravel sail image

.github/workflows/ci.yml

@@ -209,7 +209,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v4
         with:
-          images: alkrauss48/simple-slides-sail
+          images: alkrauss48/simple-slides-laravel
           tags: |
             type=ref,prefix=dev-,event=branch
             type=semver,pattern={{version}}
@@ -230,7 +230,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          file: docker/sail-prod/Dockerfile
+          file: docker/app/Dockerfile
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

docker-compose.prod.yml

@@ -1,34 +1,10 @@
 services:
-    # TODO: Get nginx + php docker setup working for prod, instead of sail
-    #
-    # nginx:
-    #     build:
-    #         context: .
-    #         dockerfile: docker/php/Dockerfile
-    #         target: nginx-image
-    #     restart: unless-stopped
-    #     ports:
-    #         - 80:80
-    #     depends_on:
-    #         - laravel
-    #
-    # laravel:
-    #     build:
-    #         context: .
-    #         dockerfile: docker/php/Dockerfile
-    #         target: php-image
-    #     env_file:
-    #        - .env.prod
-    #     depends_on:
-    #         - pgsql
-    #         - redis
-
     laravel:
         build:
-          context: .
-          dockerfile: docker/sail-prod/Dockerfile
+            context: .
+            dockerfile: docker/app/Dockerfile
         env_file:
-            - .env.prod
+           - .env.prod
         ports:
             - 80:80
         depends_on:

docker/app/Dockerfile

@@ -0,0 +1,74 @@
+ARG PHP_VERSION=8.2
+ARG INSTALL_BCMATH=true
+ARG INSTALL_CALENDAR=false
+ARG INSTALL_EXIF=true
+ARG INSTALL_GD=true
+ARG INSTALL_IMAGICK=true
+ARG INSTALL_MOSQUITTO=false
+ARG INSTALL_MYSQL=false
+ARG INSTALL_OPCACHE=true
+ARG INSTALL_PCNTL=true
+ARG INSTALL_PGSQL=true
+ARG INSTALL_REDIS=true
+ARG INSTALL_SQLSRV=false
+ARG INSTALL_XDEBUG=false
+ARG INSTALL_ZIP=true
+ARG INSTALL_INTL=true
+
+# Backend build
+FROM ghcr.io/clevyr/php:$PHP_VERSION-base as php-builder
+WORKDIR /app
+
+COPY composer.json composer.lock ./
+RUN composer install \
+        --ignore-platform-reqs \
+        --no-autoloader \
+        --no-interaction \
+        --no-progress \
+        --no-suggest
+
+COPY . .
+RUN set -x \
+    && export TELESCOPE_ENABLED=false \
+    && composer dump-autoload \
+        --classmap-authoritative \
+        --no-interaction \
+    && php artisan vendor:publish --tag=public
+
+
+# Frontend build
+FROM node:18-alpine as node-builder
+WORKDIR /app
+
+COPY package.json package-lock.json ./
+RUN npm ci
+
+COPY --from=php-builder /app .
+ARG NODE_ENV=production
+RUN npm run build
+
+
+# Local image
+FROM ghcr.io/clevyr/php:$PHP_VERSION-onbuild as local-image
+WORKDIR /app
+
+ENV PHP_UPLOAD_MAX_FILESIZE=64m
+ENV PHP_POST_MAX_SIZE=64m
+
+# Install libraries for laravel-medialibrary
+RUN set -x \
+    && apk add --no-cache \
+        ffmpeg \
+        jpegoptim
+
+COPY --chown=root docker/app/rootfs /
+RUN crontab /etc/cron.d/scheduler
+
+CMD ["s6-svscan", "/etc/s6/app"]
+
+
+# Deployed image
+FROM local-image
+
+COPY --from=php-builder --chown=82:82 /app .
+COPY --from=node-builder --chown=82:82 /app/public public/

docker/app/rootfs/entrypoint

@@ -0,0 +1,34 @@
+#!/bin/sh
+set -ex
+
+cd /app
+
+(
+	if [ -f .env ]; then
+		source .env
+	fi
+
+	if [ "$APP_ENV" != "local" ]; then
+		php artisan config:cache
+	else
+		composer install --ignore-platform-reqs --no-interaction --no-progress
+		php artisan config:clear
+		php artisan vendor:publish --tag=public
+	fi
+
+	if [ -L public/storage ]; then
+		rm public/storage
+	fi
+	ln -s ../storage/app/public public/storage
+
+	php artisan vendor:publish --force --tag=telescope-assets --tag=horizon-assets
+
+	if [ "$DB_FRESH_ON_START" = "true" ]; then
+		php artisan migrate:fresh
+		php artisan db:seed
+	else
+		php artisan migrate --force
+	fi
+)
+
+exec php-fpm

docker/app/rootfs/etc/cron.d/scheduler

@@ -0,0 +1 @@
+* * * * * s6-setuidgid "${PUID:-www-data}" php /app/artisan schedule:run -n | grep -v 'No scheduled commands are ready to run.'

docker/app/rootfs/etc/nginx/conf.d/default.conf

@@ -0,0 +1,53 @@
+server {
+    listen 80;
+    listen [::]:80 default ipv6only=on;
+
+    server_name _;
+
+    access_log off;
+
+    root /app/public;
+    index index.php index.html index.htm;
+
+    client_max_body_size 64m;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+        try_files $uri $uri/ /index.php?$query_string;
+        expires 7d;
+    }
+
+    location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+        try_files $uri $uri/ /index.php?$query_string;
+        add_header Access-Control-Allow-Origin "*";
+        expires 7d;
+    }
+
+    location ~ [^/]\.php(/|$) {
+        fastcgi_pass 127.0.0.1:9000;
+
+        # regex to split $uri to $fastcgi_script_name and $fastcgi_path
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+        # Check that the PHP script exists before passing it
+        try_files $fastcgi_script_name =404;
+
+        # Bypass the fact that try_files resets $fastcgi_path_info
+        # see: http://trac.nginx.org/nginx/ticket/321
+        set $path_info $fastcgi_path_info;
+        fastcgi_param PATH_INFO $path_info;
+
+        fastcgi_index index.php;
+
+        fastcgi_param SCRIPT_FILENAME /app/public/index.php;
+
+        include fastcgi.conf;
+    }
+
+    location ~* \.(htaccess|htpasswd) {
+        deny all;
+    }
+}

docker/app/rootfs/etc/s6/app/nginx/down-signal

@@ -0,0 +1 @@
+SIGQUIT

docker/app/rootfs/etc/s6/app/nginx/run

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec nginx -g 'daemon off;'

docker/app/rootfs/etc/s6/app/php-fpm/down-signal

@@ -0,0 +1 @@
+SIGQUIT

docker/app/rootfs/etc/s6/app/php-fpm/run

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /entrypoint

docker/app/rootfs/etc/s6/worker/cron/run

@@ -0,0 +1,4 @@
+#!/bin/sh
+set -x
+
+exec crond -f

docker/app/rootfs/etc/s6/worker/queue-runner/run

@@ -0,0 +1,4 @@
+#!/bin/sh
+set -x
+
+exec s6-setuidgid "${PUID:-www-data}" php /app/artisan queue:work -n --delay=90 --tries=3

docker/app/rootfs/health-check

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+HEALTH_CHECK_IP="${1:-127.0.0.1}"
+
+REDIRECT_STATUS=true \
+    SCRIPT_NAME=/ping \
+    SCRIPT_FILENAME=/ping \
+    REQUEST_METHOD=GET \
+    cgi-fcgi -bind -connect "$HEALTH_CHECK_IP:9000" \
+        | grep pong
+exit $?

docker/app/rootfs/usr/local/etc/php/conf.d/99-docker-php-ext-xdebug-config.ini

@@ -0,0 +1,6 @@
+[xdebug]
+xdebug.remote_autostart = 0
+xdebug.remote_enable = 1
+xdebug.remote_host = "host.docker.internal"
+xdebug.remote_port = 9000
+xdebug.remote_profiler_enable_trigger = 1