php-ug · heiglandreas · Jul 1, 2025 · Jul 1, 2025
diff --git a/.docker/nginx/Dockerfile b/.docker/nginx/Dockerfile
@@ -1,22 +1,4 @@
 FROM nginx:latest
 LABEL authors="andreas@heigl.org"
 
-COPY ./ssl /etc/nginx/ssl
-WORKDIR /etc/nginx
-#
-# This requires to have these commands run inside the nginx-folder to create the CA certificates
-#
-# > openssl genrsa -out ssl/ca.key 4096; \
-# > openssl req -x509 -new -nodes -subj "/C=ug/O=php/CN=development certificates;" -key ssl/ca.key -sha512 -days 3650 -out ssl/ca.crt;
-#
-RUN apt-get update && apt-get install -y openssl && \
-    openssl genrsa -out "ssl/php.ug.lo.key" 2048 && \
-    openssl req -new -subj "/C=ug/O=php/CN=php.ug.lo.lo" -key "ssl/php.ug.lo.key" -out "ssl/php.ug.lo.csr" && \
-    openssl x509 -req -in "ssl/php.ug.lo.csr" -extfile "ssl/php.ug.lo.ext" -CA "ssl/ca.crt" -CAkey "ssl/ca.key" -CAcreateserial -out "ssl/php.ug.lo.crt" -days=365 -sha512 && \
-    rm "ssl/php.ug.lo.csr" "ssl/ca.key" && \
-    apt-get remove -y openssl
-
-WORKDIR /var/www/php.ug/public
-
-
-
+COPY build/ /var/www/html
diff --git a/.docker/nginx/default.conf b/.docker/nginx/default.conf
@@ -1,29 +1,15 @@
 server {
 
     # Set the port to listen on and the server name
-    listen 80;
-    listen [::]:80;
-    server_name php.ug php.ug.lo;
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
 
-    return 301 https://$server_name$request_uri;
-}
-
-server {
-    listen [::]:443 ssl;
-    listen 443 ssl;
-    server_name php.ug php.ug.lo;
-    # Set the document root of the project
-    root /var/www/php.ug/public;
+    root /var/www/html/public;
 
     # Set the directory index files
     index index.html index.php;
 
-    ssl_certificate /etc/nginx/ssl/php.ug.lo.crt;
-    ssl_certificate_key /etc/nginx/ssl/php.ug.lo.key;
-
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-    ssl_ciphers         HIGH:!aNULL:!MD5;
-
     # Specify the default character set
     charset utf-8;
 
@@ -58,7 +44,7 @@ server {
 
     sendfile off;
 
-    client_max_body_size 100m;
+    client_max_body_size 20m;
 
     # Specify what happens what .ht files are requested
     location ~ /\.ht {

diff --git a/.docker/nginx/ssl/ca.crt b/.docker/nginx/ssl/ca.crt
diff --git a/.docker/nginx/ssl/ca.key b/.docker/nginx/ssl/ca.key
diff --git a/.docker/nginx/ssl/php.ug.lo.ext b/.docker/nginx/ssl/php.ug.lo.ext
diff --git a/.docker/php/Dockerfile b/.docker/php/Dockerfile
@@ -1,9 +1,15 @@
-FROM php:8.4-fpm
+FROM php:8.4-fpm AS base
 LABEL authors="andreas@heigl.org"
 
 COPY --from=ghcr.io/php/pie:bin /pie /usr/bin/pie
 COPY scripts /tmp
 RUN bash -c "/tmp/php-build.sh"
 RUN bash -c "/tmp/php-install-composer.sh"
 RUN bash -c "/tmp/php-install-phive.sh"
-WORKDIR "/var/www/php.ug"
+WORKDIR "/var/www/html"
+
+FROM base AS prod
+
+RUN rm /usr/bin/pie /usr/local/bin/composer /usr/local/bin/phive
+COPY build /var/www/html
+
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,7 @@
+tests export-ignore
+.justfiles  export-ignore
+.docker  export-ignore
+.editorconfig  export-ignore
+.gitattributes  export-ignore
+.gitignore  export-ignore
+Justfile  export-ignore
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,152 @@
+name: Build and deploy
+
+on:
+    push:
+    release:
+        types: [published]
+jobs:
+    buildBackend:
+        name: Build backend
+        runs-on: ubuntu-latest
+        environment: deploy_on_release
+        steps:
+            - name: "Checkout"
+              uses: "actions/checkout@v4"
+              with:
+                  ref: ${{ github.head_ref || github.ref_name }}
+                  fetch-depth: 100
+            - name: "install PHP and composer"
+              uses: "shivammathur/setup-php@v2"
+              with:
+                  coverage: "none"
+                  extensions: "intl, zip, xml, apcu"
+                  ini-values: "memory_limit=-1"
+                  php-version: "8.4"
+                  tools: "composer"
+            - name: "Export Git repo"
+              run: |
+                  # Remove a possibly existing extraction folder
+                  rm -rf extract
+                  # No that we are sure it's not there, create an empty extraction folder
+                  mkdir extract
+                  # Create an archive from the repository based on the given tag
+                  # and extract that into the just created extraction folder.
+                  git archive --prefix="./" --format=tar ${{ github.head_ref || github.ref_name }}  .| tar xv -C extract/
+                  # Do some shell magic to replace occurrences of the string '%release-tag%'
+                  # with the current release tag in all files within the extraction folder
+                  find extract/ -type f -exec sed -i "s/%release-tag%/:${{ github.head_ref || github.ref_name }}/" {} \;
+                  # Move into the extraction folder
+                  cd extract
+                  # Call composer install to add all your dependencies, prefer the
+                  # distribution ones and create an authoritative and optimized autoloader
+                  composer install --no-dev --prefer-dist -a
+                  # Go back one level
+                  rm -rf frontend compose*
+                  cd ..
+                  # Create the actual archive that you want to deploy
+                  tar cvzf backend-${{ github.head_ref || github.ref_name }}.tgz -C extract/ .
+                  # clean up the extraction folder
+                  rm -rf extract
+            -  uses: actions/upload-artifact@v4
+               with:
+                   name: backend
+                   path: backend-${{ github.head_ref || github.ref_name }}.tgz
+                   retention-days: 1
+
+    buildFrontend:
+        name: "Build Frontend"
+        runs-on: ubuntu-latest
+        environment: deploy_on_release
+        steps:
+            - name: "Checkout"
+              uses: "actions/checkout@v4"
+              with:
+                  ref: ${{ github.head_ref || github.ref_name }}
+                  fetch-depth: 100
+            - name: "install Node"
+              uses: actions/setup-node@v4
+              with:
+                  node-version: '20.x'
+            - name: "Export Git repo"
+              run: |
+                  # Remove a possibly existing extraction folder
+                  rm -rf extract
+                  # No that we are sure it's not there, create an empty extraction folder
+                  mkdir extract
+                  # Create an archive from the repository based on the given tag
+                  # and extract that into the just created extraction folder.
+                  git archive --prefix="./" --format=tar ${{ github.head_ref || github.ref_name }}  .| tar xv -C extract/
+                  # Do some shell magic to replace occurrences of the string '%release-tag%'
+                  # with the current release tag in all files within the extraction folder
+                  find extract/ -type f -exec sed -i "s/%release-tag%/:${{ github.head_ref || github.ref_name }}/" {} \;
+                  # Move into the extraction folder
+                  cd extract/frontend
+                  # Call Node.js install to add all your dependencies, prefer the
+                  npm ci
+                  npm run build
+                  # Go back one level
+                  cd ..
+                  rm -rf config src templates vendor frontend compose*
+                  cd ..
+                  # Create the actual archive that you want to deploy
+                  tar cvzf frontend-${{ github.head_ref || github.ref_name }}.tgz -C extract/ .
+                  # clean up the extraction folder
+                  rm -rf extract
+            -  uses: actions/upload-artifact@v4
+               with:
+                   name: frontend
+                   path: frontend-${{ github.head_ref || github.ref_name }}.tgz
+                   retention-days: 1
+
+    buildFrontendContainer:
+        needs: buildFrontend
+        name: "Build Frontend-COntainer"
+
+        runs-on: ubuntu-latest
+        steps:
+            -   name: 'Checkout GitHub Action'
+                uses: actions/checkout@main
+
+            -   name: 'Login to GitHub Container Registry'
+                uses: docker/login-action@v1
+                with:
+                    registry: ghcr.io
+                    username: ${{github.actor}}
+                    password: ${{secrets.GITHUB_TOKEN}}
+
+            -   uses: actions/download-artifact@v4
+                with:
+                    name: frontend
+            -   name: 'Build Inventory Image'
+                run: |
+                    mkdir -p .docker/nginx/build
+                    tar xvzf frontend-${{ github.head_ref || github.ref_name }}.tgz -C .docker/nginx/build
+                    cp .env.dist .env
+                    docker compose build nginx
+                    docker compose push nginx
+    buildBackendContainer:
+        needs: buildBackend
+        name: "Build Backend-COntainer"
+
+        runs-on: ubuntu-latest
+        steps:
+            -   name: 'Checkout GitHub Action'
+                uses: actions/checkout@main
+
+            -   name: 'Login to GitHub Container Registry'
+                uses: docker/login-action@v1
+                with:
+                    registry: ghcr.io
+                    username: ${{github.actor}}
+                    password: ${{secrets.GITHUB_TOKEN}}
+
+            -   uses: actions/download-artifact@v4
+                with:
+                    name: backend
+            -   name: 'Build Inventory Image'
+                run: |
+                    mkdir -p .docker/php/build
+                    tar xvzf backend-${{ github.head_ref || github.ref_name }}.tgz -C .docker/php/build
+                    cp .env.dist .env
+                    docker compose build php
+                    docker compose push php
diff --git a/.justfiles/build.Justfile b/.justfiles/build.Justfile
@@ -0,0 +1,14 @@
+# Start the local instance
+[group("Build")]
+extract-php tag:
+	docker compose exec php bash -c <<- DELIMITER
+		rm -rf extract \
+		mkdir extract \
+		git archive --prefix=\"./\" --format=tar {{tag}} .| tar xv -C extract/ \
+		find extract/ -type f -exec sed -i \"s/%release-tag%/:{{tag}}/\" {} \; \
+		cd extract \
+		composer install --no-dev --prefer-dist -a \
+		cd .. \
+		tar cvzf archive.tgz -C extract/ . \
+		rm -rf extract \
+	DELIMITER
diff --git a/Justfile b/Justfile
@@ -2,6 +2,7 @@
 
 export COMPOSE_BAKE := "true"
 
+import '.justfiles/build.Justfile'
 import '.justfiles/docker.Justfile'
 import '.justfiles/init.Justfile'
 

diff --git a/compose.override.yml b/compose.override.yml
@@ -1,4 +1,12 @@
 services:
     php:
         volumes:
-            -   .:/var/www/php.ug
+            -   .:/var/www/html
+
+    nginx:
+        volumes:
+            -   .:/var/www/html
+    smtp:
+        image: mailhog/mailhog
+        ports:
+            - 8025:8025