diff options
| author | Andrew Dolgov <[email protected]> | 2023-03-25 18:20:30 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2023-03-25 19:41:33 +0300 |
| commit | 339f41f0f275a3ee6d5bc0b6e146d051cabdbd8a (patch) | |
| tree | a27811b19352fbb8a4b24f33f909279312f26bce | |
| parent | 66edaa02d8cbff4a08807e6770df0e12dd530566 (diff) | |
add build workflow
| -rw-r--r-- | .docker/app/Dockerfile | 57 | ||||
| -rw-r--r-- | .docker/app/config.docker.php | 8 | ||||
| -rw-r--r-- | .docker/app/index.php | 3 | ||||
| -rw-r--r-- | .docker/app/startup.sh | 77 | ||||
| -rw-r--r-- | .docker/dict/Dockerfile | 9 | ||||
| -rw-r--r-- | .docker/dict/dictd.conf | 43 | ||||
| -rw-r--r-- | .docker/web-nginx/Dockerfile | 3 | ||||
| -rw-r--r-- | .docker/web-nginx/nginx.conf | 60 | ||||
| -rw-r--r-- | .gitea/workflows/build.yml | 75 | ||||
| -rw-r--r-- | .gitea/workflows/lint.yaml | 4 |
10 files changed, 336 insertions, 3 deletions
diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile new file mode 100644 index 0000000..9171aeb --- /dev/null +++ b/.docker/app/Dockerfile @@ -0,0 +1,57 @@ +FROM alpine:3.13 +EXPOSE 9000/tcp + +ENV SCRIPT_ROOT=/opt/epube +ENV SRC_DIR=/src/epube + +COPY --from=app-src . ${SRC_DIR} + +RUN apk add --no-cache php8 php8-fpm \ + php8-pdo php8-gd php8-mbstring \ + php8-intl php8-xml php8-session \ + php8-dom php8-fileinfo php8-json \ + php8-sqlite3 php8-pdo_sqlite sqlite \ + php8-zip php8-curl php8-openssl git \ + sudo php8-pecl-xdebug rsync && \ + sed -i -e 's/post_max_size = 8M/post_max_size = 64M/' /etc/php8/php.ini && \ + sed -i -e 's/^listen = 127.0.0.1:9000/listen = 9000/' \ + -e 's/;\(clear_env\) = .*/\1 = no/i' \ + -e 's/^\(user\|group\) = .*/\1 = app/i' \ + -e 's/;\(php_admin_value\[error_log\]\) = .*/\1 = \/tmp\/error.log/' \ + -e 's/;\(php_admin_flag\[log_errors\]\) = .*/\1 = on/' \ + /etc/php8/php-fpm.d/www.conf && \ + mkdir -p /var/www ${SCRIPT_ROOT}/config.d + +ADD startup.sh ${SCRIPT_ROOT} +ADD index.php ${SCRIPT_ROOT} +ADD config.docker.php ${SCRIPT_ROOT} + +RUN chmod +x /opt/epube/startup.sh + +ARG ORIGIN_REPO=https://git.tt-rss.org/fox/the-epube.git +ARG ORIGIN_COMMIT= + +ENV ORIGIN_REPO_MAIN=${ORIGIN_REPO_MAIN} +ENV ORIGIN_REPO_XACCEL=${ORIGIN_REPO_XACCEL} +ENV ORIGIN_COMMIT=${ORIGIN_COMMIT} + +#RUN sh -c ${SCRIPT_ROOT}/build-prepare.sh + +ENV OWNER_UID=1000 +ENV OWNER_GID=1000 + +ENV EPUBE_ADMIN_USER="admin" +ENV EPUBE_ADMIN_PASS="password" + +# EPUBE_XDEBUG_HOST defaults to host IP if unset +ENV EPUBE_XDEBUG_ENABLED="" +ENV EPUBE_XDEBUG_HOST="" +ENV EPUBE_XDEBUG_PORT="9000" + +ENV EPUBE_SCRATCH_DB="db/scratch.db" +ENV EPUBE_BOOKS_DIR="/books" +ENV EPUBE_CALIBRE_DB="/books/metadata.db" +ENV EPUBE_DICT_SERVER="dict" + + +CMD ${SCRIPT_ROOT}/startup.sh diff --git a/.docker/app/config.docker.php b/.docker/app/config.docker.php new file mode 100644 index 0000000..eb8fd38 --- /dev/null +++ b/.docker/app/config.docker.php @@ -0,0 +1,8 @@ +<?php + $snippets = glob(getenv("SCRIPT_ROOT")."/config.d/*.php"); + + foreach ($snippets as $snippet) { + require_once $snippet; + } + + diff --git a/.docker/app/index.php b/.docker/app/index.php new file mode 100644 index 0000000..c3b098d --- /dev/null +++ b/.docker/app/index.php @@ -0,0 +1,3 @@ +<?php + header("Location: /books/"); + return; diff --git a/.docker/app/startup.sh b/.docker/app/startup.sh new file mode 100644 index 0000000..5c57db6 --- /dev/null +++ b/.docker/app/startup.sh @@ -0,0 +1,77 @@ +#!/bin/sh -e + +if ! id app >/dev/null 2>&1; then + # what if i actually need a duplicate GID/UID group? + + addgroup -g $OWNER_GID app || echo app:x:$OWNER_GID:app | \ + tee -a /etc/group + + adduser -D -h /var/www/html -G app -u $OWNER_UID app || \ + echo app:x:$OWNER_UID:$OWNER_GID:Linux User,,,:/var/www/html:/bin/ash | tee -a /etc/passwd +fi + +DST_DIR=/var/www/html/books + +[ -e $DST_DIR ] && rm -f $DST_DIR/.app_is_ready + +export PGPASSWORD=$DB_PASS + +[ ! -e /var/www/html/index.php ] && cp ${SCRIPT_ROOT}/index.php /var/www/html + +if [ ! -d $DST_DIR ]; then + rsync -a \ + $SRC_DIR/ $DST_DIR/ +else + rsync -a --delete \ + --exclude sessions \ + --exclude lib/fonts \ + --exclude db \ + $SRC_DIR/ $DST_DIR/ +fi + +if [ ! -e $DST_DIR/index.php ]; then + echo "error: epube index.php missing (git clone failed?), unable to continue." + exit 1 +fi + +if [ -r ${SCRIPT_ROOT}/restore.db ]; then + cp ${SCRIPT_ROOT}/restore.db ${DST_DIR}/${EPUBE_SCRATCH_DB} +fi + +chown -R $OWNER_UID:$OWNER_GID $DST_DIR \ + /var/log/php8 + +for d in db sessions; do + chmod -R 777 $DST_DIR/$d +done + +cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php + +if [ ! -z "${EPUBE_XDEBUG_ENABLED}" ]; then + if [ -z "${EPUBE_XDEBUG_HOST}" ]; then + export EPUBE_XDEBUG_HOST=$(ip ro sh 0/0 | cut -d " " -f 3) + fi + echo enabling xdebug with the following parameters: + env | grep EPUBE_XDEBUG + cat > /etc/php8/conf.d/50_xdebug.ini <<EOF +zend_extension=xdebug.so +xdebug.mode=develop,trace,debug +xdebug.start_with_request = yes +xdebug.client_port = ${EPUBE_XDEBUG_PORT} +xdebug.client_host = ${EPUBE_XDEBUG_HOST} +EOF +fi + +sudo -Eu app php8 $DST_DIR/update.php --update-schema=force-yes + +rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log + +(tail -q -f /tmp/error.log >> /proc/1/fd/2) & + +if ! sudo -Eu app php8 $DST_DIR/update.php --user-list | grep -q "$EPUBE_ADMIN_USER"; then + sudo -Eu app php8 $DST_DIR/update.php --user-add "$EPUBE_ADMIN_USER:$EPUBE_ADMIN_PASS" +fi + +touch $DST_DIR/.app_is_ready + +exec /usr/sbin/php-fpm8 --nodaemonize --force-stderr -R diff --git a/.docker/dict/Dockerfile b/.docker/dict/Dockerfile new file mode 100644 index 0000000..c4d4fd0 --- /dev/null +++ b/.docker/dict/Dockerfile @@ -0,0 +1,9 @@ +FROM debian:buster-slim + +RUN apt-get update && apt-get install -y dictd mueller7-dict + +COPY dictd.conf /etc/dictd/dictd.conf + +EXPOSE 2628 + +ENTRYPOINT /usr/sbin/dictd -d nodetach diff --git a/.docker/dict/dictd.conf b/.docker/dict/dictd.conf new file mode 100644 index 0000000..7113bec --- /dev/null +++ b/.docker/dict/dictd.conf @@ -0,0 +1,43 @@ +# /etc/dictd/dictd.conf + +# This is the configuration file for /usr/sbin/dictd. The access +# specification included in this file allows access only from the +# localhost. If this machine is acting as a server for a network you +# will probably want to add additional access specifications in this +# file. See the dictd manpage - man dictd. + +# A sample database section is generated automatically upon +# installation or removal of the dictd package or any dictionary +# database package. Replace the ``include /var/lib/dictd/db.list'' +# line below if you wish to provide a custom database section. +# Customization may also be achieved via the optional dictdconfig +# order override file /etc/dictd/dictd.order. See the dictdconfig +# manpage - man dictdconfig. + +# Older dictionary database packages did not automatically +# invoke /usr/sbin/dictdconfig upon installation and removal, +# so you may need to do so manually. + +# Site section here: + +global { +#listen_to 127.0.0.1 +# bind to local interfacea only +} + +# Access section here: + +access { +allow * +allow localhost +allow 127.0.0.1 +# this allows access only from local host +allow inetd +# this allows access from inetd server +} + +# Database section here: + +include /var/lib/dictd/db.list + +# User section here: diff --git a/.docker/web-nginx/Dockerfile b/.docker/web-nginx/Dockerfile new file mode 100644 index 0000000..9e620af --- /dev/null +++ b/.docker/web-nginx/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:alpine + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.docker/web-nginx/nginx.conf b/.docker/web-nginx/nginx.conf new file mode 100644 index 0000000..12d526a --- /dev/null +++ b/.docker/web-nginx/nginx.conf @@ -0,0 +1,60 @@ +worker_processes auto; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/stdout; + error_log /dev/stderr warn; + + sendfile on; + client_max_body_size 64M; + + index index.php; + + upstream app { + server app:9000; + } + + server { + listen 80; + listen [::]:80; + root /var/www/html; + + location /books/db { + internal; + } + + location /books/sessions { + internal; + } + + location ~ \.php$ { + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + + # Check that the PHP script exists before passing it + try_files $fastcgi_script_name =404; + + # Bypass the fact that try_files resets $fastcgi_path_info + # see: http://trac.nginx.org/nginx/ticket/321 + set $path_info $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; + + fastcgi_index index.php; + include fastcgi.conf; + + fastcgi_pass app; + } + + location / { + try_files $uri $uri/ =404; + } + + } +} diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..00e723a --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,75 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json + +name: build + +on: + push: + branches: + - "master" + workflow_dispatch: {} + +defaults: + run: + shell: sh + +jobs: + build: + runs-on: alpine-3.16 + steps: + - uses: https://gitea.com/actions/checkout@v3 + + - name: eslint + run: npx eslint js + + - name: phpstan + run: php81 -d memory_limit=-1 ./vendor/bin/phpstan --memory-limit=2G + + - run: echo REPO_TIMESTAMP=$(git --git-dir '.git' --no-pager log --pretty='%ct' -n1 HEAD) >> $GITHUB_ENV + - run: echo REPO_COMMIT=$(git --git-dir '.git' --no-pager log --pretty='%h' -n1 HEAD) >> $GITHUB_ENV + - run: echo REPO_COMMIT_FULL=$(git --git-dir '.git' --no-pager log --pretty='%H' -n1 HEAD) >> $GITHUB_ENV + - run: echo BUILD_TAG=$(date -d @${REPO_TIMESTAMP} +%y.%m)-${REPO_COMMIT} >> $GITHUB_ENV + + - name: setup buildx + uses: https://github.com/docker/setup-buildx-action@v2 + + - name: login into registry + run: | + BASE64_AUTH=`echo -n "$REGISTRY_USER:$REGISTRY_PASSWORD" | base64` + mkdir -p ~/.docker + echo "{\"auths\": {\"registry-rw.fakecake.org\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json + env: + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + if: ${{ !!secrets.REGISTRY_PUSH_ENABLED }} + + - name: build web-nginx image + uses: https://github.com/docker/build-push-action@v4 + with: + push: ${{ !!secrets.REGISTRY_PUSH_ENABLED }} + context: .docker/web-nginx + tags: | + registry-rw.fakecake.org/cthulhoo/the-epube-web-nginx:latest + registry-rw.fakecake.org/cthulhoo/the-epube-web-nginx:${{ env.BUILD_TAG }} + provenance: false + + - name: build dict image + uses: https://github.com/docker/build-push-action@v4 + with: + push: ${{ !!secrets.REGISTRY_PUSH_ENABLED }} + context: .docker/dict + tags: | + registry-rw.fakecake.org/cthulhoo/the-epube-dict:latest + registry-rw.fakecake.org/cthulhoo/the-epube-dict:${{ env.BUILD_TAG }} + provenance: false + + - name: build app image + uses: https://github.com/docker/build-push-action@v4 + with: + push: ${{ !!secrets.REGISTRY_PUSH_ENABLED }} + context: .docker/app + build-contexts: + app-src=. + tags: | + registry-rw.fakecake.org/cthulhoo/the-epube-fpm-static:latest + registry-rw.fakecake.org/cthulhoo/the-epube-fpm-static:${{ env.BUILD_TAG }} + provenance: false diff --git a/.gitea/workflows/lint.yaml b/.gitea/workflows/lint.yaml index 6b7d487..5df3de2 100644 --- a/.gitea/workflows/lint.yaml +++ b/.gitea/workflows/lint.yaml @@ -3,9 +3,7 @@ name: lint on: - - push - - workflow_dispatch - - pull_request + pull_request: {} defaults: run: |