Use a single Dockerfile for the API images

api-platform · Jun 4, 2018 · b81fde5 · b81fde5
1 parent 98b7f4f
commit b81fde5
Show file tree

Hide file tree

Showing 18 changed files with 94 additions and 67 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -67,7 +67,7 @@ indent_size = 4
 indent_style = space
 indent_size = 2
 
-[Dockerfile*]
+[Dockerfile]
 indent_style = tab
 indent_size = 4
 

diff --git a/.travis.yml b/.travis.yml
@@ -8,19 +8,20 @@ addons:
     packages:
       - docker-ce
 
+before_install:
+  - curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash -s -- --version v2.9.0
+
 install: true
 
 before_script:
   - sudo service postgresql stop
-  - curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash -s -- --version v2.6.1
   # wait for postgresql to shutdown
   - while sudo lsof -Pi :5432 -sTCP:LISTEN -t; do sleep 1; done
 
 script:
   - if jq '.extra.symfony.id != null' api/composer.json -e > /dev/null; then echo 'composer.json must not have symfony.id' 1>&2 && false; fi
   - docker-compose build
   - docker-compose run --no-deps -T php composer validate --no-check-publish
-  - helm lint api/helm/api/
   - docker-compose up -d
   - sleep 30
   - docker-compose exec -T php composer req sensiolabs/security-checker
@@ -33,6 +34,7 @@ script:
   - curl -k https://localhost:444 # Admin (HTTP/2)
   - curl -k https://localhost:8443 # API (HTTP/2)
   - curl -k https://localhost:8444 # Varnish (HTTP/2)
+  - helm lint ./api/helm/api/
 
 before_deploy:
   - echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin "$DOCKER_REGISTRY"

diff --git a/api/.dockerignore b/api/.dockerignore
@@ -8,7 +8,7 @@
 **/.gitattributes
 **/.gitignore
 **/.gitmodules
-**/Dockerfile*
+**/Dockerfile
 **/Thumbs.db
 .editorconfig
 .env*

diff --git a/api/.env b/api/.env
@@ -13,7 +13,7 @@ TRUSTED_HOSTS=localhost,api
 # Format described at http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
 # For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db"
 # Configure your db driver and server_version in config/packages/doctrine.yaml
-DATABASE_URL=pgsql://api-platform:!ChangeMe!@db/api
+DATABASE_URL=postgres://api-platform:!ChangeMe!@db/api
 ###< doctrine/doctrine-bundle ###
 
 ###> nelmio/cors-bundle ###

diff --git a/api/.env.dist b/api/.env.dist
@@ -13,7 +13,7 @@ TRUSTED_HOSTS=localhost,api
 # Format described at http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
 # For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db"
 # Configure your db driver and server_version in config/packages/doctrine.yaml
-DATABASE_URL=pgsql://api-platform:!ChangeMe!@db/api
+DATABASE_URL=postgres://api-platform:!ChangeMe!@db/api
 ###< doctrine/doctrine-bundle ###
 
 ###> nelmio/cors-bundle ###

diff --git a/api/.gitignore b/api/.gitignore
@@ -7,7 +7,6 @@
 ###< symfony/framework-bundle ###
 
 /helm/api/charts
-/helm/api/requirements.lock
 
 ###> friendsofphp/php-cs-fixer ###
 .php_cs

diff --git a/api/Dockerfile b/api/Dockerfile
@@ -1,42 +1,60 @@
 ARG PHP_VERSION=7.2
-ARG ALPINE_VERSION=3.7
-FROM php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION}
+ARG NGINX_VERSION=1.14
+ARG VARNISH_VERSION=6.0
 
+FROM php:${PHP_VERSION}-fpm-alpine AS api_platform_php
+
+# persistent / runtime deps
 RUN apk add --no-cache \
-		git
+		acl \
+		file \
+		gettext \
+		git \
+		postgresql-client \
+	;
 
 ARG APCU_VERSION=5.1.11
-RUN set -xe \
-	&& apk add --no-cache --virtual .build-deps \
+RUN set -eux; \
+	apk add --no-cache --virtual .build-deps \
 		$PHPIZE_DEPS \
 		icu-dev \
+		libzip-dev \
 		postgresql-dev \
 		zlib-dev \
-	&& docker-php-ext-install -j$(nproc) \
+	; \
+	\
+	docker-php-ext-configure zip --with-libzip; \
+	docker-php-ext-install -j$(nproc) \
 		intl \
 		pdo_pgsql \
 		zip \
-	&& pecl install \
+	; \
+	pecl install \
 		apcu-${APCU_VERSION} \
-	&& pecl clear-cache \
-	&& docker-php-ext-enable --ini-name 20-apcu.ini apcu \
-	&& docker-php-ext-enable --ini-name 05-opcache.ini opcache \
-	&& runDeps="$( \
+	; \
+	pecl clear-cache; \
+	docker-php-ext-enable \
+		apcu \
+		opcache \
+	; \
+	\
+	runDeps="$( \
 		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
 			| tr ',' '\n' \
 			| sort -u \
 			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)" \
-	&& apk add --no-cache --virtual .api-phpexts-rundeps $runDeps \
-	&& apk del .build-deps
+	)"; \
+	apk add --no-cache --virtual .api-phpexts-rundeps $runDeps; \
+	\
+	apk del .build-deps
 
 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
 COPY docker/php/php.ini /usr/local/etc/php/php.ini
 
 # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
 ENV COMPOSER_ALLOW_SUPERUSER=1
-RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --classmap-authoritative \
-	&& composer clear-cache
+RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --classmap-authoritative; \
+	composer clear-cache
 ENV PATH="${PATH}:/root/.composer/vendor/bin"
 
 WORKDIR /srv/api
@@ -46,20 +64,32 @@ ARG APP_ENV=prod
 
 # Prevent the reinstallation of vendors at every changes in the source code
 COPY composer.json composer.lock ./
-RUN composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress --no-suggest \
-	&& composer clear-cache
+RUN composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress --no-suggest; \
+	composer clear-cache
 
 COPY . ./
 
-RUN mkdir -p var/cache var/log var/sessions \
-	&& composer dump-autoload --classmap-authoritative --no-dev \
-	&& composer run-script --no-dev post-install-cmd \
-	&& chmod +x bin/console && sync \
-	&& chown -R www-data var
+RUN set -eux; \
+	mkdir -p var/cache var/log; \
+	composer dump-autoload --classmap-authoritative --no-dev; \
+	composer run-script --no-dev post-install-cmd; \
+	chmod +x bin/console; sync
 VOLUME /srv/api/var
 
 COPY docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
 RUN chmod +x /usr/local/bin/docker-entrypoint
 
 ENTRYPOINT ["docker-entrypoint"]
 CMD ["php-fpm"]
+
+FROM nginx:${NGINX_VERSION}-alpine AS api_platform_nginx
+
+COPY docker/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
+
+WORKDIR /srv/api
+
+COPY --from=api_platform_php /srv/api/public public/
+
+FROM cooptilleuls/varnish:${VARNISH_VERSION} AS api_platform_varnish
+
+COPY docker/varnish/conf/default.vcl /usr/local/etc/varnish/default.vcl
diff --git a/api/Dockerfile.nginx b/api/Dockerfile.nginx
diff --git a/api/Dockerfile.varnish b/api/Dockerfile.varnish
diff --git a/api/docker/php/docker-entrypoint.sh b/api/docker/php/docker-entrypoint.sh
@@ -7,15 +7,18 @@ if [ "${1#-}" != "$1" ]; then
 fi
 
 if [ "$1" = 'php-fpm' ] || [ "$1" = 'bin/console' ]; then
-	mkdir -p var/cache var/log var/sessions
+	mkdir -p var/cache var/log
+	setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var
+	setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var
 
 	if [ "$APP_ENV" != 'prod' ]; then
 		composer install --prefer-dist --no-progress --no-suggest --no-interaction
+		>&2 echo "Waiting for Postgres to be ready..."
+		until pg_isready --timeout=0 --dbname="${DATABASE_URL}"; do
+			sleep 1
+		done
 		bin/console doctrine:schema:update --force --no-interaction
 	fi
-
-	# Permissions hack because setfacl does not work on Mac and Windows
-	chown -R www-data var
 fi
 
 exec docker-php-entrypoint "$@"
diff --git a/api/docker/varnish/conf/default.vcl b/api/docker/varnish/conf/default.vcl
@@ -16,7 +16,7 @@ backend default {
 }
 
 # Hosts allowed to send BAN requests
-acl ban {
+acl invalidators {
   "localhost";
   "php";
 }
@@ -42,7 +42,7 @@ sub vcl_recv {
 
   # To allow API Platform to ban by cache tags
   if (req.method == "BAN") {
-    if (client.ip !~ ban) {
+    if (client.ip !~ invalidators) {
       return(synth(405, "Not allowed"));
     }
 

diff --git a/api/docker/varnish/start.sh b/api/docker/varnish/start.sh
diff --git a/api/helm/api/Chart.yaml b/api/helm/api/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 description: A Helm chart for an API Platform API
 name: api
-version: 0.1.0
+version: 0.2.0
 icon: https://api-platform.com/logo-250x250.png
diff --git a/api/helm/api/requirements.lock b/api/helm/api/requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 0.11.0
+digest: sha256:461a83f20429597b7b3f2d38bbad7f5cedb6c26d57af5e0cc02f87147ae28acb
+generated: 2018-05-04T19:06:48.914008844+02:00
diff --git a/api/helm/api/requirements.yaml b/api/helm/api/requirements.yaml
@@ -1,5 +1,5 @@
 dependencies:
 - name: postgresql
-  version: 0.8.1
+  version: 0.11.0
   repository: https://kubernetes-charts.storage.googleapis.com/
   condition: postgresql.enabled
diff --git a/api/helm/api/templates/secrets.yaml b/api/helm/api/templates/secrets.yaml
@@ -11,7 +11,7 @@ metadata:
 type: Opaque
 data:
   {{ if .Values.postgresql.enabled }}
-  database-url: {{ printf "pgsql://%s:%s@%s/%s?serverVersion=9.6" .Values.postgresql.postgresUser .Values.postgresql.postgresPassword $postgresqlServiceName .Values.postgresql.postgresDatabase | b64enc | quote }}
+  database-url: {{ printf "postgres://%s:%s@%s/%s" .Values.postgresql.postgresUser .Values.postgresql.postgresPassword $postgresqlServiceName .Values.postgresql.postgresDatabase | b64enc | quote }}
   {{ else }}
   database-url: {{ .Values.postgresql.url | b64enc | quote }}
   {{ end }}

diff --git a/api/helm/api/values.yaml b/api/helm/api/values.yaml
@@ -8,21 +8,21 @@ secret: ChangeMe
 corsAllowOrigin: http://example.com
 
 php:
-  repository: gcr.io/test-api-platform/php
+  repository: quay.io/api-platform/php
   tag: latest
   pullPolicy: Always
   replicaCount: 1
 
 nginx:
-  repository: gcr.io/test-api-platform/nginx
+  repository: quay.io/api-platform/nginx
   tag: latest
   pullPolicy: Always
   replicaCount: 1
 
 varnish:
   enabled: true
   #url: https://example.com
-  repository: gcr.io/test-api-platform/varnish
+  repository: quay.io/api-platform/varnish
   tag: latest
   pullPolicy: Always
   replicaCount: 1
@@ -40,14 +40,14 @@ ingress:
 postgresql:
   enabled: true
   # If bringing your own PostgreSQL, the full uri to use
-  #url: pgsql://api-platform:!ChangeMe!@example.com/api?serverVersion=10.1
+  #url: postgres://api-platform:!ChangeMe!@example.com/api
   postgresUser: api-platform
   postgresPassword: ChangeMe
   postgresDatabase: api
   # Persistent Volume Storage configuration.
   # ref: https://kubernetes.io/docs/user-guide/persistent-volumes
   persistence:
-    enabled: false
+    enabled: true
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,10 +1,11 @@
-version: '3.2'
+version: '3.4'
 
 services:
   php:
     image: ${CONTAINER_REGISTRY_BASE}/php
     build:
       context: ./api
+      target: api_platform_php
       cache_from:
         - ${CONTAINER_REGISTRY_BASE}/php
     depends_on:
@@ -21,11 +22,12 @@ services:
     image: ${CONTAINER_REGISTRY_BASE}/nginx
     build:
       context: ./api
-      dockerfile: Dockerfile.nginx
+      target: api_platform_nginx
       cache_from:
         - ${CONTAINER_REGISTRY_BASE}/nginx
     depends_on:
       - php
+    # Comment out this volume in production
     volumes:
       - ./api/public:/srv/api/public:ro
     ports:
@@ -35,14 +37,18 @@ services:
     image: ${CONTAINER_REGISTRY_BASE}/varnish
     build:
       context: ./api
-      dockerfile: Dockerfile.varnish
+      target: api_platform_varnish
       cache_from:
         - ${CONTAINER_REGISTRY_BASE}/varnish
     depends_on:
       - api
+    environment:
+      - VARNISH_PORT=80
+    sysctls:
+      - net.ipv4.ip_unprivileged_port_start=0
     # Comment out this volume in production
     volumes:
-      - ./api/docker/varnish/conf:/etc/varnish:ro
+      - ./api/docker/varnish/conf:/usr/local/etc/varnish:ro
     ports:
       - "8081:80"