refactor: Add environment configuration and initialization script for Docker setup, including user permissions and Composer dependency management.

[terabytesoftw]

Q	A
Is bugfix	✔️
New feature	❌
Breaks BC	❌

Summary by CodeRabbit

• New Features

  • Added a new environment configuration file for easier management of user, group, and Yii2 environment settings.
  • Introduced an initialization script to automate Composer dependency installation during container startup.

• Configuration

  • Enhanced Docker and Docker Compose setup for improved environment variable management and startup flexibility.
  • Updated PHP configuration for better performance and error handling.
  • Adjusted paths for output and environment files in test and analysis tools to new runtime locations.

• Chores

  • Removed obsolete .gitignore from the runtime directory.

[coderabbitai]

Walkthrough

The changes introduce enhanced environment variable management, improved Docker build configurability, and refined directory handling for a Yii2 FrankenPHP setup. Key updates include a new .env file, a Docker initialization script for Composer, more granular permissions, updated PHP and PHPStan configurations, and adjustments to runtime and output directory paths.

Changes

File(s)	Change Summary
.env	New file with user/group and Yii2 environment variables.
docker-compose.frankenphp.yml	Adds build args, environment variables, and .env file to the service; updates build context.
docker/frankenphp/Dockerfile, docker/init.sh	Dockerfile: Refines directory setup, permissions, and switches CMD to new init script; Adds docker/init.sh for Composer install and startup.
docker/php/php.ini	Updates PHP and OPcache settings, increases limits, enables JIT, and removes unused directives.
codeception.yml, phpstan.neon	Changes runtime/output/temp paths from runtime/ to public/runtime/.
runtime/.gitignore	Removes .gitignore to stop ignoring files in runtime/.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant DockerContainer
    participant InitScript
    participant Composer
    participant Supervisord

    User->>DockerContainer: Start container
    DockerContainer->>InitScript: Run /usr/local/bin/init.sh
    InitScript->>InitScript: Check for composer.json and vendor/
    alt Needs Composer install
        InitScript->>Composer: Install dependencies (prod/dev based on YII_ENV)
        Composer-->>InitScript: Installation complete
        InitScript->>InitScript: Set ownership of /app/vendor
    end
    InitScript->>Supervisord: Start supervisord

Loading

Possibly related PRs

• feat: Add FrankenPHP support with docker configuration and Caddyserver setup. #105: Extends FrankenPHP Docker setup with environment variable configurability, improved directory permissions, init script for Composer, and enhanced PHP/runtime configs; modifies the same Dockerfile and service.

Poem

A rabbit hopped in Docker’s den,
Set envs and scripts for all the men.
Composer installs with nimble grace,
Permissions set—no file out of place!
With PHP tweaked and runtime neat,
This FrankenPHP is hard to beat.
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb4e29d and 0903d04.

📒 Files selected for processing (1)

• docker/frankenphp/Dockerfile (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docker/frankenphp/Dockerfile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (17)

• GitHub Check: codeception / PHP 8.3-ubuntu-latest
• GitHub Check: codeception / PHP 8.4-windows-latest
• GitHub Check: codeception / PHP 8.2-windows-latest
• GitHub Check: codeception / PHP 8.4-ubuntu-latest
• GitHub Check: codeception / PHP 8.3-windows-latest
• GitHub Check: codeception / PHP 8.1-windows-latest
• GitHub Check: codeception / PHP 8.1-ubuntu-latest
• GitHub Check: codeception / PHP 8.2-ubuntu-latest
• GitHub Check: test-apache
• GitHub Check: test-frankenphp
• GitHub Check: easy-coding-standard / PHP 8.4-ubuntu-latest
• GitHub Check: codeception / PHP 8.4-windows-latest
• GitHub Check: codeception / PHP 8.2-windows-latest
• GitHub Check: codeception / PHP 8.3-windows-latest
• GitHub Check: codeception / PHP 8.1-windows-latest
• GitHub Check: test-apache
• GitHub Check: test-frankenphp

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (1af4d4d) to head (0903d04).

Additional details and impacted files

@@             Coverage Diff             @@
##                main      #109   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity        36        36           
===========================================
  Files             23        23           
  Lines            621       621           
===========================================
  Hits             621       621           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

docker-compose.frankenphp.yml (1)

4-9: Build args won’t propagate without matching ARG lines in the Dockerfile

USER_ID, GROUP_ID, USER_NAME, GROUP_NAME are forwarded here, but the current Dockerfile lacks corresponding ARG declarations.
Unless they are added (see Dockerfile comment), the values will be ignored and the build will still default to root/www-data.

No change needed in Compose once the Dockerfile is fixed.

🧹 Nitpick comments (6)

.env (1)

1-9: Commit a template, not the real .env

Shipping a concrete .env in VCS invites accidental production misuse and UID/GID clashes on contributors’ machines. Best practice is to:

1. rename this file to .env.example (documenting default values);
2. add .env to .gitignore;
3. instruct users to copy & adjust locally.

Would you consider that adjustment?

docker/init.sh (3)

6-13: Run Composer as the target user to avoid post-install chown

Instead of running composer as root and then recursively chown-ing:

su -s /bin/bash "$USER_NAME" -c "composer install …"

This preserves file permissions, is faster for large vendor trees, and removes the need for the separate chown.

---

14-16: Quote variable expansions in chown

If you keep the current approach, quote variables to avoid word-splitting:

-    chown -R $USER_NAME:$GROUP_NAME /app/vendor
+    chown -R "${USER_NAME}:${GROUP_NAME}" /app/vendor

---

20-21: Consider exec "$@" pattern for extensibility

Hard-coding supervisord makes it impossible to override the entrypoint easily. A more flexible pattern:

exec "$@"

and set CMD ["supervisord","-c","/etc/supervisor/supervisord.conf"] in the Dockerfile.

docker/frankenphp/Dockerfile (1)

51-57: Duplicate mkdir -p /var/run & double chown – consolidate the layers

/var/run is created and chowned in two consecutive layers (lines 51 and 53-56). This burns an extra layer and adds a few MB to the final image.

-RUN mkdir -p /var/run && chown -R www-data:www-data /var/run
-
-RUN mkdir -p /var/run /app/runtime /app/web/assets /app/runtime/cache /app/runtime/logs && \
+RUN mkdir -p /var/run /app/runtime /app/web/assets /app/runtime/cache /app/runtime/logs && \
-    chown -R ${USER_NAME}:${GROUP_NAME} /var/run /app && \
+    chown -R ${USER_NAME}:${GROUP_NAME} /var/run /app && \

One RUN is enough; drop the first or merge them.
Minor, but keeps the image slimmer.

docker-compose.frankenphp.yml (1)

27-28: Quote style for boolean envs

YII_DEBUG is a boolean flag but is quoted as a string.
Docker passes everything as strings anyway, but if some shell scripts expect true / false without quotes, consider:

      YII_DEBUG: ${YII_DEBUG:-false}
      YII_ENV:   ${YII_ENV:-prod}

Purely stylistic – up to you.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1af4d4d and 2949617.

📒 Files selected for processing (8)

• .env (1 hunks)
• codeception.yml (1 hunks)
• docker-compose.frankenphp.yml (2 hunks)
• docker/frankenphp/Dockerfile (1 hunks)
• docker/init.sh (1 hunks)
• docker/php/php.ini (1 hunks)
• phpstan.neon (1 hunks)
• runtime/.gitignore (0 hunks)

💤 Files with no reviewable changes (1)

• runtime/.gitignore

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#102
File: docker/apache/Dockerfile:0-0
Timestamp: 2025-07-10T13:59:10.805Z
Learning: In docker/apache/Dockerfile, the queue.conf copy command is intentionally commented out because yii2-queue is optional. Users should uncomment the line `COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf` only if they install yii2-queue.

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#97
File: docs/installation.md:5-8
Timestamp: 2025-07-09T14:52:41.210Z
Learning: The Yii2 framework has multiple active branches including the 2.0.x branch (maintenance/LTS) and the 22.0 branch (development). When specifying version requirements, "2.0.53+ or 22.x" is accurate and should not be changed to only reference the 2.x branch.

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#97
File: docs/installation.md:5-8
Timestamp: 2025-07-09T14:52:41.210Z
Learning: The Yii2 framework has multiple active branches including the 2.0.x branch (maintenance/LTS) and the 22.0 branch (development). When specifying version requirements, "2.0.53+ or 22.x" is accurate and should not be changed to only reference the 2.x branch.

.env (1)

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#102
File: docker/apache/Dockerfile:0-0
Timestamp: 2025-07-10T13:59:10.805Z
Learning: In docker/apache/Dockerfile, the queue.conf copy command is intentionally commented out because yii2-queue is optional. Users should uncomment the line `COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf` only if they install yii2-queue.

docker/php/php.ini (1)

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#102
File: docker/apache/Dockerfile:0-0
Timestamp: 2025-07-10T13:59:10.805Z
Learning: In docker/apache/Dockerfile, the queue.conf copy command is intentionally commented out because yii2-queue is optional. Users should uncomment the line `COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf` only if they install yii2-queue.

docker/init.sh (1)

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#102
File: docker/apache/Dockerfile:0-0
Timestamp: 2025-07-10T13:59:10.805Z
Learning: In docker/apache/Dockerfile, the queue.conf copy command is intentionally commented out because yii2-queue is optional. Users should uncomment the line `COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf` only if they install yii2-queue.

docker-compose.frankenphp.yml (1)

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#102
File: docker/apache/Dockerfile:0-0
Timestamp: 2025-07-10T13:59:10.805Z
Learning: In docker/apache/Dockerfile, the queue.conf copy command is intentionally commented out because yii2-queue is optional. Users should uncomment the line `COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf` only if they install yii2-queue.

docker/frankenphp/Dockerfile (1)

Learnt from: terabytesoftw
PR: yii2-extensions/app-basic#102
File: docker/apache/Dockerfile:0-0
Timestamp: 2025-07-10T13:59:10.805Z
Learning: In docker/apache/Dockerfile, the queue.conf copy command is intentionally commented out because yii2-queue is optional. Users should uncomment the line `COPY docker/apache/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf` only if they install yii2-queue.

🪛 Shellcheck (0.10.0)

docker/init.sh

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: codeception / PHP 8.3-windows-latest
• GitHub Check: test-frankenphp
• GitHub Check: test-frankenphp

🔇 Additional comments (3)

codeception.yml (1)

6-9: Test artefacts now land in public/ – double-check exposure

Moving output and _envs under public/runtime means HTML coverage reports, failure screenshots, etc., are potentially reachable over HTTP. If that is not intentional, point them back to a private folder or deny access in your web server configuration.

docker/php/php.ini (1)

12-24: Validate JIT & memory settings for your base image

opcache.jit=tracing and the 256 M OPCache allocation only make sense on PHP ≥ 8.1 compiled with JIT. If the FrankenPHP image is built without JIT support these directives are silently ignored. Confirm the image capabilities and trim unused directives to keep phpinfo() tidy.

docker/frankenphp/Dockerfile (1)

58-65: Ensure init.sh has proper signal forwarding

Switching the container’s entrypoint from supervisord to a shell script is fine, but make sure init.sh:

1. Starts with #!/usr/bin/env bash (or sh) and is executable (chmod already done ✔).
2. Uses exec supervisord … so that PID 1 is supervisord, ensuring proper signal handling (SIGTERM, SIGQUIT) during docker stop.

Please verify the script; otherwise containers may hang on shutdown.

[coderabbitai]

🛠️ Refactor suggestion

Avoid storing PHPStan cache inside the web-root

public/runtime is typically web-accessible (the document root for FrankenPHP). Exposing PHPStan’s .tmp artefacts may leak class names, stack traces or other internal information if the web server is misconfigured. A safer location would be outside public, e.g.:

-    tmpDir: %currentWorkingDirectory%/public/runtime
+    tmpDir: %currentWorkingDirectory%/runtime/phpstan

Please relocate or ensure the directory is not served.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	tmpDir: %currentWorkingDirectory%/public/runtime
	tmpDir: %currentWorkingDirectory%/runtime/phpstan

🤖 Prompt for AI Agents

In phpstan.neon at line 17, the tmpDir is set to a path inside the web-root
(public/runtime), which risks exposing PHPStan cache files publicly. Change the
tmpDir setting to a directory outside the public folder, such as a sibling
directory to public, to prevent accidental web access to these internal files.

[coderabbitai]

🛠️ Refactor suggestion

Configuration clash: post_max_size 150 M vs upload_max_filesize 15 M

upload_max_filesize is capped at 15 M, effectively nullifying the 150 M post_max_size. Either raise upload_max_filesize or drop the oversized post limit to avoid confusion.

🤖 Prompt for AI Agents

In docker/php/php.ini lines 1 to 7, there is a mismatch between post_max_size
set to 150M and upload_max_filesize which defaults to 15M, limiting uploads to
15M despite the larger post_max_size. To fix this, explicitly set
upload_max_filesize to a value equal to or greater than 150M to match
post_max_size, or reduce post_max_size to 15M or less to align with
upload_max_filesize and avoid configuration confusion.

[coderabbitai]

🛠️ Refactor suggestion

Missing shebang breaks shell-lint and may execute under /bin/sh unexpectedly

Add an explicit shebang and fail-fast flags:

+#/usr/bin/env bash
+set -euo pipefail

This satisfies SC2148 and aborts on errors.

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🤖 Prompt for AI Agents

In docker/init.sh at the beginning of the file (lines 1 to 4), add a shebang
line such as #!/bin/bash -e to explicitly specify the shell interpreter and
enable fail-fast behavior. This will prevent the script from running under
/bin/sh unexpectedly and ensure it aborts on errors, satisfying shell-lint
SC2148.