Skip to content

refactor: Add environment configuration and initialization script for Docker setup, including user permissions and Composer dependency management. #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 11, 2025
Merged

refactor: Add environment configuration and initialization script for Docker setup, including user permissions and Composer dependency management. #109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2949617
refactor: Add environment configuration and initialization script for…
terabytesoftw Jul 11, 2025
fb4e29d
fix: Move build arguments for user/group to the top of the Dockerfile…
terabytesoftw Jul 11, 2025
0903d04
fix: Update directory creation and permissions in Dockerfile for impr…
terabytesoftw Jul 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# User and Group settings
GROUP_ID=1000
GROUP_NAME=www-data
USER_ID=1000
USER_NAME=www-data

# Yii2 environment settings
YII_DEBUG=true
YII_ENV=dev
4 changes: 2 additions & 2 deletions codeception.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ bootstrap: _bootstrap.php
support_namespace: Support
paths:
tests: tests
output: runtime/output
output: public/runtime/output
data: tests/Support/data
support: tests/Support
envs: runtime/_envs
envs: public/runtime/_envs
actor_suffix: Tester
settings:
memory_limit: 1024M
Expand Down
10 changes: 10 additions & 0 deletions docker-compose.frankenphp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
services:
yii2-frankenphp:
build:
args:
USER_ID: ${USER_ID:-1000}
GROUP_ID: ${GROUP_ID:-1000}
USER_NAME: ${USER_NAME:-www-data}
GROUP_NAME: ${GROUP_NAME:-www-data}
context: .
dockerfile: docker/frankenphp/Dockerfile
container_name: yii2-frankenphp
env_file:
- .env
restart: always
working_dir: /app
volumes:
Expand All @@ -16,6 +24,8 @@ services:
- '8444:443/udp'
environment:
TZ: "UTC"
YII_DEBUG: "${YII_DEBUG:-false}"
YII_ENV: "${YII_ENV:-prod}"
tty: true

# Volumes needed for Caddy certificates and configuration
Expand Down
23 changes: 20 additions & 3 deletions docker/frankenphp/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
FROM dunglas/frankenphp:1.8-php8.4

# Build arguments for user/group
ARG USER_ID=1000
ARG GROUP_ID=1000
ARG USER_NAME=www-data
ARG GROUP_NAME=www-data

# Change web server config
COPY docker/frankenphp/Caddyfile /etc/caddy/Caddyfile

Expand Down Expand Up @@ -47,7 +53,18 @@ COPY docker/frankenphp/supervisord/conf.d/frankenphp.conf /etc/supervisor/conf.d
# Copy queue worker config uncommented for use with yii2-queue
#COPY docker/frankenphp/supervisord/conf.d/queue.conf /etc/supervisor/conf.d/queue.conf

RUN mkdir -p /var/run && chown -R www-data:www-data /var/run
# Create necessary directories and set permissions
RUN mkdir -p /app/runtime/cache /app/runtime/logs && \
chown -R ${USER_NAME}:${GROUP_NAME} /var/run /app && \
chown -R ${USER_NAME}:${GROUP_NAME} /app/public /app/runtime && \
chmod -R 755 /app && \
chmod -R 775 /app/runtime /app/public

# Copy init script
COPY docker/init.sh /usr/local/bin/init.sh

# Make init script executable
RUN chmod +x /usr/local/bin/init.sh

# Run supervisord
CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]
# Run initialization script and then supervisord
CMD ["/usr/local/bin/init.sh"]
21 changes: 21 additions & 0 deletions docker/init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Check if composer.json exists and vendor directory doesn't exist
if [ -f "/app/composer.json" ] && [ ! -d "/app/vendor" ]; then
echo "Installing Composer dependencies..."

Comment on lines +1 to +4
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Missing shebang breaks shell-lint and may execute under /bin/sh unexpectedly

Add an explicit shebang and fail-fast flags:

+#/usr/bin/env bash
+set -euo pipefail

This satisfies SC2148 and aborts on errors.

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🤖 Prompt for AI Agents 
In docker/init.sh at the beginning of the file (lines 1 to 4), add a shebang
line such as #!/bin/bash -e to explicitly specify the shell interpreter and
enable fail-fast behavior. This will prevent the script from running under
/bin/sh unexpectedly and ensure it aborts on errors, satisfying shell-lint
SC2148.

# Install dependencies based on environment
if [ "$YII_ENV" = "prod" ]; then
# Production: exclude dev dependencies and optimize autoloader
composer install --no-dev --optimize-autoloader --no-interaction
else
# Development: include dev dependencies
composer install --optimize-autoloader --no-interaction
fi

# Set proper ownership for vendor directory
chown -R $USER_NAME:$GROUP_NAME /app/vendor

echo "Composer dependencies installed successfully."
fi

# Start supervisord
exec supervisord -c /etc/supervisor/supervisord.conf
21 changes: 13 additions & 8 deletions docker/php/php.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,23 @@
;apc.enable_cli = 1
# Global PHP configuration for the Docker container
date.timezone = UTC
display_errors = Off
expose_php = Off
memory_limit = 512M
post_max_size = 150M
session.auto_start = Off
Comment on lines +1 to 7
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Configuration clash: post_max_size 150 M vs upload_max_filesize 15 M

upload_max_filesize is capped at 15 M, effectively nullifying the 150 M post_max_size. Either raise upload_max_filesize or drop the oversized post limit to avoid confusion.

🤖 Prompt for AI Agents 
In docker/php/php.ini lines 1 to 7, there is a mismatch between post_max_size
set to 150M and upload_max_filesize which defaults to 15M, limiting uploads to
15M despite the larger post_max_size. To fix this, explicitly set
upload_max_filesize to a value equal to or greater than 150M to match
post_max_size, or reduce post_max_size to 15M or less to align with
upload_max_filesize and avoid configuration confusion.

short_open_tag = Off
expose_php = Off
upload_max_filesize = 15M
post_max_size = 150M
memory_limit = 512M
display_errors = Off

# https://symfony.com/doc/current/performance.html
# OPcache optimizations
opcache.enable = 1
opcache.enable_cli = 1
opcache.interned_strings_buffer = 16
opcache.jit = tracing
opcache.jit_buffer_size = 64M
opcache.max_accelerated_files = 20000
opcache.memory_consumption = 256
opcache.validate_timestamps = 0
opcache.revalidate_freq = 2
opcache.validate_timestamps = 1
realpath_cache_size = 4096K
realpath_cache_ttl = 600
opcache.preload_user = www-data
realpath_cache_ttl = 120
2 changes: 1 addition & 1 deletion phpstan.neon
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ parameters:
- tests/Functional
- tests/Unit

tmpDir: %currentWorkingDirectory%/runtime
tmpDir: %currentWorkingDirectory%/public/runtime
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid storing PHPStan cache inside the web-root

public/runtime is typically web-accessible (the document root for FrankenPHP). Exposing PHPStan’s .tmp artefacts may leak class names, stack traces or other internal information if the web server is misconfigured. A safer location would be outside public, e.g.:

-    tmpDir: %currentWorkingDirectory%/public/runtime
+    tmpDir: %currentWorkingDirectory%/runtime/phpstan

Please relocate or ensure the directory is not served.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
tmpDir: %currentWorkingDirectory%/public/runtime
tmpDir: %currentWorkingDirectory%/runtime/phpstan
🤖 Prompt for AI Agents 
In phpstan.neon at line 17, the tmpDir is set to a path inside the web-root
(public/runtime), which risks exposing PHPStan cache files publicly. Change the
tmpDir setting to a directory outside the public folder, such as a sibling
directory to public, to prevent accidental web access to these internal files.


yii2:
config_path: %currentWorkingDirectory%/config/web/app.php
Expand Down
2 changes: 0 additions & 2 deletions runtime/.gitignore
View file
Open in desktop

This file was deleted.

Empty file removed runtime/output/.gitkeep
View file
Open in desktop
Empty file.