-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
225 lines (173 loc) · 6.41 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
# syntax=docker/dockerfile:1
# Dockerfile for the climatedata.ca web server.
#
# (For a detailled documentation, see docs/portal-docker-image.md)
#
# The image contains PHP-FPM, a web server (Nginx) and all the site files
# (WordPress, plugins, custom themes).
#
# To build, use the "production" target with at least the required build
# arguments:
# ```
# docker build \
# --target production \
# --build-arg TASK_RUNNER_IMAGE=<IMAGE> \
# --build-arg LOCAL_WP_PLUGINS_DIR=<PATH> \
# .
# ```
#
# Build arguments:
#
# - TASK_RUNNER_IMAGE (required): name of the Task Runner Docker image used
# during the multi-stage build.
# - LOCAL_WP_PLUGINS_DIR (required): local directory, in the build context,
# containing zip files of WordPress plugins to extract in the WordPress's
# assets/plugins/ directory. The directory must contain all the files
# listed in the dockerfiles/build/www/wp-plugins/local.txt file.
# - WEB_SERVER_USER_ID (optional, default=10000): user id of the created
# we server user (www-data). Setting the id gives more control over
# permissions if you mount a directory that must be writable by the website
# (ex: the assets/upload/ directory). For security reasons, it's
# recommended that the id be >= 10000, unless you know what you do.
# - WEB_SERVER_GROUP_ID (optional, default=10001): group id for the created
# web server user's group (www-data).
ARG TASK_RUNNER_IMAGE
###
# Task runner stage.
#
# The task runner compiles some site's assets from their source files. It
# outputs the generated files in a local dist/ directory.
###
FROM ${TASK_RUNNER_IMAGE} AS task-runner
WORKDIR /home/node/app
COPY --chown=node apps src/apps
COPY --chown=node framework src/framework
COPY --chown=node fw-child src/fw-child
RUN build-fe.sh /home/node/app/src
###
# Production website building stage.
#
# To allow reproducibility across environments and better control over breaking
# features, the image sometimes installs specific version of tools or packages.
###
FROM php:8.2-fpm AS production
# ---
# Tools, librairies and softwares installation
# ---
RUN apt-get update && apt-get install -y --no-install-recommends \
jq \
less \
nginx \
supervisor \
unzip \
vim \
zip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# PHP extensions
# See: https://github.com/mlocati/docker-php-extension-installer
ADD \
--chmod=0755 \
https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions \
/usr/local/bin/
# Some PHP extensions are either core extensions or are bundled with PHP, and
# thus don't need a version specification.
# See: https://www.php.net/manual/en/extensions.membership.php
RUN install-php-extensions \
bcmath \
exif \
gd \
igbinary-^3.2@stable \
imagick-^3.7@stable \
intl \
mysqli \
opcache \
pdo_mysql \
zip
# WP-CLI
WORKDIR /usr/local/bin
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \
&& mv wp-cli.phar wp \
&& chmod +x wp
# Custom scripts
COPY --chmod=755 dockerfiles/build/www/bin /usr/local/bin
# ---
# Software and library configurations
# ---
# Supervisord
COPY dockerfiles/build/www/configs/supervisor/supervisord.conf /etc/
# PHP
RUN mkdir /var/log/php && chown www-data:www-data /var/log/php
COPY --chmod=644 dockerfiles/build/www/configs/php/php.ini /usr/local/etc/php
# PHP-FPM
COPY --chmod=644 dockerfiles/build/www/configs/php-fpm/zz-docker.conf /usr/local/etc/php-fpm.d/
# Nginx
ARG WEB_SERVER_USER_ID=10000
ARG WEB_SERVER_GROUP_ID=10001
RUN usermod -u ${WEB_SERVER_USER_ID} www-data && groupmod -g ${WEB_SERVER_GROUP_ID} www-data
COPY --chmod=644 dockerfiles/build/www/configs/nginx/conf.d/* /etc/nginx/conf.d/
COPY --chmod=644 dockerfiles/build/www/configs/nginx/climatedata-site.conf /etc/nginx/sites-available/
COPY --chmod=644 dockerfiles/build/www/configs/nginx/site-extra/* /etc/nginx/conf.d/climatedata-site/
RUN rm /etc/nginx/sites-enabled/default \
&& ln -s ../sites-available/climatedata-site.conf /etc/nginx/sites-enabled/climatedata-site.conf
# ---
# Wordpress
# ---
WORKDIR /var/www/html
# Installation
RUN rm index.nginx-debian.html
# We add the core fr_CA language to have this language recognized when
# translating strings.
RUN wp core download --allow-root --version=6.3.1 --skip-content --locale=fr_CA
# Base setup
RUN mv wp-content assets
RUN mkdir assets/uploads
RUN mkdir mkdir assets/cache
COPY dockerfiles/build/www/configs/wordpress/wp-config.php .
# Plugins installation
WORKDIR /var/www/html/assets/plugins
# Read plugins defined in the wp-plugins/local.txt file and unzip them from the
# `LOCAL_WP_PLUGINS_DIR` directory.
ARG LOCAL_WP_PLUGINS_DIR
RUN --mount=type=bind,source=$LOCAL_WP_PLUGINS_DIR,target=/tmp/wp-plugins \
--mount=type=bind,source=dockerfiles/build/www/wp-plugins/local.txt,target=/tmp/plugins.txt \
plugins=$(grep -v -e '^\s*$' -e '^#' /tmp/plugins.txt) \
&& set -- $plugins \
&& unzip-multiple.sh /tmp/wp-plugins "$@"
# Read plugins defined in the wp-plugins/public.txt file and download them from
# the WordPress plugin repository.
RUN --mount=type=bind,source=dockerfiles/build/www/wp-plugins/public.txt,target=/tmp/plugins.txt \
plugins=$(grep -v -e '^\s*$' -e '^#' /tmp/plugins.txt) \
&& set -- $plugins \
&& download-wp-plugin.sh "$@"
# ----
# Themes files
# ----
WORKDIR /var/www/html/assets/themes
COPY --from=task-runner /home/node/app/src/framework framework
COPY --from=task-runner /home/node/app/src/fw-child fw-child
# ----
# File permissions
#
# Set restrictive file permissions allowing the web server only read permissions
# (except for specific directories)
# ----
WORKDIR /var/www/html
RUN chown -R root:www-data . \
&& find . -type d -print0 | xargs -0 chmod 750 \
&& find . -type f -print0 | xargs -0 chmod 640 \
&& chmod 0770 assets/cache assets/uploads
WORKDIR /root
USER root
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
###
# Development image stage.
#
# This stage builds an image that can be used during development. The
# generated image is exactly the same as the one produced by the "production"
# stage, except that it contains some additional development tools. But it
# doesn't contain anything that could easily be done using mounted volumes.
###
FROM production AS development
RUN pecl install xdebug \
&& docker-php-ext-enable xdebug