add PullPreview

Author: holyfabi

.github/workflows/pullpreview.yml

@@ -0,0 +1,29 @@
+name: PullPreview
+
+on:
+  pull_request:
+    types: [ labeled, unlabeled, synchronize, closed, reopened ]
+
+jobs:
+  deploy-staging-environment:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      deployments: write # to delete deployments
+      pull-requests: write # to remove labels
+      statuses: write # to create commit status
+
+    name: Deploy PullPreview staging environment
+    # https://github.com/cybex-gmbh/github-workflows/blob/main/.github/workflows/pullpreview.yml
+    uses: cybex-gmbh/github-workflows/.github/workflows/pullpreview.yml@main
+    with:
+      PULLPREVIEW_ADMINS: jheusinger, gael-connan-cybex, holyfabi, lupinitylabs, mszulik
+      INSTANCE_TYPE: nano
+    secrets:
+      ENV_VARS: |
+        APP_KEY="${{ secrets.PULLPREVIEW_APP_KEY }}"
+        SEED_USER_NAME="${{ secrets.PULLPREVIEW_USER_NAME }}"
+        SEED_USER_EMAIL="${{ secrets.PULLPREVIEW_USER_EMAIL }}"
+        SEED_USER_PASSWORD="${{ secrets.PULLPREVIEW_USER_PASSWORD }}"
+      PULLPREVIEW_BASIC_AUTH: ${{ secrets.PULLPREVIEW_BASIC_AUTH }}
+      PULLPREVIEW_AWS_ACCESS_KEY_ID: ${{ secrets.PULLPREVIEW_AWS_ACCESS_KEY_ID }}
+      PULLPREVIEW_AWS_SECRET_ACCESS_KEY: ${{ secrets.PULLPREVIEW_AWS_SECRET_ACCESS_KEY }}

compose.pullpreview.yml

@@ -0,0 +1,94 @@
+services:
+  app:
+    container_name: ${COMPOSE_PROJECT_NAME}
+    build:
+      context: .
+      dockerfile: ./docker/webdevops/Dockerfile
+    networks:
+      - traefik
+      - internal
+    depends_on:
+      mysql:
+        condition: service_healthy
+      traefik:
+        condition: service_started
+    environment:
+      PULLPREVIEW: true
+      PULLPREVIEW_FIRST_RUN: ${PULLPREVIEW_FIRST_RUN}
+      APP_URL: https://${PULLPREVIEW_PUBLIC_DNS}
+      WORKERS_AMOUNT: ${WORKERS_AMOUNT:-0}
+    volumes:
+      - 'app-storage:/var/www/html/storage'
+      - '.env:/var/www/html/.env'
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${PULLPREVIEW_PUBLIC_DNS}`)'
+      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true'
+      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=production'
+  mysql:
+    image: 'mysql/mysql-server:8.0'
+    container_name: laravel-multi-factor-mysql-1
+    ports:
+      - '3306:3306'
+    environment:
+      MYSQL_ROOT_PASSWORD: '${DB_PASSWORD}'
+      MYSQL_ROOT_HOST: "%"
+      MYSQL_DATABASE: '${DB_DATABASE}'
+      MYSQL_USER: '${DB_USERNAME}'
+      MYSQL_PASSWORD: '${DB_PASSWORD}'
+      MYSQL_ALLOW_EMPTY_PASSWORD: 1
+    volumes:
+      - 'mysql:/var/lib/mysql'
+    networks:
+      - internal
+    healthcheck:
+      test: [ "CMD", "mysqladmin", "ping", "-p${DB_PASSWORD}" ]
+      retries: 3
+      timeout: 5s
+  traefik:
+    image: traefik:mimolette
+    container_name: ${COMPOSE_PROJECT_NAME}-traefik
+    ports:
+      - '80:80'
+      - '443:443'
+    environment:
+      TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE: false
+      TRAEFIK_LOG: true
+      TRAEFIK_LOG_FILEPATH: '/logs/traefik.log'
+      TRAEFIK_LOG_LEVEL: DEBUG
+      TRAEFIK_API: false
+      TRAEFIK_CERTIFICATESRESOLVERS_PRODUCTION: true
+      TRAEFIK_CERTIFICATESRESOLVERS_PRODUCTION_ACME_EMAIL: '[email protected]'
+      TRAEFIK_CERTIFICATESRESOLVERS_PRODUCTION_ACME_CASERVER: 'https://acme-v02.api.letsencrypt.org/directory'
+      TRAEFIK_CERTIFICATESRESOLVERS_PRODUCTION_ACME_STORAGE: '/letsencrypt/acme.json'
+      TRAEFIK_CERTIFICATESRESOLVERS_PRODUCTION_ACME_HTTPCHALLENGE: true
+      TRAEFIK_CERTIFICATESRESOLVERS_PRODUCTION_ACME_HTTPCHALLENGE_ENTRYPOINT: web
+      TRAEFIK_ENTRYPOINTS_WEB: true
+      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ':80'
+      TRAEFIK_ENTRYPOINTS_WEB_HTTP: true
+      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
+      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
+      TRAEFIK_ENTRYPOINTS_WEBSECURE: true
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ':443'
+      TRAEFIK_PROVIDERS_DOCKER: true
+      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
+      TRAEFIK_PROVIDERS_DOCKER_NETWORK: traefik
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./storage/letsencrypt:/letsencrypt
+      - ./storage/logs:/logs
+      - ./.htpasswd:/.htpasswd:ro
+    networks:
+      - traefik
+
+networks:
+  internal:
+    internal: true
+  traefik:
+    name: traefik
+
+volumes:
+  app-storage:
+    driver: local
+  mysql:
+    driver: local

docker/shared/watchtower/post-update.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+php /var/www/html/artisan migrate --force

docker/webdevops/Dockerfile

@@ -0,0 +1,23 @@
+FROM webdevops/php-nginx:8.4
+
+WORKDIR /var/www/html/
+
+ENV WEB_DOCUMENT_ROOT /var/www/html/public
+
+# Timeout for the post update script in minutes.
+LABEL com.centurylinklabs.watchtower.lifecycle.post-update-timeout="1440"
+# Watchtower will run this script after restarting the updated container.
+LABEL com.centurylinklabs.watchtower.lifecycle.post-update="/var/www/html/docker/shared/watchtower/post-update.sh"
+
+COPY . ../package
+COPY exampleApp/composer.json exampleApp/composer.lock ./
+RUN composer install --no-interaction --no-dev --no-scripts
+
+COPY --chown=application:application exampleApp ./
+
+RUN chmod 755 ./docker/webdevops/entryfile.sh ./storage
+
+RUN apt update
+RUN apt install -y default-mysql-client
+
+ENTRYPOINT ["/var/www/html/docker/webdevops/entryfile.sh"]

docker/webdevops/entryfile.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if ${PULLPREVIEW:-false}; then
+    php /var/www/html/artisan migrate --force
+    su -c "php /var/www/html/artisan key:generate --force" application
+
+    if ${PULLPREVIEW_FIRST_RUN:-false}; then
+        php /var/www/html/artisan db:seed --force
+    fi
+fi
+
+exec /entrypoint supervisord "$@"

exampleApp/docker/webdevops/entryfile.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if ${PULLPREVIEW:-false}; then
+    php /var/www/html/artisan migrate --force
+    su -c "php /var/www/html/artisan key:generate --force" application
+
+    if ${PULLPREVIEW_FIRST_RUN:-false}; then
+        php /var/www/html/artisan db:seed --force
+    fi
+fi
+
+exec /entrypoint supervisord "$@"