Add docker deployment and volumes

Author: nickstanko

.dockerignore

@@ -0,0 +1,16 @@
+.git
+.github
+node_modules
+vendor
+storage/logs/*
+storage/framework/cache/*
+storage/framework/sessions/*
+storage/framework/views/*
+storage/debugbar/*
+storage/httpcache/*
+storage/streams/*
+storage/views/twig/*
+.DS_Store
+.env
+.env.*
+docker-compose*.yml

.github/workflows/docker-image.yml

@@ -0,0 +1,62 @@
+name: Build Docker Image
+
+on:
+  push:
+    branches:
+      - main
+      - master
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: nickstanko/pyrocms
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Check out source
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          target: production
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile

@@ -0,0 +1,77 @@
+# syntax=docker/dockerfile:1.7
+
+FROM node:20-bookworm-slim AS frontend_assets
+WORKDIR /app
+COPY package.json ./
+RUN npm install
+COPY resources ./resources
+COPY webpack.mix.js ./
+RUN npm run production
+
+FROM php:8.4-apache-bookworm AS base
+
+ENV APACHE_DOCUMENT_ROOT=/var/www/html/public \
+    COMPOSER_ALLOW_SUPERUSER=1 \
+    COMPOSER_HOME=/tmp/composer \
+    PATH="/var/www/html/vendor/bin:${PATH}"
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        curl \
+        git \
+        libfreetype6-dev \
+        libicu-dev \
+        libjpeg62-turbo-dev \
+        libonig-dev \
+        libpng-dev \
+        libxml2-dev \
+        libzip-dev \
+        unzip \
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install -j"$(nproc)" \
+        bcmath \
+        exif \
+        gd \
+        intl \
+        mbstring \
+        opcache \
+        pdo_mysql \
+        zip \
+    && pecl install redis \
+    && docker-php-ext-enable redis \
+    && a2enmod headers rewrite expires \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+COPY docker/apache-vhost.conf /etc/apache2/sites-available/000-default.conf
+COPY docker/entrypoint.sh /usr/local/bin/docker-entrypoint-app
+
+RUN chmod +x /usr/local/bin/docker-entrypoint-app
+
+WORKDIR /var/www/html
+ENTRYPOINT ["docker-entrypoint-app"]
+
+FROM base AS composer_deps
+COPY . .
+RUN composer install \
+    --no-dev \
+    --prefer-dist \
+    --optimize-autoloader \
+    --no-interaction
+
+FROM base AS development
+RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
+CMD ["apache2-foreground"]
+
+FROM base AS production
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+
+COPY . .
+COPY --from=composer_deps /var/www/html/vendor ./vendor
+COPY --from=frontend_assets /app/public/css ./public/css
+COPY --from=frontend_assets /app/public/js ./public/js
+COPY --from=frontend_assets /app/public/mix-manifest.json ./public/mix-manifest.json
+
+RUN chown -R www-data:www-data /var/www/html/bootstrap/cache /var/www/html/storage
+
+CMD ["apache2-foreground"]

README.md

@@ -205,6 +205,29 @@ curl -X POST http://localhost/api/logout \
 - The user provider now points at `App\UserModel`, which extends the Pyro users model and adds `HasApiTokens`.
 - The login endpoint uses the configured Pyro user login mode to resolve whether Passport should authenticate by username or email.
 
+## Docker Volumes
+
+The Docker setup supports persistent or shared mounts for the parts of the app that usually need to live outside the image:
+
+- `addons/` for shared or custom PyroCMS addons
+- `storage/` for runtime app data
+- `bootstrap/cache/` for generated cache files
+- `public/app/` for user-managed public assets
+- `config/` and `resources/streams/config/` if you want host-managed config overlays
+
+The default production compose file already persists:
+
+- `/var/www/html/addons`
+- `/var/www/html/storage`
+- `/var/www/html/bootstrap/cache`
+
+If you want host bind mounts instead of Docker-managed named volumes, uncomment the example mount lines in [docker-compose.yml](/Users/nicks/Projects/pyrocms/docker-compose.yml) and point each source path at the host directory you want to share.
+
+Important:
+
+- Mounting `config/` or `resources/streams/config/` replaces the image copy for those directories, so only do that when your host copy is complete.
+- The development compose file already bind mounts the whole repository, so local addons, config, and app data can all be edited directly there.
+
 ## Security
 
 If you discover any security related issues, please email admin@formable.app instead of using the issue tracker.

docker-compose.dev.yml

@@ -0,0 +1,64 @@
+services:
+  app:
+    build:
+      context: .
+      target: development
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    environment:
+      APP_ENV: local
+      APP_DEBUG: "true"
+      APP_URL: http://localhost:8080
+      DB_CONNECTION: mysql
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_DATABASE: pyrocms
+      DB_USERNAME: pyrocms
+      DB_PASSWORD: secret
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      CACHE_DRIVER: redis
+      SESSION_DRIVER: redis
+    ports:
+      - "8080:80"
+    volumes:
+      - .:/var/www/html
+
+  node:
+    image: node:20-bookworm-slim
+    working_dir: /var/www/html
+    command: sh -lc "npm install && npm run watch-poll"
+    volumes:
+      - .:/var/www/html
+
+  db:
+    image: mysql:8.4
+    environment:
+      MYSQL_DATABASE: pyrocms
+      MYSQL_USER: pyrocms
+      MYSQL_PASSWORD: secret
+      MYSQL_ROOT_PASSWORD: root
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-proot"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 20s
+    ports:
+      - "3307:3306"
+    volumes:
+      - mysql_dev_data:/var/lib/mysql
+
+  redis:
+    image: redis:7-alpine
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_dev_data:/data
+
+volumes:
+  mysql_dev_data:
+  redis_dev_data:

docker-compose.yml

@@ -0,0 +1,67 @@
+services:
+  app:
+    image: ghcr.io/nickstanko/pyrocms:${PYROCMS_IMAGE_TAG:-latest}
+    pull_policy: always
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    environment:
+      APP_ENV: production
+      APP_DEBUG: "false"
+      APP_URL: ${APP_URL:-http://localhost:8080}
+      DB_CONNECTION: mysql
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_DATABASE: ${DB_DATABASE:-pyrocms}
+      DB_USERNAME: ${DB_USERNAME:-pyrocms}
+      DB_PASSWORD: ${DB_PASSWORD:-secret}
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      CACHE_DRIVER: ${CACHE_DRIVER:-redis}
+      SESSION_DRIVER: ${SESSION_DRIVER:-redis}
+    ports:
+      - "${APP_PORT:-8080}:80"
+    volumes:
+      - app_addons:/var/www/html/addons
+      - app_storage:/var/www/html/storage
+      - app_bootstrap_cache:/var/www/html/bootstrap/cache
+      # Optional bind mounts for shared addons, app data, and config overlays:
+      # - ./docker/volumes/addons:/var/www/html/addons
+      # - ./docker/volumes/storage:/var/www/html/storage
+      # - ./docker/volumes/bootstrap-cache:/var/www/html/bootstrap/cache
+      # - ./docker/volumes/public-app:/var/www/html/public/app
+      # - ./docker/volumes/config:/var/www/html/config
+      # - ./docker/volumes/streams-config:/var/www/html/resources/streams/config
+
+  db:
+    image: mysql:8.4
+    restart: unless-stopped
+    environment:
+      MYSQL_DATABASE: ${DB_DATABASE:-pyrocms}
+      MYSQL_USER: ${DB_USERNAME:-pyrocms}
+      MYSQL_PASSWORD: ${DB_PASSWORD:-secret}
+      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-root}
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-p${DB_ROOT_PASSWORD:-root}"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 20s
+    volumes:
+      - mysql_data:/var/lib/mysql
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - redis_data:/data
+
+volumes:
+  app_addons:
+  app_storage:
+  app_bootstrap_cache:
+  mysql_data:
+  redis_data:

docker/apache-vhost.conf

@@ -0,0 +1,13 @@
+<VirtualHost *:80>
+    ServerAdmin webmaster@localhost
+    DocumentRoot /var/www/html/public
+
+    <Directory /var/www/html/public>
+        AllowOverride All
+        Require all granted
+        Options FollowSymLinks
+    </Directory>
+
+    ErrorLog /proc/self/fd/2
+    CustomLog /proc/self/fd/1 combined
+</VirtualHost>

docker/entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -eu
+
+mkdir -p \
+    /var/www/html/addons \
+    /var/www/html/bootstrap/cache \
+    /var/www/html/public/app \
+    /var/www/html/storage/app \
+    /var/www/html/storage/debugbar \
+    /var/www/html/storage/framework/cache \
+    /var/www/html/storage/framework/sessions \
+    /var/www/html/storage/framework/views \
+    /var/www/html/storage/httpcache \
+    /var/www/html/storage/logs \
+    /var/www/html/storage/streams \
+    /var/www/html/storage/views/twig
+
+chown -R www-data:www-data /var/www/html/bootstrap/cache /var/www/html/storage
+
+exec "$@"