Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@ test:
image: roadiz/php-runner:8.4.13-bookworm
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
image: roadiz/php-runner:8.4.13-bookworm
image: roadiz/php-runner:8.5.1-bookworm

stage: test
interruptible: true
only:
- develop
- tags
- merge_requests
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
- if: '$CI_COMMIT_TAG'
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
Expand Down Expand Up @@ -59,8 +59,8 @@ build_develop:
stage: build
image: docker:git
interruptible: true
only:
- develop
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
services:
- docker:dind
variables:
Expand All @@ -79,8 +79,8 @@ build_develop:
build_tag:
stage: build
image: docker:git
only:
- tags
rules:
- if: '$CI_COMMIT_TAG'
services:
- docker:dind
variables:
Expand All @@ -107,8 +107,8 @@ build_tag:
deploy_develop:
stage: deploy
image: alpine:3.21
only:
- develop
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
needs:
- build_develop
interruptible: true
Expand Down Expand Up @@ -145,7 +145,7 @@ deploy_production:

create_gitlab_release:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
image: registry.gitlab.com/gitlab-org/cli:latest
rules:
- if: $CI_COMMIT_TAG
script:
Expand Down
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,18 @@

All notable changes to project will be documented in this file.

## [2.7.0](https://github.com/roadiz/skeleton/compare/v2.6.5...2.7.0) - 2026-01-23

### Bug Fixes

- update PHP version, adjust user/group handling in Dockerfiles, remove sudo on Docker images and remove cache-clear in production entrypoint - ([057e43f](https://github.com/roadiz/skeleton/commit/057e43f974ac36c3abab8bf1c4a6d9b36c0a8748)) - Ambroise Maupate
- add cache warmup for production environment in entrypoint scripts - ([29601d4](https://github.com/roadiz/skeleton/commit/29601d447a75add0bd38444cb9207bce91da5db8)) - Ambroise Maupate

### CI/CD

- update CI rules for branch and tag handling - ([ea8b5a8](https://github.com/roadiz/skeleton/commit/ea8b5a85e3dc8912cee35691ee5766e87c037bde)) - Ambroise Maupate
- update release-cli image in CI configuration - ([edc3962](https://github.com/roadiz/skeleton/commit/edc396209529309dce01f396561eea96e8f01f26)) - Ambroise Maupate

## [2.6.5](https://github.com/roadiz/skeleton/compare/v2.6.4...2.6.5) - 2025-10-23

### Bug Fixes
Expand Down
49 changes: 26 additions & 23 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG PHP_VERSION=8.4.13
ARG PHP_VERSION=8.5.1
ARG MYSQL_VERSION=8.4.7
ARG NGINX_VERSION=1.28.0
ARG NGINX_VERSION=1.28.1
ARG MARIADB_VERSION=11.8.3
ARG VARNISH_VERSION=7.7.3

Expand All @@ -11,7 +11,7 @@ ARG GID=${UID}
# PHP - FRANKENPHP #
####################

FROM dunglas/frankenphp:php${PHP_VERSION}-bookworm AS php-franken
FROM dunglas/frankenphp:php${PHP_VERSION}-trixie AS php-franken

LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com, eliot@rezo-zero.com"

Expand All @@ -33,15 +33,13 @@ apt-get --quiet --yes --purge --autoremove upgrade
apt-get --quiet --yes --no-install-recommends --verbose-versions install \
acl \
less \
sudo \
git \
ffmpeg
rm -rf /var/lib/apt/lists/*

# User
addgroup --gid ${UID} php
addgroup --gid ${GID} php
adduser --home /home/php --shell /bin/bash --uid ${UID} --gecos php --ingroup php --disabled-password php
echo "php ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/php

# App
install --verbose --owner php --group php --mode 0755 --directory /app
Expand Down Expand Up @@ -105,6 +103,9 @@ VOLUME /app

FROM php-franken AS php-prod-franken

ARG UID
ARG GID

ENV XDEBUG_MODE=off
ENV APP_ENV=prod
ENV APP_RUNTIME_ENV=prod
Expand All @@ -124,15 +125,15 @@ CMD ["--config", "/etc/frankenphp/Caddyfile", "--adapter", "caddyfile"]
USER php

# Composer
COPY --link --chown=php:php composer.* symfony.* ./
COPY --link --chown=${UID}:${GID} composer.json composer.lock symfony.lock ./
RUN <<EOF
# If you depend on private Gitlab repositories, you must use a deploy token and username
#composer config gitlab-token.gitlab.rezo-zero.com ${COMPOSER_DEPLOY_TOKEN_USER} ${COMPOSER_DEPLOY_TOKEN}
composer install --no-cache --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress
EOF

COPY --link --chown=php:php ./api .
COPY --link --chown=php:php --from=encore-build /app/public/static ./public/static
COPY --link --chown=${UID}:${GID} ./api .
COPY --link --chown=${UID}:${GID} --from=encore-build /app/public/static ./public/static

RUN <<EOF
composer dump-autoload --classmap-authoritative --no-dev
Expand All @@ -152,11 +153,12 @@ VOLUME /app/config/jwt \
# PHP #
#######

FROM php:${PHP_VERSION}-fpm-bookworm AS php
FROM php:${PHP_VERSION}-fpm-trixie AS php

LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"

ARG UID
ARG GID

ARG COMPOSER_VERSION=2.8.9
ARG PHP_EXTENSION_REDIS_VERSION=6.1.0
Expand All @@ -176,15 +178,13 @@ apt-get --quiet --yes --purge --autoremove upgrade
# Packages - System
apt-get --quiet --yes --no-install-recommends --verbose-versions install \
less \
sudo \
git \
ffmpeg
rm -rf /var/lib/apt/lists/*

# User
addgroup --gid ${UID} php
addgroup --gid ${GID} php
adduser --home /home/php --shell /bin/bash --uid ${UID} --gecos php --ingroup php --disabled-password php
echo "php ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/php

# App
install --verbose --owner php --group php --mode 0755 --directory /app
Expand Down Expand Up @@ -263,6 +263,9 @@ USER php

FROM php AS php-prod

ARG UID
ARG GID

# If you depend on private Gitlab repositories, you must use a deploy token and username
#ARG COMPOSER_DEPLOY_TOKEN
#ARG COMPOSER_DEPLOY_TOKEN_USER="gitlab+deploy-token-1"
Expand All @@ -282,14 +285,14 @@ COPY --link --chmod=755 docker/php/docker-migrate-entrypoint /usr/local/bin/dock
USER php

# Composer
COPY --link --chown=php:php composer.* symfony.* ./
COPY --link --chown=${UID}:${GID} composer.json composer.lock symfony.lock ./
RUN <<EOF
# If you depend on private Gitlab repositories, you must use a deploy token and username
#composer config gitlab-token.gitlab.rezo-zero.com ${COMPOSER_DEPLOY_TOKEN_USER} ${COMPOSER_DEPLOY_TOKEN}
composer install --no-cache --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress
EOF

COPY --link --chown=php:php . .
COPY --link --chown=${UID}:${GID} . .

RUN <<EOF
composer dump-autoload --classmap-authoritative --no-dev
Expand All @@ -311,27 +314,25 @@ VOLUME /app/config/jwt \
# Nginx #
#########

FROM nginx:${NGINX_VERSION}-bookworm AS nginx
FROM nginx:${NGINX_VERSION}-trixie AS nginx

LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"

ARG UID
ARG GID

SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]

RUN <<EOF
# Packages
apt-get --quiet update
apt-get --quiet --yes --purge --autoremove upgrade
apt-get --quiet --yes --no-install-recommends --verbose-versions install \
less \
sudo
apt-get --quiet --yes --no-install-recommends --verbose-versions install less
rm -rf /var/lib/apt/lists/*

# User
groupmod --gid ${UID} nginx
groupmod --gid ${GID} nginx
usermod --uid ${UID} nginx
echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx

# App
install --verbose --owner nginx --group nginx --mode 0755 --directory /app
Expand Down Expand Up @@ -362,14 +363,16 @@ FROM nginx AS nginx-dev
VOLUME /app



##############
# Nginx PROD #
##############

ARG UID
ARG GID

FROM nginx AS nginx-prod
# Copy public files from API
COPY --link --from=php-prod --chown=${USER_UID}:${USER_UID} /app/public /app/public
COPY --link --from=php-prod --chown=${UID}:${GID} /app/public /app/public

# Only enable healthcheck in production when the app is ready to serve requests on root path
# This could prevent Traefik or an ingress controller to route traffic to the app
Expand Down
2 changes: 2 additions & 0 deletions compose.prod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ services:
# https://github.com/api-platform/core/issues/3168
# https://www.varnish-software.com/developers/tutorials/troubleshooting-varnish/
command: "-p http_resp_hdr_len=16384 -p http_resp_size=65536"
ulimits:
memlock: -1
tmpfs: /var/lib/varnish/varnishd:exec
depends_on:
- nginx
Expand Down
2 changes: 2 additions & 0 deletions compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ services:
# https://github.com/api-platform/core/issues/3168
# https://www.varnish-software.com/developers/tutorials/troubleshooting-varnish/
command: "-p http_resp_hdr_len=16384 -p http_resp_size=65536"
ulimits:
memlock: -1
tmpfs: /var/lib/varnish/varnishd:exec
depends_on:
- nginx
Expand Down
16 changes: 8 additions & 8 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"nelmio/cors-bundle": "^2.5",
"roadiz/cms-pack": "^3.0",
"sentry/sentry-symfony": "^5.3",
"symfony/redis-messenger": "7.3.*",
"symfony/redis-messenger": "7.4.*",
"symfony/flex": "*",
"symfony/requirements-checker": "^2.0"
},
Expand All @@ -23,14 +23,14 @@
"phpstan/phpstan-symfony": "*",
"phpunit/phpunit": "^9.5",
"rector/rector": "^2.1",
"symfony/browser-kit": "7.3.*",
"symfony/css-selector": "7.3.*",
"symfony/debug-bundle": "7.3.*",
"symfony/browser-kit": "7.4.*",
"symfony/css-selector": "7.4.*",
"symfony/debug-bundle": "7.4.*",
"symfony/filesystem": ">=7.1",
"symfony/maker-bundle": "^1.64",
"symfony/phpunit-bridge": "7.3.*",
"symfony/stopwatch": "7.3.*",
"symfony/web-profiler-bundle": "7.3.*"
"symfony/phpunit-bridge": "7.4.*",
"symfony/stopwatch": "7.4.*",
"symfony/web-profiler-bundle": "7.4.*"
},
"config": {
"optimize-autoloader": true,
Expand Down Expand Up @@ -96,7 +96,7 @@
"extra": {
"symfony": {
"allow-contrib": false,
"require": "7.3.*",
"require": "7.4.*",
"docker": false
}
}
Expand Down
16 changes: 8 additions & 8 deletions composer.json.dist
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"nelmio/cors-bundle": "^2.5",
"roadiz/cms-pack": "^3.0",
"sentry/sentry-symfony": "^5.3",
"symfony/redis-messenger": "7.3.*",
"symfony/redis-messenger": "7.4.*",
"symfony/flex": "*",
"symfony/requirements-checker": "^2.0"
},
Expand All @@ -23,14 +23,14 @@
"phpstan/phpstan-symfony": "*",
"phpunit/phpunit": "^9.5",
"rector/rector": "^2.1",
"symfony/browser-kit": "7.3.*",
"symfony/css-selector": "7.3.*",
"symfony/debug-bundle": "7.3.*",
"symfony/browser-kit": "7.4.*",
"symfony/css-selector": "7.4.*",
"symfony/debug-bundle": "7.4.*",
"symfony/filesystem": ">=7.1",
"symfony/maker-bundle": "^1.64",
"symfony/phpunit-bridge": "7.3.*",
"symfony/stopwatch": "7.3.*",
"symfony/web-profiler-bundle": "7.3.*"
"symfony/phpunit-bridge": "7.4.*",
"symfony/stopwatch": "7.4.*",
"symfony/web-profiler-bundle": "7.4.*"
},
"config": {
"optimize-autoloader": true,
Expand Down Expand Up @@ -96,7 +96,7 @@
"extra": {
"symfony": {
"allow-contrib": false,
"require": "7.3.*",
"require": "7.4.*",
"docker": false
}
}
Expand Down
16 changes: 8 additions & 8 deletions composer_dev.json.dist
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"nelmio/cors-bundle": "^2.5",
"roadiz/cms-pack": "dev-develop",
"sentry/sentry-symfony": "^5.3",
"symfony/redis-messenger": "7.3.*",
"symfony/redis-messenger": "7.4.*",
"symfony/flex": "*",
"symfony/requirements-checker": "^2.0"
},
Expand All @@ -25,14 +25,14 @@
"phpstan/phpstan-symfony": "*",
"phpunit/phpunit": "^9.5",
"rector/rector": "^2.1",
"symfony/browser-kit": "7.3.*",
"symfony/css-selector": "7.3.*",
"symfony/debug-bundle": "7.3.*",
"symfony/browser-kit": "7.4.*",
"symfony/css-selector": "7.4.*",
"symfony/debug-bundle": "7.4.*",
"symfony/filesystem": ">=7.1",
"symfony/maker-bundle": "^1.64",
"symfony/phpunit-bridge": "7.3.*",
"symfony/stopwatch": "7.3.*",
"symfony/web-profiler-bundle": "7.3.*"
"symfony/phpunit-bridge": "7.4.*",
"symfony/stopwatch": "7.4.*",
"symfony/web-profiler-bundle": "7.4.*"
},
"config": {
"optimize-autoloader": true,
Expand Down Expand Up @@ -98,7 +98,7 @@
"extra": {
"symfony": {
"allow-contrib": false,
"require": "7.3.*",
"require": "7.4.*",
"docker": false
}
}
Expand Down
2 changes: 2 additions & 0 deletions config/packages/security.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ security:
- ROLE_ACCESS_CUSTOMFORMS
- ROLE_ACCESS_CUSTOMFORMS_DELETE
- ROLE_ACCESS_CUSTOMFORMS_RETENTION
- ROLE_ACCESS_CUSTOMFORMS_WEBHOOKS
- ROLE_ACCESS_DOCTRINE_CACHE_DELETE
- ROLE_ACCESS_DOCUMENTS
- ROLE_ACCESS_DOCUMENTS_CREATION_DATE
Expand Down Expand Up @@ -149,3 +150,4 @@ security:
- ROLE_ACCESS_WEBHOOKS
- ROLE_ALLOWED_TO_SWITCH
- ROLE_BACKEND_USER
- ROLE_PUBLIC_USER
Loading
Loading