Spin 3 ready

serversideup · Jan 6, 2025 · c2606b5 · c2606b5
1 parent d8f4847
commit c2606b5
Show file tree

Hide file tree

Showing 18 changed files with 1,226 additions and 1,162 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -6,3 +6,4 @@
 Dockerfile
 docker-*.yml
 .spin*
+!.infrastructure/**/local-ca.pem
diff --git a/.env.example b/.env.example
@@ -23,6 +23,7 @@ DB_CONNECTION=sqlite
 DB_DATABASE=/var/www/html/.infrastructure/volume_data/sqlite/database.sqlite
 DB_DATABASE=/var/www/html/.infrastructure/volume_data/sqlite/database.sqlite
 DB_DATABASE=/var/www/html/.infrastructure/volume_data/sqlite/database.sqlite
+DB_DATABASE=/var/www/html/.infrastructure/volume_data/sqlite/database.sqlite
 # DB_HOST=127.0.0.1
 # DB_PORT=3306
 # DB_DATABASE=laravel

diff --git a/.github/workflows/action_deploy-production.yml b/.github/workflows/action_deploy-production.yml
@@ -13,6 +13,11 @@
 # workflow to work. Learn more on our guide:
 # https://getspin.pro/docs/guide/automating-deployments-with-github-actions
 ###########################################################################
+###########################################################################
+# 🚨 WARNING: You must set secrets in GitHub Actions in order for this
+# workflow to work. Learn more on our guide:
+# https://getspin.pro/docs/guide/automating-deployments-with-github-actions
+###########################################################################
 name: Production Deployment
 on:
   push:
@@ -27,26 +32,28 @@ jobs:
     with:
       docker-tags: "ghcr.io/${{ github.repository }}:${{ github.sha }}"
       dockerfile: "./Dockerfile.php"
+      environment: production
     secrets: inherit
   deploy:
     needs: build
     runs-on: ubuntu-24.04
     steps:
-      - name: Set project name and calculate MD5 hash
+      - name: Set project name
         run: |
           echo "PROJECT_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
       - uses: serversideup/github-action-docker-swarm-deploy@v3
         with:
-          ssh_deploy_private_key: "${{ secrets.SSH_DEPLOY_PRIVATE_KEY }}"
-          ssh_remote_hostname: "${{ secrets.SSH_REMOTE_HOSTNAME }}"
-          registry: "ghcr.io"
-          registry-username: "${{ github.actor }}"
-          registry-token: "${{ secrets.GITHUB_TOKEN }}"
-          stack_name: "${{ env.PROJECT_NAME }}"
+          env_file_base64: "${{ secrets.PRODUCTION_ENV_FILE_BASE64 }}"
           md5_file_path: "./.infrastructure/conf/traefik/prod/traefik.yml"
           md5_variable_name: "SPIN_MD5_HASH_TRAEFIK_YML"
-          env_file_base64: "${{ secrets.ENV_FILE_BASE64 }}"
+          registry: "ghcr.io"
+          registry-token: "${{ secrets.GITHUB_TOKEN }}"
+          registry-username: "${{ github.actor }}"
+          ssh_deploy_private_key: "${{ secrets.SSH_DEPLOY_PRIVATE_KEY }}"
+          ssh_remote_hostname: "${{ secrets.PRODUCTION_SSH_REMOTE_HOSTNAME }}"
           ssh_remote_known_hosts: "${{ secrets.SSH_REMOTE_KNOWN_HOSTS }}"
+          stack_name: "${{ env.PROJECT_NAME }}"
         env:
           SPIN_IMAGE_DOCKERFILE_PHP: "ghcr.io/${{ github.repository }}:${{ github.sha }}"
           SPIN_DEPLOYMENT_ENVIRONMENT: production
+          AUTHORIZED_KEYS: "${{ secrets.AUTHORIZED_KEYS }}"
diff --git a/.github/workflows/service_docker-build-and-publish.yml b/.github/workflows/service_docker-build-and-publish.yml
@@ -13,6 +13,9 @@ on:
       target:
         type: string
         default: ''
+      environment:
+        type: string
+        required: true
 env:
   DOCKER_COMPOSE_CMD: docker compose -f docker-compose.yml -f docker-compose.ci.yml
 jobs:
@@ -48,12 +51,23 @@ jobs:
         with:
           path: vendor/
           key: ${{ runner.os }}-composer-vendor-${{ hashFiles('composer.lock') }}
-      - name: Decode and set .env file
+      - name: Set uppercase environment name
+        id: env-name
+        run: echo "upper_env=${ENVIRONMENT^^}" >> $GITHUB_OUTPUT
+        env:
+          ENVIRONMENT: ${{ inputs.environment }}
+      - name: Validate and set environment file
         run: |
+          SECRET_NAME="${{ steps.env-name.outputs.upper_env }}_ENV_FILE_BASE64"
+          if [ -z "$ENV_FILE_BASE64" ]; then
+            echo "::error::Required secret '$SECRET_NAME' is not set. Please add this secret to your repository. If you previously used 'ENV_FILE_BASE64', be sure to rename it to '$SECRET_NAME'."
+            exit 1
+          fi
+
           echo $ENV_FILE_BASE64 | base64 -d > .env
           chmod 600 .env
         env:
-          ENV_FILE_BASE64: ${{ secrets.ENV_FILE_BASE64 }}
+          ENV_FILE_BASE64: ${{ secrets[format('{0}_ENV_FILE_BASE64', steps.env-name.outputs.upper_env)] }}
       - name: Determine package manager
         id: determine-package-manager
         run: |

diff --git a/.gitignore b/.gitignore
@@ -21,5 +21,3 @@ yarn-error.log
 /.vscode
 .vault-password
 .spin*
-.vault-password
-
diff --git a/.infrastructure/conf/ci/.gitignore b/.infrastructure/conf/ci/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/.../conf/traefik/dev/certificates/ssu-ca.pem → ...onf/traefik/dev/certificates/local-ca.pem b/.../conf/traefik/dev/certificates/ssu-ca.pem → ...onf/traefik/dev/certificates/local-ca.pem
diff --git a/Dockerfile.php b/Dockerfile.php
@@ -25,7 +25,7 @@
 USER root
 
 # Trust the self-signed certificate
-COPY .infrastructure/conf/traefik/dev/certificates/ssu-ca.pem /usr/local/share/ca-certificates/ssu-ca.crt
+COPY .infrastructure/conf/traefik/dev/certificates/local-ca.pem /usr/local/share/ca-certificates/local-ca.crt
 RUN update-ca-certificates
 
 # Set the user ID and group ID for www-data
@@ -44,7 +44,8 @@
 # so we set the ROOT user and configure
 # the PHP-FPM pool to run as www-data
 USER root
-RUN echo "user = www-data" >> /usr/local/etc/php-fpm.d/docker-php-serversideup-pool.conf && \
+RUN echo "" >> /usr/local/etc/php-fpm.d/docker-php-serversideup-pool.conf && \ 
+    echo "user = www-data" >> /usr/local/etc/php-fpm.d/docker-php-serversideup-pool.conf && \
     echo "group = www-data" >> /usr/local/etc/php-fpm.d/docker-php-serversideup-pool.conf
 
 ############################################
@@ -57,7 +58,4 @@
 RUN mkdir -p /var/www/html/.infrastructure/volume_data/sqlite/ && \
     chown -R www-data:www-data /var/www/html/.infrastructure/volume_data/sqlite/
 
-# Ensure PHP-FPM gracefully stops
-STOPSIGNAL SIGQUIT
-
 USER www-data
diff --git a/composer.json b/composer.json
@@ -29,7 +29,7 @@
         "mockery/mockery": "^1.6",
         "nunomaduro/collision": "^8.0",
         "phpunit/phpunit": "^11.0.1",
-        "serversideup/spin": "^2.1",
+        "serversideup/spin": "^3.0",
         "spatie/laravel-ignition": "^2.4"
     },
     "autoload": {