# ============================================================================= # Dockerfile PHP — Image unique avec assets compilés bakés dedans. # L'extraction des assets statiques pour nginx se fait au déploiement # (cf. deploy.sh : docker run --rm + cp vers /opt/kplan/public sur l'host). # ============================================================================= # ============================================================================ # Stage 1 — build front (Node) # ============================================================================ FROM node:20-slim AS assets WORKDIR /app ENV NODE_OPTIONS="--max-old-space-size=2048" CI=true COPY package.json package-lock.json* yarn.lock* ./ RUN --mount=type=cache,target=/root/.yarn \ --mount=type=cache,target=/root/.npm \ bash -lc 'if [ -f yarn.lock ]; then \ corepack enable && corepack prepare yarn@1.22.22 --activate && \ yarn install --frozen-lockfile --non-interactive --no-progress; \ else \ npm ci --no-audit --no-fund --progress=false; \ fi' COPY assets ./assets COPY webpack.config.js . COPY .babelrc* .eslintrc* postcss.config.js* tsconfig.json* ./ RUN --mount=type=cache,target=/app/node_modules/.cache \ bash -lc 'if [ -f yarn.lock ]; then yarn build; else npm run build; fi' # Validation HARD : le bundle DOIT contenir les classes osep- (sinon build fail) RUN APP_CSS=$(find /app/public/build -name "app.*.css" | head -1) && \ [ -n "$APP_CSS" ] && \ COUNT=$(grep -c "osep-" "$APP_CSS") && \ [ "$COUNT" -gt 1000 ] && \ echo "✓ Bundle CSS validé : $COUNT classes osep- dans $APP_CSS" || \ (echo "✗ Bundle CSS invalide : seulement ${COUNT:-0} classes osep-" && exit 1) # ============================================================================ # Stage 2 — application PHP (FPM + console + workers) # ============================================================================ FROM php:8.2-fpm-bookworm # Deps système RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ ca-certificates tzdata curl wget git unzip pkg-config \ libzip-dev libicu-dev libpq-dev \ libjpeg62-turbo-dev libpng-dev libwebp-dev libfreetype6-dev \ librabbitmq-dev libssl-dev \ libjpeg62-turbo libpng16-16 libxrender1 libxext6 libx11-6 \ fontconfig fonts-dejavu-core xfonts-base \ wkhtmltopdf xvfb \ imagemagick libmagickwand-dev libmagickcore-dev \ acl cron supervisor vim-tiny gosu netcat-openbsd; \ fc-cache -f; \ rm -rf /var/lib/apt/lists/* # Extensions PHP RUN set -eux; \ docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ docker-php-ext-install -j"$(nproc)" gd intl pdo_mysql zip opcache; \ pecl install amqp redis imagick; \ docker-php-ext-enable amqp redis imagick # Composer RUN curl -sS https://getcomposer.org/installer | \ php -- --install-dir=/usr/local/bin --filename=composer WORKDIR /var/www # Install deps PHP COPY composer.json composer.lock* symfony.lock* ./ ENV COMPOSER_ALLOW_SUPERUSER=1 \ COMPOSER_MEMORY_LIMIT=-1 \ COMPOSER_HOME=/tmp/composer RUN --mount=type=cache,target=/tmp/composer/cache \ composer install --no-dev --prefer-dist --no-interaction --no-scripts # Code applicatif COPY --chown=www-data:www-data . /var/www # Assets bakés (depuis le stage 1) COPY --from=assets --chown=www-data:www-data /app/public/build /var/www/public/build RUN composer dump-autoload --classmap-authoritative --no-dev --no-interaction # Permissions runtime + reset cache (zéro fichier root-owned dans l'image) RUN set -eux; \ mkdir -p \ var/cache/prod/doctrine/orm/Proxies \ var/log \ public/uploads; \ rm -rf var/cache/prod/* var/cache/prod/.[!.]* 2>/dev/null || true; \ chown -R www-data:www-data /var/www; \ find var -type d -exec chmod 775 {} \;; \ find var -type f -exec chmod 664 {} \;; \ find public -type d -exec chmod 755 {} \;; \ find public -type f -exec chmod 644 {} \; # PHP-FPM extras RUN { \ echo "[www]"; \ echo "pm.status_path = /status"; \ echo "ping.path = /ping"; \ echo "clear_env = no"; \ } > /usr/local/etc/php-fpm.d/z-www-extra.conf # Entrypoint + worker assets COPY docker/stack/php/entrypoint.sh /usr/local/bin/entrypoint.sh COPY docker/stack/worker/crontab /etc/cron.d/kplan COPY docker/stack/worker/scripts/ /usr/local/bin/ COPY docker/stack/worker/worker.conf /etc/supervisor/conf.d/worker.conf RUN chmod +x /usr/local/bin/entrypoint.sh && \ chmod 0644 /etc/cron.d/kplan && \ chmod -R 0755 /usr/local/bin ENV APP_ENV=prod \ APP_DEBUG=0 \ RUN_MIGRATIONS=false \ RUN_WARMUP=false HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=10s \ CMD php -v >/dev/null || exit 1 ENTRYPOINT ["entrypoint.sh"] CMD ["php-fpm","-F"]