__INIT__

.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[Makefile]
+indent_style = tab

.github/workflows/build.yml

@@ -0,0 +1,10 @@
+name: test kcov action
+on: [push]
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+            - name: Build action image
+              run: make docker-build

Makefile

@@ -0,0 +1,6 @@
+.PHONY: docker-build
+
+docker-build:
+	docker build ./docker \
+		--build-arg VCS_REF=`git rev-parse HEAD` \
+		--build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`

README.md

@@ -0,0 +1,5 @@
+# gh-deployer-container
+
+The container for gh-deployer
+
+/!\ This is designed to deploy phpMyAdmin instances, improve it if you want.

docker/Dockerfile

@@ -0,0 +1,35 @@
+FROM alpine:3.13
+
+# Metadata params
+ARG VCS_REF
+ARG BUILD_DATE
+
+RUN apk add --no-cache --update nginx git curl bash \
+    php7-fpm php7-cli php7-mysqli php7-session php7-mbstring \
+    php7-iconv php7-xml php7-tokenizer php7-xmlwriter php7-simplexml \
+    php7-dom php7-json php7-bz2 php7-curl php7-gd php7-zip php7-pecl-uploadprogress \
+    gettext composer yarn && \
+    composer self-update --2 && \
+    nginx -v && php-fpm7 -v && composer --version && php -v && yarn -v && date -R > /build_date && \
+    printf '{"build_date": "%s", "timestamp": %i}' "$(date -R)" "$(date +%s)" > /build_date.json
+
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+COPY php-fpm-www-pool.conf /etc/php7/php-fpm.d/www.conf
+COPY config.inc.php /config.inc.php
+COPY deploy-branch.sh /deploy-branch.sh
+
+# Metadata
+LABEL org.label-schema.vendor="Sudo-Bot" \
+    org.label-schema.url="https://github.com/sudo-bot/gh-deployer-container#readme" \
+    org.label-schema.name="gh-deployer container" \
+    org.label-schema.description="gh-deployer container for @sudo-bot/gh-deployer" \
+    org.label-schema.version=${RELEASE_VERSION} \
+    org.label-schema.vcs-url="https://github.com/sudo-bot/gh-deployer-container.git" \
+    org.label-schema.vcs-ref=${VCS_REF} \
+    org.label-schema.build-date=${BUILD_DATE} \
+    org.label-schema.docker.schema-version="1.0"
+
+EXPOSE 80
+
+CMD ["/docker-entrypoint.sh"]

docker/config.inc.php

@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+
+$cfg['blowfish_secret'] = getenv('RANDOM_STRING');
+$cfg['SendErrorReports'] = 'ask';
+
+$cfg['UploadDir'] = './tmp/';
+$cfg['TempDir'] = './tmp/';
+$cfg['SaveDir'] = './tmp/';
+
+$cfg['UserprefsDeveloperTab'] = true;
+$cfg['PersistentConnections'] = true;
+$i = 0;
+
+$mariaDbVariants = [
+    '10.5' => 'mariadb-105.phpmyadmin.local',
+    '10.4' => 'mariadb-104.phpmyadmin.local',
+    '10.3' => 'mariadb-103.phpmyadmin.local',
+    '10.2' => 'mariadb-102.phpmyadmin.local',
+    '10.1' => 'mariadb-101.phpmyadmin.local',
+];
+
+// MariaDB servers
+foreach ($mariaDbVariants as $version => $hostname) {
+    $i++;
+    $cfg['Servers'][$i]['verbose'] = 'MariaDB ' . $version . ' (cookie)';
+    $cfg['Servers'][$i]['auth_type'] = 'cookie';
+    $cfg['Servers'][$i]['host'] = $hostname;
+    $cfg['Servers'][$i]['compress'] = true;
+    $cfg['Servers'][$i]['AllowNoPassword'] = true;
+}
+
+// Config auths
+foreach ($mariaDbVariants as $version => $hostname) {
+    $i++;
+    $cfg['Servers'][$i]['verbose'] = 'MariaDB ' . $version . ' (config) user: public';
+    $cfg['Servers'][$i]['auth_type'] = 'config';
+    $cfg['Servers'][$i]['host'] = $hostname;
+    $cfg['Servers'][$i]['compress'] = true;
+    $cfg['Servers'][$i]['user'] = 'public';
+    $cfg['Servers'][$i]['password'] = 'public';
+    $cfg['Servers'][$i]['AllowNoPassword'] = true;
+}
+
+$mysqlDbVariants = [
+    '8.0' => 'mysql-8.0.phpmyadmin.local',
+    '5.7' => 'mysql-5.7.phpmyadmin.local',
+    '5.5' => 'mysql-5.5.phpmyadmin.local',
+];
+
+// MySQL servers
+foreach ($mysqlDbVariants as $version => $hostname) {
+    $i++;
+    $cfg['Servers'][$i]['verbose'] = 'MySQL ' . $version . ' (cookie)';
+    $cfg['Servers'][$i]['auth_type'] = 'cookie';
+    $cfg['Servers'][$i]['host'] = $hostname;
+    $cfg['Servers'][$i]['compress'] = true;
+    $cfg['Servers'][$i]['AllowNoPassword'] = true;
+}
+
+// Config auths
+foreach ($mysqlDbVariants as $version => $hostname) {
+    $i++;
+    $cfg['Servers'][$i]['verbose'] = 'MySQL ' . $version . ' (config) user: public';
+    $cfg['Servers'][$i]['auth_type'] = 'config';
+    $cfg['Servers'][$i]['host'] = $hostname;
+    $cfg['Servers'][$i]['compress'] = true;
+    $cfg['Servers'][$i]['user'] = 'public';
+    $cfg['Servers'][$i]['password'] = 'public';
+    $cfg['Servers'][$i]['AllowNoPassword'] = true;
+}
+
+$perconaDbVariants = [
+    '8.0' => 'percona-8.0.phpmyadmin.local',
+    '5.7' => 'percona-5.7.phpmyadmin.local',
+    '5.5' => 'percona-5.5.phpmyadmin.local',
+];
+
+// PerconaDB servers
+foreach ($perconaDbVariants as $version => $hostname) {
+    $i++;
+    $cfg['Servers'][$i]['verbose'] = 'Percona ' . $version . ' (cookie)';
+    $cfg['Servers'][$i]['auth_type'] = 'cookie';
+    $cfg['Servers'][$i]['host'] = $hostname;
+    $cfg['Servers'][$i]['compress'] = true;
+    $cfg['Servers'][$i]['AllowNoPassword'] = true;
+}
+
+// Config auths
+foreach ($perconaDbVariants as $version => $hostname) {
+    $i++;
+    $cfg['Servers'][$i]['verbose'] = 'Percona ' . $version . ' (config) user: public';
+    $cfg['Servers'][$i]['auth_type'] = 'config';
+    $cfg['Servers'][$i]['host'] = $hostname;
+    $cfg['Servers'][$i]['compress'] = true;
+    $cfg['Servers'][$i]['user'] = 'public';
+    $cfg['Servers'][$i]['password'] = 'public';
+    $cfg['Servers'][$i]['AllowNoPassword'] = true;
+}

docker/deploy-branch.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -ex
+
+echo "Deploying ... Dir:$1 Branch:$2 Hash:$3"
+
+cd "$1"
+
+if [ -f composer.lock ]; then
+    rm ./composer.lock
+fi
+
+rm -rf ./vendor
+rm -rf ./node_modules
+rm -rf ./tmp/*
+
+composer install --no-dev --prefer-dist --no-interaction --optimize-autoloader
+yarn install --frozen-lockfile --production --cache-folder "$HOME/.yarn" --network-concurrency 1
+
+if [ -f composer.lock ]; then
+    rm ./composer.lock
+fi
+
+echo "Generating mo files..."
+./scripts/generate-mo
+INFOS=$(git show -s --format="%s%n%GS%n%H" "${2:-$3}")
+echo "Deployed ! Dir:$1 Branch:$2 Infos:$3 $INFOS"
+
+cd - > /dev/null

docker/docker-entrypoint.sh

@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+echo 'Setup ENVs'
+
+# Defined by the deployer
+printf "env[RANDOM_STRING] = '%s';\nenv[DEPLOY_SHA] = '%s';\nenv[DEPLOY_BRANCH] = '%s';\n" \
+    "$RANDOM_STRING" "${GIT_SHA:--}" "${GIT_BRANCH:--}" >> /etc/php7/php-fpm.d/www.conf
+
+if [ -n "$REF_DIRECTORY" ]; then
+    REF_DIR="--reference $REF_DIRECTORY"
+else
+    REF_DIR=""
+fi
+
+WWW_ROOT='/home/www/phpMyAdmin'
+
+set -x
+echo 'Cloning ...'
+
+if [ ! -d "${WWW_ROOT}/.git" ]; then
+    echo "Cloning dir !"
+
+    git clone $REF_DIR --depth 1 --branch "${GIT_BRANCH}" "$GIT_URL" "${WWW_ROOT}"
+    cd "${WWW_ROOT}"
+    if [ ! -z "${GIT_SHA}" ]; then
+        git reset --hard "${GIT_SHA}"
+    else
+        printf 'GIT_SHA ENV is empty, skipping.'
+    fi
+    cd - > /dev/null
+else
+    echo "Repo exists at ${WWW_ROOT}"
+fi
+
+if [ -z "${GIT_SHA}" ]; then
+    echo 'Using git pull'
+    cd ${WWW_ROOT}
+    git checkout "${GIT_BRANCH}"
+    git pull --ff-only
+    cd - > /dev/null
+fi
+
+if [ ! -d "${WWW_ROOT}/tmp" ]; then
+    echo "Creating temp dir !"
+    mkdir "${WWW_ROOT}/tmp"
+    chmod 777 "${WWW_ROOT}/tmp"
+else
+    echo "Temp dir exists at ${WWW_ROOT}"
+fi
+
+if [ -n "$PMA_CONFIG" ]; then
+    echo "$PMA_CONFIG" | base64 -d > "${WWW_ROOT}/config.inc.php"
+else
+    echo 'No PMA_CONFIG ENV found';
+    cp /config.inc.php "${WWW_ROOT}/config.inc.php"
+fi
+
+echo 'Launch final deploy'
+
+/deploy-branch.sh "${WWW_ROOT}" "$GIT_BRANCH" "$GIT_SHA"
+
+echo 'Starting the services'
+
+php-fpm7
+
+nginx -g 'pid /tmp/nginx.pid; daemon off;'

docker/nginx.conf

@@ -0,0 +1,51 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_tokens off;
+
+    root /home/www/phpMyAdmin;
+    location / {
+        autoindex on;
+        index index.php;
+    }
+
+    location /.nginx/status {
+        stub_status;
+        allow all;
+    }
+
+   location ~ ^/.phpfpm/(status|ping)$ {
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      include fastcgi_params;
+      fastcgi_pass 127.0.0.1:9000;
+   }
+
+    location /robots.txt {
+        return 200 "User-agent: *\nDisallow: /\n";
+    }
+
+	location /.git {
+		deny all;
+	}
+
+	location /vendor {
+		deny all;
+	}
+
+    location ~ \.php$ {
+        fastcgi_pass 127.0.0.1:9000;
+        # regex to split $uri to $fastcgi_script_name and $fastcgi_path
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+        # Check that the PHP script exists before passing it
+        try_files $fastcgi_script_name =404;
+
+        # Bypass the fact that try_files resets $fastcgi_path_info
+        # see: https://trac.nginx.org/nginx/ticket/321
+        set $path_info $fastcgi_path_info;
+        fastcgi_param PATH_INFO $path_info;
+
+        fastcgi_index index.php;
+        include fastcgi.conf;
+    }
+}

docker/php-fpm-www-pool.conf

@@ -0,0 +1,29 @@
+[www]
+
+user = nobody
+group = nobody
+
+listen = 127.0.0.1:9000
+
+pm = dynamic
+
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+pm.status_path = /.phpfpm/status
+ping.path = /.phpfpm/ping
+ping.response = pong
+
+access.log = /var/log/php7/$pool.access.log
+catch_workers_output = yes
+decorate_workers_output = yes
+
+clear_env = yes
+security.limit_extensions = .php
+
+php_flag[display_errors] = on
+php_admin_value[error_log] = /var/log/php7/$pool.error.log
+php_admin_value[error_reporting] = E_ALL
+php_admin_flag[log_errors] = on