adarmanto/.gitlab-ci.yaml

## .gitlab-ci.yaml
stages:
  - test
  - build
  - deploy
test:
  stage: test
  image: lorisleiva/laravel-docker:8.0
  variables:
    MYSQL_ROOT_PASSWORD: root
    MYSQL_DATABASE: testing
    DB_TESTING_HOST: mysql
  services:
    - name: mysql:8.0
      command: ["--default-authentication-plugin=mysql_native_password"]
  script:
    - yarn install --pure-lockfile
    - yarn prod
    - composer install --prefer-dist --no-ansi --no-interaction --no-progress
    - cp .env.example .env
    - php artisan key:generate
    - php artisan test --parallel
  cache:
    key: $CI_COMMIT_REF_SLUG
    paths:
      - vendor/
      - node_modules/
build:
  stage: build
  image: docker:20.10.8
  services:
    - docker:20.10.8-dind
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    # Build base stage
    - docker build . -t $CI_REGISTRY_IMAGE
    - docker push $CI_REGISTRY_IMAGE
    # Build app stage
    - docker build . -t $CI_REGISTRY_IMAGE/web --target=app
    - docker push $CI_REGISTRY_IMAGE/web
  only:
    - master
deploy_k8s:
  stage: deploy
  image: yuca/doctl-k8s
  before_script:
    - doctl auth init -t $DO_ACCESS_TOKEN
    - doctl kubernetes cluster kubeconfig save $DO_K8S_CLUSTER_ID
  script:
    - kubectl apply -f ./k8s
    - kubectl rollout restart deployment/laravelapp
    - kubectl rollout restart deployment/laravelapp-cron
    - kubectl rollout restart deployment/laravelapp-queue
  environment:
    name: production
  only:
    - master

## Dockerfile
# [BASE STAGE]
FROM php:8.1-fpm-alpine
# Install the php extension installer from its image
COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
# Install dependencies
RUN apk add --no-cache \
    openssl \
    ca-certificates \
    libxml2-dev \
    oniguruma-dev
# Install php extensions
RUN install-php-extensions \
    bcmath \
    ctype \
    dom \
    fileinfo \
    mbstring \
    pdo pdo_mysql \
    tokenizer \
    pcntl \
    redis-stable
# Install the composer packages using www-data user
WORKDIR /app
RUN chown www-data:www-data /app
COPY --chown=www-data:www-data . .
COPY --from=composer:2.2 /usr/bin/composer /usr/bin/composer
USER www-data
RUN composer install --no-dev --prefer-dist
# [END BASE STAGE]
# [FRONTEND STAGE]
FROM node:14-alpine as frontend
WORKDIR /app
COPY . .
RUN apk add --no-progress --quiet --no-cache git \
    && yarn install \
    && yarn prod
# [END FRONTEND STAGE]
# [APP STAGE]
FROM base as app
# Prepare the frontend files & caching
COPY --from=frontend --chown=www-data:www-data /app/public /app/public
RUN php artisan view:cache
# Setup nginx & supervisor as root user
USER root
RUN apk add --no-progress --quiet --no-cache nginx supervisor
COPY docker/nginx-default.conf /etc/nginx/http.d/default.conf
COPY docker/supervisord.conf /etc/supervisord.conf
# Apply the required changes to run nginx as www-data user
RUN chown -R www-data:www-data /run/nginx /var/lib/nginx /var/log/nginx && \
    sed -i '/user nginx;/d' /etc/nginx/nginx.conf
# Switch to www-user
USER www-data
EXPOSE 8000
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
# [END APP STAGE]
# DEFAULT STAGE
FROM base

## laravelapp-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: laravelapp-config
data:
  APP_NAME: "Laravel"
  APP_ENV: production
  APP_DEBUG: "true"
  APP_URL: https://exampleapp.com
  APP_TIMEZONE: America/Los_Angeles
  CACHE_DRIVER: redis
  LOG_CHANNEL: stderr
  REDIS_HOST: <redis-host> # MUST CHANGE IT
  QUEUE_CONNECTION: redis
  SESSION_DRIVER: redis

## laravelapp-cron.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: laravelapp
spec:
  selector:
    matchLabels:
      app: laravelapp
  template:
    metadata:
      labels:
        app: laravelapp
    spec:
      containers:
        - name: laravelapp
          image: registry.gitlab.com/your/laravelapp
          imagePullPolicy: Always
          command:
            - php
          args:
            - artisan
            - schedule:work
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 200m
              memory: 400Mi
          ports:
            - containerPort: 8000
          envFrom:
            - configMapRef:
                name: laravelapp-config
            - secretRef:
                name: laravelapp-secret
      imagePullSecrets:
        - name: gitlab-auth

## laravelapp-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: laravelapp
spec:
  selector:
    matchLabels:
      app: laravelapp
  template:
    metadata:
      labels:
        app: laravelapp
    spec:
      initContainers:
        - name: laravelapp-migration
          image: registry.gitlab.com/your/laravelapp
          command:
            - php
          args:
            - artisan
            - migrate
            - --force
          envFrom:
            - configMapRef:
                name: laravelapp-config
            - secretRef:
                name: laravelapp-secret
      containers:
        - name: laravelapp
          image: registry.gitlab.com/your/laravelapp/web
          imagePullPolicy: Always
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 200m
              memory: 400Mi
          ports:
            - containerPort: 8000
          envFrom:
            - configMapRef:
                name: laravelapp-config
            - secretRef:
                name: laravelapp-secret
      imagePullSecrets:
        - name: gitlab-auth

## laravelapp-queue.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: laravelapp
spec:
  selector:
    matchLabels:
      app: laravelapp
  template:
    metadata:
      labels:
        app: laravelapp
    spec:
      containers:
        - name: laravelapp
          image: registry.gitlab.com/your/laravelapp
          imagePullPolicy: Always
          command:
            - php
          args:
            - artisan
            - horizon
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 200m
              memory: 400Mi
          ports:
            - containerPort: 8000
          envFrom:
            - configMapRef:
                name: laravelapp-config
            - secretRef:
                name: laravelapp-secret
      imagePullSecrets:
        - name: gitlab-auth

## laravelapp-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: laravelapp-secret
data:
  APP_KEY: <base64 string>
  DB_HOST: <base64 string>
  DB_DATABASE: <base64 string>
  DB_USERNAME: <base64 string>
  DB_PASSWORD: <base64 string>

## nginx-default.conf
server {
    listen 8000;
    root /app/public;
    index index.php index.html;
    server_name _;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
    error_page 404 /index.php;
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_intercept_errors on;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
    location ~ /\.ht {
        deny all;
    }
    location ~ /\.(?!well-known).* {
        deny all;
    }
}

## supervisord.conf
[supervisord]
nodaemon=true
user=www-data

[program:php-fpm]
command=/usr/local/sbin/php-fpm -F
user=www-data
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0

[program:nginx]
command=/usr/sbin/nginx -g "daemon off;"
user=www-data
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0
	stages:
	- test
	- build
	- deploy
	test:
	stage: test
	image: lorisleiva/laravel-docker:8.0
	variables:
	MYSQL_ROOT_PASSWORD: root
	MYSQL_DATABASE: testing
	DB_TESTING_HOST: mysql
	services:
	- name: mysql:8.0
	command: ["--default-authentication-plugin=mysql_native_password"]
	script:
	- yarn install --pure-lockfile
	- yarn prod
	- composer install --prefer-dist --no-ansi --no-interaction --no-progress
	- cp .env.example .env
	- php artisan key:generate
	- php artisan test --parallel
	cache:
	key: $CI_COMMIT_REF_SLUG
	paths:
	- vendor/
	- node_modules/
	build:
	stage: build
	image: docker:20.10.8
	services:
	- docker:20.10.8-dind
	before_script:
	- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
	script:
	# Build base stage
	- docker build . -t $CI_REGISTRY_IMAGE
	- docker push $CI_REGISTRY_IMAGE
	# Build app stage
	- docker build . -t $CI_REGISTRY_IMAGE/web --target=app
	- docker push $CI_REGISTRY_IMAGE/web
	only:
	- master
	deploy_k8s:
	stage: deploy
	image: yuca/doctl-k8s
	before_script:
	- doctl auth init -t $DO_ACCESS_TOKEN
	- doctl kubernetes cluster kubeconfig save $DO_K8S_CLUSTER_ID
	script:
	- kubectl apply -f ./k8s
	- kubectl rollout restart deployment/laravelapp
	- kubectl rollout restart deployment/laravelapp-cron
	- kubectl rollout restart deployment/laravelapp-queue
	environment:
	name: production
	only:
	- master
	# [BASE STAGE]
	FROM php:8.1-fpm-alpine
	# Install the php extension installer from its image
	COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
	# Install dependencies
	RUN apk add --no-cache \
	openssl \
	ca-certificates \
	libxml2-dev \
	oniguruma-dev
	# Install php extensions
	RUN install-php-extensions \
	bcmath \
	ctype \
	dom \
	fileinfo \
	mbstring \
	pdo pdo_mysql \
	tokenizer \
	pcntl \
	redis-stable
	# Install the composer packages using www-data user
	WORKDIR /app
	RUN chown www-data:www-data /app
	COPY --chown=www-data:www-data . .
	COPY --from=composer:2.2 /usr/bin/composer /usr/bin/composer
	USER www-data
	RUN composer install --no-dev --prefer-dist
	# [END BASE STAGE]
	# [FRONTEND STAGE]
	FROM node:14-alpine as frontend
	WORKDIR /app
	COPY . .
	RUN apk add --no-progress --quiet --no-cache git \
	&& yarn install \
	&& yarn prod
	# [END FRONTEND STAGE]
	# [APP STAGE]
	FROM base as app
	# Prepare the frontend files & caching
	COPY --from=frontend --chown=www-data:www-data /app/public /app/public
	RUN php artisan view:cache
	# Setup nginx & supervisor as root user
	USER root
	RUN apk add --no-progress --quiet --no-cache nginx supervisor
	COPY docker/nginx-default.conf /etc/nginx/http.d/default.conf
	COPY docker/supervisord.conf /etc/supervisord.conf
	# Apply the required changes to run nginx as www-data user
	RUN chown -R www-data:www-data /run/nginx /var/lib/nginx /var/log/nginx && \
	sed -i '/user nginx;/d' /etc/nginx/nginx.conf
	# Switch to www-user
	USER www-data
	EXPOSE 8000
	CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
	# [END APP STAGE]
	# DEFAULT STAGE
	FROM base
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: laravelapp-config
	data:
	APP_NAME: "Laravel"
	APP_ENV: production
	APP_DEBUG: "true"
	APP_URL: https://exampleapp.com
	APP_TIMEZONE: America/Los_Angeles
	CACHE_DRIVER: redis
	LOG_CHANNEL: stderr
	REDIS_HOST: <redis-host> # MUST CHANGE IT
	QUEUE_CONNECTION: redis
	SESSION_DRIVER: redis
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: laravelapp
	spec:
	selector:
	matchLabels:
	app: laravelapp
	template:
	metadata:
	labels:
	app: laravelapp
	spec:
	containers:
	- name: laravelapp
	image: registry.gitlab.com/your/laravelapp
	imagePullPolicy: Always
	command:
	- php
	args:
	- artisan
	- schedule:work
	resources:
	requests:
	cpu: 100m
	memory: 128Mi
	limits:
	cpu: 200m
	memory: 400Mi
	ports:
	- containerPort: 8000
	envFrom:
	- configMapRef:
	name: laravelapp-config
	- secretRef:
	name: laravelapp-secret
	imagePullSecrets:
	- name: gitlab-auth
	apiVersion: v1
	kind: Secret
	type: Opaque
	metadata:
	name: laravelapp-secret
	data:
	APP_KEY: <base64 string>
	DB_HOST: <base64 string>
	DB_DATABASE: <base64 string>
	DB_USERNAME: <base64 string>
	DB_PASSWORD: <base64 string>
	server {
	listen 8000;
	root /app/public;
	index index.php index.html;
	server_name _;
	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}
	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }
	error_page 404 /index.php;
	location ~ \.php$ {
	include fastcgi_params;
	fastcgi_intercept_errors on;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
	}
	location ~ /\.ht {
	deny all;
	}
	location ~ /\.(?!well-known).* {
	deny all;
	}
	}
	[supervisord]
	nodaemon=true
	user=www-data

	[program:php-fpm]
	command=/usr/local/sbin/php-fpm -F
	user=www-data
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0
	autorestart=false
	startretries=0

	[program:nginx]
	command=/usr/sbin/nginx -g "daemon off;"
	user=www-data
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0
	autorestart=false
	startretries=0