From eeaaf95d474814be9a2144694683df9e8526f677 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Fri, 22 Nov 2024 15:37:45 +1100
Subject: [PATCH] Complete build pipeline to include debian image

---
 .github/workflows/build-image-debian.yaml | 52 +++++++++++++++++++++++
 .github/workflows/publish-image.yaml      | 24 ++++++-----
 debian/.env                               |  9 ++--
 debian/Dockerfile                         | 23 ++++++++--
 debian/docker-compose.yml                 |  4 +-
 5 files changed, 92 insertions(+), 20 deletions(-)
 create mode 100644 .github/workflows/build-image-debian.yaml

diff --git a/.github/workflows/build-image-debian.yaml b/.github/workflows/build-image-debian.yaml
new file mode 100644
index 0000000..be6782b
--- /dev/null
+++ b/.github/workflows/build-image-debian.yaml
@@ -0,0 +1,52 @@
+name: Build Debian Container Image
+
+on:
+  pull_request:
+    paths:
+      - "debian/**"
+  push:
+    paths:
+      - "debian/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-debian-buildx-${{ hashFiles('debian/cache_buster') }}-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-debian-buildx-${{ hashFiles('debian/cache_buster') }}-
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./debian/
+          build-args: INVOICENINJA_VERSION=5-develop
+          platforms: linux/amd64,linux/arm64
+          tags: invoiceninja/invoiceninja-debian:cache
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
\ No newline at end of file
diff --git a/.github/workflows/publish-image.yaml b/.github/workflows/publish-image.yaml
index a7a7d78..b0a9caa 100644
--- a/.github/workflows/publish-image.yaml
+++ b/.github/workflows/publish-image.yaml
@@ -1,9 +1,5 @@
-name: Publish Container Image
+name: Publish Container Images
 
-# When its time to do a release do a full cross platform build for all supported
-# architectures and push all of them to Docker Hub.
-# Only trigger on semver shaped tags.
-# Ref: https://github.com/metcalfc/docker-action-examples/blob/main/.github/workflows/release.yml
 on:
   push:
     tags-ignore:
@@ -12,6 +8,14 @@ on:
 jobs:
   docker:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - image: invoiceninja/invoiceninja
+            context: ./alpine/5/
+          - image: invoiceninja/invoiceninja-debian
+            context: ./debian/
+
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -19,7 +23,7 @@ jobs:
       - name: Prepare
         id: prep
         run: |
-          DOCKER_IMAGE=invoiceninja/invoiceninja
+          DOCKER_IMAGE=${{ matrix.image }}
           VERSION=edge
           if [[ $GITHUB_REF == refs/tags/* ]]; then
             VERSION=${GITHUB_REF#refs/tags/}
@@ -48,9 +52,9 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/cache_buster') }}-${{ github.sha }}
+          key: ${{ runner.os }}-${{ matrix.image }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('**/cache_buster') }}-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('alpine/${{ steps.prep.outputs.major }}/cache_buster') }}-
+            ${{ runner.os }}-${{ matrix.image }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('**/cache_buster') }}-
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
@@ -64,7 +68,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           builder: ${{ steps.buildx.outputs.name }}
-          context: ./alpine/${{ steps.prep.outputs.major }}/
+          context: ${{ matrix.context }}
           build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
           target: prod
           platforms: linux/amd64,linux/arm64
@@ -79,4 +83,4 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
+        run: echo ${{ steps.docker_build.outputs.digest }}
\ No newline at end of file
diff --git a/debian/.env b/debian/.env
index a3196eb..ebe5fe8 100644
--- a/debian/.env
+++ b/debian/.env
@@ -1,5 +1,5 @@
 # IN application vars
-APP_URL=http://in.localhost:8003
+APP_URL=http://localhost:8012
 APP_KEY=base64:RR++yx2rJ9kdxbdh3+AmbHLDQu+Q76i++co9Y8ybbno=
 APP_ENV=production
 APP_DEBUG=true
@@ -46,6 +46,7 @@ MYSQL_DATABASE=ninja
 NORDIGEN_SECRET_ID=
 NORDIGEN_SECRET_KEY=
 
-# V4 env vars
-# DB_STRICT=false
-# APP_CIPHER=AES-256-CBC
+IS_DOCKER=true
+SCOUT_DRIVER=null
+SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome
diff --git a/debian/Dockerfile b/debian/Dockerfile
index fba9757..9d308cc 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -1,5 +1,5 @@
 FROM php:8.2-fpm AS base
-ARG saxon=12.3
+ARG saxon=12.5.0
 
 # Install system dependencies
 RUN apt-get update && apt-get install -y \
@@ -44,6 +44,21 @@ RUN wget -q https://dl.google.com/linux/direct/google-chrome-stable_current_amd6
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Set permissions for www-data to execute    
+RUN mkdir -p /var/www/.chrome/chrome-profile \
+    && chown -R www-data:www-data /var/www/.chrome \
+    && chmod -R 755 /var/www/.chrome \
+    && chown root:root /usr/bin/google-chrome \
+    && chmod 4755 /usr/bin/google-chrome \
+    && chown -R root:root /opt/google/chrome \
+    && chmod -R 755 /opt/google/chrome \
+    && chown -R www-data:www-data /var/www
+
+# Create required directories with proper permissions
+RUN mkdir -p /tmp/chrome \
+    && chown -R www-data:www-data /tmp/chrome \
+    && chmod -R 755 /tmp/chrome
+    
 # Copy Install PHP extensions installer
 COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
 
@@ -73,10 +88,10 @@ COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
 WORKDIR /opt
 
 ## fetch
-RUN curl https://www.saxonica.com/download/libsaxon-HEC-linux-v${saxon}.zip --output saxon.zip
+RUN curl https://downloads.saxonica.com/SaxonC/HE/12/libsaxon-HEC-linux-x86_64-v${saxon}.zip --output saxon.zip
 RUN unzip saxon.zip -d saxon
-RUN cp saxon/libsaxon-HEC-linux-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/
-WORKDIR /opt/saxon/libsaxon-HEC-linux-v${saxon}/Saxon.C.API
+RUN cp saxon/libsaxon-HEC-linux-amd64-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/
+WORKDIR /opt/saxon/libsaxon-HEC-linux-amd64-v${saxon}/Saxon.C.API
 RUN phpize
 RUN ./configure --enable-saxon
 RUN make
diff --git a/debian/docker-compose.yml b/debian/docker-compose.yml
index aae4fdf..0f3a974 100644
--- a/debian/docker-compose.yml
+++ b/debian/docker-compose.yml
@@ -8,7 +8,7 @@ x-logging: &default-logging
 
 services:
   app:
-    image: deb39b:latest 
+    image: deb39e:latest 
     restart: unless-stopped
     env_file:
       - ./.env
@@ -35,7 +35,7 @@ services:
     image: nginx:alpine
     restart: unless-stopped
     ports:
-      - "8012:80"
+      - "80:80"
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro