Merge pull request #845 from Thulium-Drake/fix_init

Ensure that the target folder is present before copying files into it

.github/workflows/auto-close-issues.yml

@@ -0,0 +1,19 @@
+name: Close stale issues after 5 days
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - uses: actions/stale@v10
+        with:
+          days-before-issue-stale: 4
+          days-before-issue-close: 1
+          stale-issue-label: "stale"
+          close-issue-message: "This issue has been automatically closed due to inactivity for 5 days."
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          exempt-issue-labels: "keep-open,triage,bug"

.github/workflows/build-image-debian.yaml

@@ -3,36 +3,47 @@ name: Build Debian Container Image
 on:
   pull_request:
     paths:
+      - ".github/**"
       - "debian/**"
   push:
     paths:
+      - ".github/**"
       - "debian/**"
-    branches:
-      - master
+
+env:
+  REGISTRY_IMAGE: invoiceninja/invoiceninja-debian
 
 jobs:
-  docker:
-    runs-on: ubuntu-latest
+  build:
+    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          platforms: all
+          images: ${{ env.REGISTRY_IMAGE }}
 
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build
-        id: docker_build
-        uses: docker/build-push-action@v5
+        id: build
+        uses: docker/build-push-action@v6
         with:
-          context: debian  
-          file: debian/Dockerfile  
-          load: true
-          tags: invoiceninja/invoiceninja-debian:test
+          context: debian
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          outputs: type=image,push-by-digest=true,name-canonical=true
           cache-from: type=gha
           cache-to: type=gha,mode=max

.github/workflows/publish-image-debian.yaml

@@ -0,0 +1,166 @@
+name: Publish Debian Container Images
+
+on:
+  push:
+    tags-ignore:
+      - "invoiceninja-*"
+
+env:
+  REGISTRY_IMAGE: invoiceninja/invoiceninja-debian
+
+jobs:
+  version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      major: ${{ steps.version.outputs.major }}
+      minor: ${{ steps.version.outputs.minor }}
+      url: ${{ steps.version.outputs.url }}
+    steps:
+      - id: version
+        run: |
+
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+            # Remove -o or -d suffix if present
+            VERSION=${VERSION%-*}
+          fi
+          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
+          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
+          URL=https://github.com/invoiceninja/invoiceninja/releases/download/v${VERSION}/invoiceninja.tar.gz
+
+          # Debug output
+          echo "Current version: ${VERSION}"
+          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
+
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
+          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
+          echo "url=${URL}" >> $GITHUB_OUTPUT
+
+  build:
+    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    needs:
+      - version
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Prepare
+        id: prep
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: debian
+          build-args: URL=${{ needs.version.outputs.url }}
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - version
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            ${{ needs.version.outputs.version }}
+            ${{ needs.version.outputs.major }}
+            ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}
+            latest
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
+
+      - name: Inspect image
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
+
+  Description:
+    if: ${{ github.event_name != 'pull_request' }}
+    runs-on: ubuntu-latest
+    needs:
+      - merge
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          sparse-checkout: "README.md"
+
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.REGISTRY_IMAGE }}

.github/workflows/publish-image.yaml

@@ -1,83 +0,0 @@
-name: Publish Debian Container Images
-
-on:
-  push:
-    tags-ignore:
-      - "invoiceninja-*"
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          - image: invoiceninja/invoiceninja-debian
-            context: ./debian
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${{ matrix.image }}
-          VERSION=edge
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
-          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
-          TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:${MAJOR}.${MINOR}"
-          if [[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
-          fi
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=major::${MAJOR}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Cache Docker layers
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-${{ matrix.image }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('**/cache_buster') }}-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-${{ matrix.image }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('**/cache_buster') }}-
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: ${{ matrix.context }}
-          build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
-
-      - name: Move cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release-chart.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/test-charts.yaml

@@ -12,7 +12,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -55,7 +55,7 @@ jobs:
           - "1.23.15"
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

README.md

@@ -1,11 +1,11 @@
 [![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-debian?label=debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
 [![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml)
-[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
+[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-debian.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-debian.yaml)
+[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-debian.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-debian.yaml)
 
 # Debian Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
-:crown: **Features**
+👑 **Features**
 
 NGINX webserver support [NGINX](https://nginx.org/)  
 Built-in Chrome for PDF generation and other features  
@@ -19,7 +19,7 @@ This Debian-based image includes Chrome for enhanced PDF generation and other fe
 
 ```bash
 git clone https://github.com/invoiceninja/dockerfiles.git -b debian
-cd dockerfiles
+cd dockerfiles/debian
 ```
 
 Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `.env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
@@ -41,7 +41,9 @@ Prior to starting the container for the first time, open the .env file and updat
 This will take care of the initial account setup. You can later remove these .env variables.
 
 > ⚠️ **Warning**  
-> If `IN_USER_EMAIL` and `IN_PASSWORD` is not set the default user email and password is "admin@example.com" and "changeme!" respectively. You will use this for the initial login, thereafter, you can delete these two environment variables.
+> If `IN_USER_EMAIL` and `IN_PASSWORD` are not set the default user email and password is "admin@example.com" and "changeme!" respectively. 
+
+After the container has completed the first startup you can delete these two environment variables.
 
 ### Generate a APP_KEY
 
@@ -52,7 +54,7 @@ The `APP_KEY` can be generated by running:
 docker run --rm -it invoiceninja/invoiceninja-debian php artisan key:generate --show
 
 # Or if your containers are already running:
-docker-compose exec app php artisan key:generate --show
+docker compose exec app php artisan key:generate --show
 ```
 
 Copy the entire string and insert in the .env file at `APP_KEY=base64....`
@@ -62,7 +64,7 @@ Copy the entire string and insert in the .env file at `APP_KEY=base64....`
 Start the container with:
 
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 
 **Note: When performing the setup, the Database host is ```mysql```
@@ -72,9 +74,8 @@ docker-compose up -d
 To upgrade to a newer release image, update your docker-compose.yml first by running:
 
 ```bash
-docker-compose down
-docker-compose pull
-docker-compose up
+docker compose pull
+docker compose up -d
 ```
 
 It is recommended to perform a backup before updating.
@@ -90,4 +91,4 @@ This is a new image which should provide much better support for all users, howe
 
 - [ ] Backup script  
 - [ ] Integrate soketi server  
-- [ ] Add elastic search for site wide search  
+- [ ] Add elastic search for site wide search  

debian/.env

@@ -8,7 +8,16 @@ PHANTOMJS_PDF_GENERATION=false
 PDF_GENERATOR=snappdf
 TRUSTED_PROXIES='*'
 
-QUEUE_CONNECTION=database
+
+CACHE_DRIVER=redis
+QUEUE_CONNECTION=redis
+SESSION_DRIVER=redis
+
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+FILESYSTEM_DISK=debian_docker
 
 # DB connection
 DB_HOST=mysql
@@ -48,5 +57,6 @@ NORDIGEN_SECRET_KEY=
 
 IS_DOCKER=true
 SCOUT_DRIVER=null
-SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome
+#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+
+

debian/Dockerfile

@@ -1,179 +1,90 @@
-FROM php:8.2-fpm AS base
-ARG saxon=12.5.0
+ARG PHP=8.4
+
+FROM php:${PHP}-fpm AS prepare-app
+
+ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
+
+ADD ${URL} /tmp/invoiceninja.tar.gz
+
+RUN tar -xzf /tmp/invoiceninja.tar.gz -C /var/www/html \
+    && ln -s /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
+    && php artisan storage:link \
+    # Workaround for application updates
+    && mv /var/www/html/public /tmp/public
+
+# ==================
+# InvoiceNinja image
+# ==================
+FROM php:${PHP}-fpm
+
+# PHP modules
+ARG php_require="bcmath gd mbstring pdo_mysql zip"
+ARG php_suggest="exif imagick intl pcntl saxon soap"
+ARG php_extra="opcache"
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y \
-    git \
-    curl \
-    libpng-dev \
-    libonig-dev \
-    libxml2-dev \
-    zip \
-    unzip \
-    gosu \
-    default-mysql-client \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libfcgi-bin \
+    mariadb-client \
+    gpg \
     supervisor \
-    fonts-liberation \
-    libasound2 \
-    libatk-bridge2.0-0 \
-    libatk1.0-0 \
-    libatspi2.0-0 \
-    libcups2 \
-    libdbus-1-3 \
-    libdrm2 \
-    libgbm1 \
-    libgtk-3-0 \
-    libnspr4 \
-    libnss3 \
-    libwayland-client0 \
-    libxcomposite1 \
-    libxdamage1 \
-    libxfixes3 \
-    libxkbcommon0 \
-    libxrandr2 \
-    xdg-utils \
-    fonts-noto-cjk \
+    # Unicode support for PDF
     fonts-noto-cjk-extra \
     fonts-wqy-microhei \
     fonts-wqy-zenhei \
     xfonts-wqy \
-    wget \
-    gnupg2 \
+    # Install google-chrome-stable(amd64)/chromium(arm64)
     && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-        && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
-        && apt-get update \
-        && apt-get install -y google-chrome-stable; \
+    mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | \
+    gpg --dearmor -o /etc/apt/keyrings/google.gpg \
+    && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends google-chrome-stable; \
+    elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
+    apt-get install -y --no-install-recommends \
+    chromium; \
     fi \
+    # Create config directory for chromium/google-chrome-stable
+    && mkdir /var/www/.config \
+    && chown www-data:www-data /var/www/.config \
+    # Cleanup
+    && apt-get purge -y gpg \
+    && apt-get autoremove -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-# Set permissions for www-data to execute    
-RUN mkdir -p /var/www/.chrome/chrome-profile \
-    && chown -R www-data:www-data /var/www/.chrome \
-    && chmod -R 755 /var/www/.chrome \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        chown root:root /usr/bin/google-chrome \
-        && chmod 4755 /usr/bin/google-chrome \
-        && chown -R root:root /opt/google/chrome \
-        && chmod -R 755 /opt/google/chrome; \
-    fi \
-    && chown -R www-data:www-data /var/www
+# Install PHP extensions
+COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
 
-# Create required directories with proper permissions
-RUN mkdir -p /tmp/chrome \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        chown -R www-data:www-data /tmp/chrome \
-        && chmod -R 755 /tmp/chrome; \
-    fi
-    
-# Copy Install PHP extensions installer
-COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
-
-# Install Required PHP extensions.
 RUN install-php-extensions \
-    pdo_mysql \
-    mysqli \     
-    mbstring \
-    exif \
-    pcntl \
-    bcmath \
-    gd \
-    opcache \
-    redis \
-    soap \
-    imagick \
-    curl \
-    gmp \
-    zip \
-    @composer
+    ${php_require} \
+    ${php_suggest} \
+    ${php_extra}
 
 # Configure PHP
-COPY php/php.ini /usr/local/etc/php/conf.d/app.ini
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
+RUN ln -s "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-# Configure Saxon
-WORKDIR /opt
+COPY php/php.ini /usr/local/etc/php/conf.d/invoiceninja.ini
 
-RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        curl https://downloads.saxonica.com/SaxonC/HE/12/libsaxon-HEC-linux-x86_64-v${saxon}.zip --output saxon.zip \
-        && unzip saxon.zip -d saxon \
-        && cp saxon/libsaxon-HEC-linux-amd64-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/ \
-        && cd /opt/saxon/libsaxon-HEC-linux-amd64-v${saxon}/Saxon.C.API \
-        && phpize \
-        && ./configure --enable-saxon \
-        && make \
-        && make install \
-        && echo 'extension=saxon.so' > "/usr/local/etc/php/conf.d/app.ini"; \
-    fi
-    
-# Copy scripts
-COPY rootfs /
+COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/invoiceninja.conf
 
-# Set working directory
-WORKDIR /var/www/html
-
-# Download and extract application
-RUN set -eux; \ 
-    DOWNLOAD_URL=$(curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
-    grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | cut -d '"' -f 4) && \
-    curl -L "$DOWNLOAD_URL" | tar -xvz -C /var/www/html && \
-    rm -rf /var/www/html/ui && \
-    chown -R www-data:www-data /var/www/html
-
-# Install dependencies
-RUN composer install --no-dev --no-scripts --no-autoloader
-
-# Generate optimized autoloader and clear cache
-RUN composer dump-autoload --optimize \
-    && php artisan optimize \
-    && php artisan view:cache \
-    && php artisan config:cache \
-    && php artisan route:cache
+# Workaround: Disable SSL for mariadb-client for compatibility with MySQL
+RUN echo "skip-ssl = true" >> /etc/mysql/mariadb.conf.d/50-client.cnf
 
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
+# Setup InvoiceNinja
+COPY --from=prepare-app --chown=www-data:www-data /var/www/html /var/www/html
+COPY --from=prepare-app --chown=www-data:www-data /tmp/public /tmp/public
+
 # Add initialization script
-COPY scripts/init.sh /usr/local/bin/init.sh
-
-# Make executable
-RUN chmod +x /usr/local/bin/init.sh
-
-# Configure PHP-FPM
-RUN sed -i "s/user = www-data/user = www-data/g" /usr/local/etc/php-fpm.d/www.conf \
-    && sed -i "s/group = www-data/group = www-data/g" /usr/local/etc/php-fpm.d/www.conf
-
-# Create volume directories
-RUN mkdir -p \
-    /var/www/html/storage/app/public \
-    /var/www/html/storage/framework/cache \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/logs \
-    /var/www/html/public/uploads \
-    /var/run \
-    /var/log/supervisor 
-
-# Set permissions
-RUN chown -R www-data:www-data \
-    /var/www/html/storage \
-    /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads \
-    /var/run \
-    /var/log/supervisor \
-    && chmod -R 775 \
-        /var/www/html/public/uploads \
-        /var/www/html/storage \
-        /var/www/html/bootstrap/cache \
-        /var/run \
-        /var/log/supervisor 
+COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
 # Health check
-HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
-    CMD php -v || exit 1
-
-EXPOSE 9000
+HEALTHCHECK --start-period=100s \
+    CMD REMOTE_ADDR=127.0.0.1 REQUEST_URI=/health REQUEST_METHOD=GET SCRIPT_FILENAME=/var/www/html/public/index.php cgi-fcgi -bind -connect 127.0.0.1:9000 | grep '{"status":"ok","message":"API is healthy"}'
 
 ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]

debian/docker-compose.yml

@@ -1,35 +1,22 @@
-version: '3.8'
-
-x-logging: &default-logging
-  options:
-    max-size: "10m"
-    max-file: "3"
-  driver: json-file
-
 services:
   app:
-    image: invoiceninja/invoiceninja-debian:5 
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
     restart: unless-stopped
     env_file:
       - ./.env
     volumes:
-      - ./.env:/var/www/html/.env  
+      # - ./php/php.ini:/usr/local/etc/php/conf.d/invoiceninja.ini:ro
+      # - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/invoiceninja.conf:ro
+      # - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
+      - app_public:/var/www/html/public
       - app_storage:/var/www/html/storage
-      - app_cache:/var/www/html/bootstrap/cache
-      - public_files:/var/www/html/public  
-
-    networks:
-      - app-network
     depends_on:
       mysql:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
-    logging: *default-logging
 
   nginx:
     image: nginx:alpine
@@ -37,27 +24,16 @@ services:
     ports:
       - "80:80"
     volumes:
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - type: volume
-        source: public_files
-        target: /var/www/html/public
-        read_only: true
-    networks:
-      - app-network
+      - ./nginx:/etc/nginx/conf.d:ro
+      - app_public:/var/www/html/public:ro
+      - app_storage:/var/www/html/storage:ro
     depends_on:
-      - app
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-    logging: *default-logging
+      app:
+        condition: service_healthy
 
   mysql:
-    image: mysql:8.0
+    image: mysql:8
     restart: unless-stopped
-    env_file:
-      - ./.env
     environment:
       MYSQL_DATABASE: ${DB_DATABASE}
       MYSQL_USER: ${DB_USERNAME}
@@ -65,51 +41,32 @@ services:
       MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
     volumes:
       - mysql_data:/var/lib/mysql
-    networks:
-      - app-network
     healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1G
-    logging: *default-logging
+      test:
+        [
+          "CMD",
+          "mysqladmin",
+          "ping",
+          "-h",
+          "localhost",
+          "-u${MYSQL_USER}",
+          "-p${MYSQL_PASSWORD}",
+        ]
 
   redis:
     image: redis:alpine
     restart: unless-stopped
     volumes:
       - redis_data:/data
-    networks:
-      - app-network
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-    logging: *default-logging
-
-networks:
-  app-network:
-    driver: bridge
 
 volumes:
-  app_storage:
-    driver: local
   app_public:
     driver: local
-  app_cache:
+  app_storage:
     driver: local
   mysql_data:
     driver: local
   redis_data:
     driver: local
-  public_files:  
-    driver: local

debian/nginx/conf.d/default.conf

@@ -1,38 +0,0 @@
-server {
-
-    error_log  /var/log/nginx/error.log debug;
-    access_log /var/log/nginx/access.log;
-
-    listen 80 default_server;
-    server_name _;
-    
-    server_tokens off;
-    
-    client_max_body_size 100M;
-
-    root /var/www/html/public;
-    index index.php;
-
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-    }
-
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location = /robots.txt  { access_log off; log_not_found off; }
-
-
-    location ~* /storage/.*\.php$ {
-        return 503;
-    }
-
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass app:9000;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
-    }
-}

debian/nginx/invoiceninja.conf

@@ -0,0 +1,14 @@
+# https://nginx.org/en/docs/http/ngx_http_core_module.html
+client_max_body_size 10M;
+client_body_buffer_size 10M;
+server_tokens off;
+
+# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
+fastcgi_buffers 32 16K;
+
+# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
+gzip on;
+gzip_comp_level 2;
+gzip_min_length 1M;
+gzip_proxied any;
+gzip_types *;

debian/nginx/laravel.conf

@@ -0,0 +1,32 @@
+# https://laravel.com/docs/master/deployment#nginx
+server {
+    listen 80 default_server;
+    server_name _;   
+    root /var/www/html/public;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+ 
+    charset utf-8;
+ 
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+ 
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+ 
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass app:9000;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

debian/nginx/nginx.conf

@@ -1,26 +0,0 @@
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    sendfile on;
-    keepalive_timeout 65;
-    gzip on;
-
-    include /etc/nginx/conf.d/*.conf;
-}

debian/php/php-fpm.conf

@@ -1,9 +1 @@
-[www]
-user = www-data
-group = www-data
-listen = 0.0.0.0:9000
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
+pm.max_children = 10

debian/php/php.ini

@@ -1,21 +1,24 @@
-session.auto_start = Off
-short_open_tag = Off
+[core]
+; https://www.php.net/manual/en/ini.core.php
+post_max_size=10M
+upload_max_filesize=10M
+memory_limit=512M
 
-error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+[opcache]
+; https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
+opcache.enable_cli=1
 
-opcache.enable=1
+[jit]
+; https://wiki.php.net/rfc/jit_config_defaults
+opcache.jit=tracing
+opcache.jit_buffer_size=64M
+
+[extra]
+; http://symfony.com/doc/current/performance.html
+opcache.memory_consumption=256
+opcache.max_accelerated_files=20000
 opcache.preload=/var/www/html/preload.php
 opcache.preload_user=www-data
-
-; ; The OPcache shared memory storage size.
-opcache.max_accelerated_files=300000
-opcache.validate_timestamps=1
-opcache.revalidate_freq=30
-opcache.jit_buffer_size=256M
-opcache.jit=1205
-opcache.memory_consumption=1024M
-
-
-post_max_size = 60M
-upload_max_filesize = 50M
-memory_limit=512M
+opcache.validate_timestamps=0
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600

debian/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-php artisan db:seed --force
-
-# Build up array of arguments...
-if [[ ! -z "${IN_USER_EMAIL}" ]]; then
-    email="--email ${IN_USER_EMAIL}"
-fi
-
-if [[ ! -z "${IN_PASSWORD}" ]]; then
-    password="--password ${IN_PASSWORD}"
-fi
-
-php artisan ninja:create-account $email $password

debian/scripts/init.sh

@@ -1,73 +1,71 @@
-#!/bin/sh
-set -e
-
-
-in_log() {
-        local type="$1"; shift
-        printf '%s [%s] [Entrypoint]: %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" "$type" "$*"
-}
-
-docker_process_init_files() {
-    echo
-    local f
-    for f; do
-        case "$f" in
-        *.sh)
-            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
-            # https://github.com/docker-library/postgres/pull/452
-            if [ -x "$f" ]; then
-                in_log INFO "$0: running $f"
-                "$f"
-            else
-                in_log INFO "$0: sourcing $f"
-                . "$f"
-            fi
-            ;;
-        *) in_log INFO "$0: ignoring $f" ;;
-        esac
-        echo
-    done
-}
-
-# Create directories if they don't exist
-mkdir -p \
-    /var/www/html/storage/app/public \
-    /var/www/html/storage/framework/cache \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/logs \
-    /var/www/html/public/uploads
-
-# Set directory permissions without changing ownership
-chmod -R 775 \
-    /var/www/html/storage \
-    /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads
-
-# Clear and cache config in production
-if [ "$APP_ENV" = "production" ]; then
-    php artisan config:cache
-    php artisan optimize
-    php artisan package:discover
-    php artisan migrate --force
-
-    echo "Checking initialization status..."
-
-    # If first IN run, it needs to be initialized
-    echo "Checking initialization status..."
-    IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
-    echo "IN_INIT value: $IN_INIT"
-
-    if [ "$IN_INIT" = "1" ]; then
-        echo "Running initialization scripts..."
-        docker_process_init_files /docker-entrypoint-init.d/*
-    fi
-
-    echo "Production setup completed"
-    echo "IN_INIT value: $IN_INIT"
+#!/bin/sh -eu
 
+# Set PDF generation browser path based on architecture
+if [ "$(dpkg --print-architecture)" = "amd64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+elif [ "$(dpkg --print-architecture)" = "arm64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/chromium
 fi
 
-echo "Starting supervisord..."
-# Start supervisord in the foreground
-exec /usr/bin/supervisord -n -c /etc/supervisor/conf.d/supervisord.conf
+if [ "$*" = 'supervisord -c /etc/supervisor/supervisord.conf' ]; then
+
+    # Check for required folders and create if needed
+    [ -d /var/www/html/public] || mkdir -p /var/www/html/public
+    [ -d /var/www/html/storage/app/public ] || mkdir -p /var/www/html/storage/app/public
+    [ -d /var/www/html/storage/framework/sessions ] || mkdir -p /var/www/html/storage/framework/sessions
+    [ -d /var/www/html/storage/framework/views ] || mkdir -p /var/www/html/storage/framework/views
+    [ -d /var/www/html/storage/framework/cache ] || mkdir -p /var/www/html/storage/framework/cache
+
+    # Workaround for application updates
+    if [ "$(ls -A /tmp/public)" ]; then
+        echo "Updating public folder..."
+        rm -rf /var/www/html/public/.htaccess \
+            /var/www/html/public/.well-known \
+            /var/www/html/public/*
+        cp -r /tmp/public/* \
+            /tmp/public/.htaccess \
+            /tmp/public/.well-known \
+            /var/www/html/public/ && \
+            rm -rf /tmp/public/*
+    fi
+    echo "Public Folder is up to date"
+
+    # Ensure owner, file and directory permissions are correct
+    chown -R www-data:www-data \
+        /var/www/html/public \
+        /var/www/html/storage
+    find /var/www/html/public \
+        /var/www/html/storage \
+        -type f -exec chmod 644 {} \;
+    find /var/www/html/public \
+        /var/www/html/storage \
+        -type d -exec chmod 755 {} \;
+
+    # Clear and cache config in production
+    if [ "$APP_ENV" = "production" ]; then
+        runuser -u www-data -- php artisan migrate --force       
+        runuser -u www-data -- php artisan cache:clear # Clear after the migration
+        runuser -u www-data -- php artisan ninja:design-update
+        runuser -u www-data -- php artisan optimize
+
+        # If first IN run, it needs to be initialized
+        if [ "$(runuser -u www-data -- php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
+            echo "Running initialization..."
+            
+            runuser -u www-data -- php artisan db:seed --force
+
+            if [ -n "${IN_USER_EMAIL}" ] && [ -n "${IN_PASSWORD}" ]; then
+                runuser -u www-data -- php artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
+            else
+                echo "Initialization failed - Set IN_USER_EMAIL and IN_PASSWORD in .env"
+                exit 1
+            fi
+
+        fi
+        echo "Production setup completed"
+    fi
+
+    echo "Starting supervisord..."
+fi
+
+exec "$@"

debian/supervisor/supervisord.conf

@@ -1,52 +1,39 @@
-[unix_http_server]
-file=/var/run/supervisor.sock
-chmod=0700
-
 [supervisord]
 nodaemon=true
 user=root
-logfile=/var/log/supervisor/supervisord.log
+logfile=/dev/null
+logfile_maxbytes=0
 pidfile=/var/run/supervisord.pid
 
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///var/run/supervisor.sock
-
 [program:php-fpm]
 command=/usr/local/sbin/php-fpm -F
 autostart=true
 autorestart=true
 priority=5
-stdout_logfile=/dev/stdout
+stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+redirect_stderr=true
 
 [program:queue-worker]
 process_name=%(program_name)s_%(process_num)02d
-command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600
+command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600 --verbose
 autostart=true
 autorestart=true
 stopasgroup=true
 killasgroup=true
 user=www-data
 numprocs=2
-redirect_stderr=true
-stdout_logfile=/dev/stdout
+environment=HOME="/var/www"
+stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+redirect_stderr=true
 stopwaitsecs=3600
 
 [program:scheduler]
-command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run --verbose --no-interaction &); sleep 60; done"
+command=php /var/www/html/artisan schedule:work --verbose
 autostart=true
 autorestart=true
 user=www-data
-redirect_stderr=true
-stdout_logfile=/dev/stdout
+stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+redirect_stderr=true

docker/app/public/.keep

@@ -1 +0,0 @@
-

docker/app/storage/.keep

@@ -1 +0,0 @@
-