Set default memory limit

unicode emoji for dockerhub

.editorconfig

@@ -1,24 +0,0 @@
-# EditorConfig is awesome: https://EditorConfig.org
-
-# top-most EditorConfig file
-root = true
-
-# Unix-style newlines with a newline ending every file
-[*]
-end_of_line = lf
-insert_final_newline = true
-
-# Matches multiple files with brace expansion notation
-# Set default charset
-[*.*]
-charset = utf-8
-
-# Tab indentation (no size specified)
-[Makefile]
-indent_style = tab
-
-# Matches the files *.yml
-[*.yml]
-indent_style = space
-indent_size = 2
-

.github/workflows/build-image-debian.yaml

@@ -1,38 +0,0 @@
-name: Build Debian Container Image
-
-on:
-  pull_request:
-    paths:
-      - "debian/**"
-  push:
-    paths:
-      - "debian/**"
-    branches:
-      - master
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build
-        id: docker_build
-        uses: docker/build-push-action@v5
-        with:
-          context: debian  
-          file: debian/Dockerfile  
-          load: true
-          tags: invoiceninja/invoiceninja-debian:test
-          cache-from: type=gha
-          cache-to: type=gha,mode=max

.github/workflows/build-image-octane.yaml

@@ -0,0 +1,48 @@
+name: Build Octane Container Image
+
+on:
+  pull_request:
+    paths:
+      - ".github/**"
+      - "octane/**"
+  push:
+    paths:
+      - ".github/**"
+      - "octane/**"
+
+env:
+  REGISTRY_IMAGE: invoiceninja/invoiceninja-octane
+
+jobs:
+  build:
+    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: octane
+          platforms: ${{ matrix.platform }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          outputs: type=image,push-by-digest=true,name-canonical=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/publish-image-octane.yaml

@@ -0,0 +1,166 @@
+name: Publish Octane Container Images
+
+on:
+  push:
+    tags-ignore:
+      - "invoiceninja-*"
+
+env:
+  REGISTRY_IMAGE: invoiceninja/invoiceninja-octane
+
+jobs:
+  version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      major: ${{ steps.version.outputs.major }}
+      minor: ${{ steps.version.outputs.minor }}
+      url: ${{ steps.version.outputs.url }}
+    steps:
+      - id: version
+        run: |
+
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+            # Remove -o or -d suffix if present
+            VERSION=${VERSION%-*}
+          fi
+          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
+          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
+          URL=https://github.com/invoiceninja/invoiceninja/releases/download/v${VERSION}/invoiceninja.tar.gz
+
+          # Debug output
+          echo "Current version: ${VERSION}"
+          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
+
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
+          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
+          echo "url=${URL}" >> $GITHUB_OUTPUT
+
+  build:
+    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    needs:
+      - version
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Prepare
+        id: prep
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: octane
+          build-args: URL=${{ needs.version.outputs.url }}
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - version
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            ${{ needs.version.outputs.version }}
+            ${{ needs.version.outputs.major }}
+            ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}
+            latest
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
+
+      - name: Inspect image
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
+
+  Description:
+    if: ${{ github.event_name != 'pull_request' }}
+    runs-on: ubuntu-latest
+    needs:
+      - merge
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          sparse-checkout: "README.md"
+
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.REGISTRY_IMAGE }}

.github/workflows/publish-image.yaml

@@ -1,75 +0,0 @@
-name: Publish Debian Container Images
-
-on:
-  push:
-    tags-ignore:
-      - "invoiceninja-*"
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          - image: invoiceninja/invoiceninja-debian
-            context: ./debian
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4  # Updated from v2
-        with:
-          fetch-depth: 0
-
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${{ matrix.image }}
-          VERSION=edge
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
-          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
-          TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:${MAJOR}.${MINOR}"
-          
-          # Debug output
-          echo "Current version: ${VERSION}"
-          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
-          
-          TAGS="$TAGS,${DOCKER_IMAGE}:latest"
-
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT  # Updated output syntax
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
-          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3  # Updated from v1
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3  # Updated from v1
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3  # Updated from v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v5  # Updated from v2
-        with:
-          context: ${{ matrix.context }}
-          build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          cache-from: type=gha  # Updated cache type
-          cache-to: type=gha,mode=max
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release-chart.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/test-charts.yaml

@@ -12,7 +12,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -55,7 +55,7 @@ jobs:
           - "1.23.15"
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.gitignore

@@ -1,14 +0,0 @@
-# OS files
-.DS_Store
-.DS_Store?
-._*
-.Spotlight-V100
-.Trashes
-ehthumbs.db
-Thumbs.db
-
-# Helm
-charts/**/charts/
-
-# Compose filesystem
-/docker

README.md

@@ -1,13 +1,13 @@
-[![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-debian?label=debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml)
-[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
+[![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-octane?label=octane)](https://hub.docker.com/r/invoiceninja/invoiceninja-octane)
+[![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-octane)](https://hub.docker.com/r/invoiceninja/invoiceninja-octane)
+[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-octane.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-octane.yaml)
+[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-octane.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-octane.yaml)
 
-# Debian Docker for [Invoice Ninja](https://www.invoiceninja.com/)
+# Octane Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
-:crown: **Features**
+👑 **Features**
 
-NGINX webserver support [NGINX](https://nginx.org/)  
+[FRANKENPHP](https://frankenphp.dev/)  
 Built-in Chrome for PDF generation and other features  
 Saxon XLST 2 engine  
 OPcache  
@@ -18,8 +18,8 @@ Multi language support
 This Debian-based image includes Chrome for enhanced PDF generation and other features. To get started:
 
 ```bash
-git clone https://github.com/invoiceninja/dockerfiles.git -b debian
-cd dockerfiles/debian
+git clone https://github.com/invoiceninja/dockerfiles.git -b octane
+cd dockerfiles/octane
 ```
 
 Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `.env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
@@ -51,10 +51,10 @@ The `APP_KEY` can be generated by running:
 
 ```bash
 # If you haven't started the containers yet:
-docker run --rm -it invoiceninja/invoiceninja-debian php artisan key:generate --show
+docker run --rm -it invoiceninja/invoiceninja-octane frankenphp php-cli artisan key:generate --show
 
 # Or if your containers are already running:
-docker-compose exec app php artisan key:generate --show
+docker compose exec app frankenphp php-cli artisan key:generate --show
 ```
 
 Copy the entire string and insert in the .env file at `APP_KEY=base64....`
@@ -64,7 +64,7 @@ Copy the entire string and insert in the .env file at `APP_KEY=base64....`
 Start the container with:
 
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 
 **Note: When performing the setup, the Database host is ```mysql```
@@ -74,9 +74,8 @@ docker-compose up -d
 To upgrade to a newer release image, update your docker-compose.yml first by running:
 
 ```bash
-docker-compose down
-docker-compose pull
-docker-compose up
+docker compose pull
+docker compose up -d
 ```
 
 It is recommended to perform a backup before updating.

debian/Dockerfile

@@ -1,179 +0,0 @@
-FROM php:8.2-fpm AS base
-ARG saxon=12.5.0
-
-# Install system dependencies
-RUN apt-get update && apt-get install -y \
-    git \
-    curl \
-    libpng-dev \
-    libonig-dev \
-    libxml2-dev \
-    zip \
-    unzip \
-    gosu \
-    default-mysql-client \
-    supervisor \
-    fonts-liberation \
-    libasound2 \
-    libatk-bridge2.0-0 \
-    libatk1.0-0 \
-    libatspi2.0-0 \
-    libcups2 \
-    libdbus-1-3 \
-    libdrm2 \
-    libgbm1 \
-    libgtk-3-0 \
-    libnspr4 \
-    libnss3 \
-    libwayland-client0 \
-    libxcomposite1 \
-    libxdamage1 \
-    libxfixes3 \
-    libxkbcommon0 \
-    libxrandr2 \
-    xdg-utils \
-    fonts-noto-cjk \
-    fonts-noto-cjk-extra \
-    fonts-wqy-microhei \
-    fonts-wqy-zenhei \
-    xfonts-wqy \
-    wget \
-    gnupg2 \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-        && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
-        && apt-get update \
-        && apt-get install -y google-chrome-stable; \
-    fi \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-# Set permissions for www-data to execute    
-RUN mkdir -p /var/www/.chrome/chrome-profile \
-    && chown -R www-data:www-data /var/www/.chrome \
-    && chmod -R 755 /var/www/.chrome \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        chown root:root /usr/bin/google-chrome \
-        && chmod 4755 /usr/bin/google-chrome \
-        && chown -R root:root /opt/google/chrome \
-        && chmod -R 755 /opt/google/chrome; \
-    fi \
-    && chown -R www-data:www-data /var/www
-
-# Create required directories with proper permissions
-RUN mkdir -p /tmp/chrome \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        chown -R www-data:www-data /tmp/chrome \
-        && chmod -R 755 /tmp/chrome; \
-    fi
-    
-# Copy Install PHP extensions installer
-COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
-
-# Install Required PHP extensions.
-RUN install-php-extensions \
-    pdo_mysql \
-    mysqli \     
-    mbstring \
-    exif \
-    pcntl \
-    bcmath \
-    gd \
-    opcache \
-    redis \
-    soap \
-    imagick \
-    curl \
-    gmp \
-    zip \
-    @composer
-
-# Configure PHP
-COPY php/php.ini /usr/local/etc/php/conf.d/app.ini
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
-
-# Configure Saxon
-WORKDIR /opt
-
-RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        curl https://downloads.saxonica.com/SaxonC/HE/12/libsaxon-HEC-linux-x86_64-v${saxon}.zip --output saxon.zip \
-        && unzip saxon.zip -d saxon \
-        && cp saxon/libsaxon-HEC-linux-amd64-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/ \
-        && cd /opt/saxon/libsaxon-HEC-linux-amd64-v${saxon}/Saxon.C.API \
-        && phpize \
-        && ./configure --enable-saxon \
-        && make \
-        && make install \
-        && echo 'extension=saxon.so' > "/usr/local/etc/php/conf.d/app.ini"; \
-    fi
-
-# Copy scripts
-COPY rootfs /
-
-# Set working directory
-WORKDIR /var/www/html
-
-# Download and extract application
-RUN set -eux; \ 
-    DOWNLOAD_URL=$(curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
-    grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | cut -d '"' -f 4) && \
-    curl -L "$DOWNLOAD_URL" | tar -xvz -C /var/www/html && \
-    chown -R www-data:www-data /var/www/html
-
-# Install dependencies
-RUN composer install --no-dev --no-scripts --no-autoloader
-
-# Generate optimized autoloader and clear cache
-RUN composer dump-autoload --optimize \
-    && php artisan optimize \
-    && php artisan view:cache \
-    && php artisan config:cache \
-    && php artisan route:cache \
-    && php artisan storage:link
-
-# Setup supervisor
-COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-
-# Add initialization script
-COPY scripts/init.sh /usr/local/bin/init.sh
-
-# Make executable
-RUN chmod +x /usr/local/bin/init.sh
-
-# Configure PHP-FPM
-RUN sed -i "s/user = www-data/user = www-data/g" /usr/local/etc/php-fpm.d/www.conf \
-    && sed -i "s/group = www-data/group = www-data/g" /usr/local/etc/php-fpm.d/www.conf
-
-# Create volume directories
-RUN mkdir -p \
-    /var/www/html/storage/app/public \
-    /var/www/html/storage/framework/cache \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/logs \
-    /var/www/html/public/uploads \
-    /var/run \
-    /var/log/supervisor 
-
-# Set permissions
-RUN chown -R www-data:www-data \
-    /var/www/html/storage \
-    /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads \
-    /var/run \
-    /var/log/supervisor \
-    && chmod -R 775 \
-        /var/www/html/public/uploads \
-        /var/www/html/storage \
-        /var/www/html/bootstrap/cache \
-        /var/run \
-        /var/log/supervisor 
-
-# Health check
-HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
-    CMD php -v || exit 1
-
-EXPOSE 9000
-
-ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

debian/docker-compose.yml

@@ -1,112 +0,0 @@
-version: '3.8'
-
-x-logging: &default-logging
-  options:
-    max-size: "10m"
-    max-file: "3"
-  driver: json-file
-
-services:
-  app:
-    image: invoiceninja/invoiceninja-debian:latest
-    restart: unless-stopped
-    env_file:
-      - ./.env
-    volumes:
-      - ./.env:/var/www/html/.env  
-      - app_storage:/var/www/html/storage
-      - app_cache:/var/www/html/bootstrap/cache
-      - public_storage:/var/www/html/public/storage
-
-    networks:
-      - app-network
-    depends_on:
-      mysql:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
-    logging: *default-logging
-
-  nginx:
-    image: nginx:alpine
-    restart: unless-stopped
-    ports:
-      - "80:80"
-    volumes:
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-    volumes_from:
-      - app
-
-    networks:
-      - app-network
-    depends_on:
-      - app
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-    logging: *default-logging
-
-  mysql:
-    image: mysql:8.0
-    restart: unless-stopped
-    env_file:
-      - ./.env
-    environment:
-      MYSQL_DATABASE: ${DB_DATABASE}
-      MYSQL_USER: ${DB_USERNAME}
-      MYSQL_PASSWORD: ${DB_PASSWORD}
-      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
-    volumes:
-      - mysql_data:/var/lib/mysql
-    networks:
-      - app-network
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1G
-    logging: *default-logging
-
-  redis:
-    image: redis:alpine
-    restart: unless-stopped
-    volumes:
-      - redis_data:/data
-    networks:
-      - app-network
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-    logging: *default-logging
-
-networks:
-  app-network:
-    driver: bridge
-
-volumes:
-  app_storage:
-    driver: local
-  app_cache:
-    driver: local
-  public_storage:
-    driver: local  # Persistent storage for user files
-  mysql_data:
-    driver: local
-  redis_data:
-    driver: local

debian/nginx/conf.d/default.conf

@@ -1,38 +0,0 @@
-server {
-
-    error_log  /var/log/nginx/error.log debug;
-    access_log /var/log/nginx/access.log;
-
-    listen 80 default_server;
-    server_name _;
-    
-    server_tokens off;
-    
-    client_max_body_size 100M;
-
-    root /var/www/html/public;
-    index index.php;
-
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-    }
-
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location = /robots.txt  { access_log off; log_not_found off; }
-
-
-    location ~* /storage/.*\.php$ {
-        return 503;
-    }
-
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass app:9000;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
-    }
-}

debian/nginx/nginx.conf

@@ -1,26 +0,0 @@
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    sendfile on;
-    keepalive_timeout 65;
-    gzip on;
-
-    include /etc/nginx/conf.d/*.conf;
-}

debian/php/php-fpm.conf

@@ -1,9 +0,0 @@
-[www]
-user = www-data
-group = www-data
-listen = 0.0.0.0:9000
-pm = dynamic
-pm.max_children = 10
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3

debian/php/php.ini

@@ -1,21 +0,0 @@
-session.auto_start = Off
-short_open_tag = Off
-
-error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
-
-opcache.enable=1
-opcache.preload=/var/www/html/preload.php
-opcache.preload_user=www-data
-
-; ; The OPcache shared memory storage size.
-opcache.max_accelerated_files=300000
-opcache.validate_timestamps=1
-opcache.revalidate_freq=30
-opcache.jit_buffer_size=256M
-opcache.jit=1205
-opcache.memory_consumption=1024M
-
-
-post_max_size = 60M
-upload_max_filesize = 50M
-memory_limit=512M

debian/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-php artisan db:seed --force
-
-# Build up array of arguments...
-if [[ ! -z "${IN_USER_EMAIL}" ]]; then
-    email="--email ${IN_USER_EMAIL}"
-fi
-
-if [[ ! -z "${IN_PASSWORD}" ]]; then
-    password="--password ${IN_PASSWORD}"
-fi
-
-php artisan ninja:create-account $email $password

debian/scripts/init.sh

@@ -1,75 +0,0 @@
-#!/bin/sh
-set -e
-
-
-in_log() {
-        local type="$1"; shift
-        printf '%s [%s] [Entrypoint]: %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" "$type" "$*"
-}
-
-docker_process_init_files() {
-    echo
-    local f
-    for f; do
-        case "$f" in
-        *.sh)
-            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
-            # https://github.com/docker-library/postgres/pull/452
-            if [ -x "$f" ]; then
-                in_log INFO "$0: running $f"
-                "$f"
-            else
-                in_log INFO "$0: sourcing $f"
-                . "$f"
-            fi
-            ;;
-        *) in_log INFO "$0: ignoring $f" ;;
-        esac
-        echo
-    done
-}
-
-# Create directories if they don't exist
-mkdir -p \
-    /var/www/html/storage/app/public \
-    /var/www/html/storage/framework/cache \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/logs \
-    /var/www/html/public/storage
-
-# Set directory permissions without changing ownership
-chmod -R 775 \
-    /var/www/html/storage \
-    /var/www/html/bootstrap/cache \
-    /var/www/html/public/storage
-
-chown -R www-data:www-data /var/www/html/storage
-
-# Clear and cache config in production
-if [ "$APP_ENV" = "production" ]; then
-    gosu www-data php artisan config:cache
-    gosu www-data php artisan optimize
-    gosu www-data php artisan package:discover
-    gosu www-data php artisan migrate --force
-
-    echo "Checking initialization status..."
-
-    # If first IN run, it needs to be initialized
-    echo "Checking initialization status..."
-    IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
-    echo "IN_INIT value: $IN_INIT"
-
-    if [ "$IN_INIT" = "1" ]; then
-        echo "Running initialization scripts..."
-        docker_process_init_files /docker-entrypoint-init.d/*
-    fi
-
-    echo "Production setup completed"
-    echo "IN_INIT value: $IN_INIT"
-
-fi
-
-echo "Starting supervisord..."
-# Start supervisord in the foreground
-exec /usr/bin/supervisord -n -c /etc/supervisor/conf.d/supervisord.conf

debian/supervisor/supervisord.conf

@@ -1,52 +0,0 @@
-[unix_http_server]
-file=/var/run/supervisor.sock
-chmod=0700
-
-[supervisord]
-nodaemon=true
-user=root
-logfile=/var/log/supervisor/supervisord.log
-pidfile=/var/run/supervisord.pid
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///var/run/supervisor.sock
-
-[program:php-fpm]
-command=/usr/local/sbin/php-fpm -F
-autostart=true
-autorestart=true
-priority=5
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-
-[program:queue-worker]
-process_name=%(program_name)s_%(process_num)02d
-command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600
-autostart=true
-autorestart=true
-stopasgroup=true
-killasgroup=true
-user=www-data
-numprocs=2
-redirect_stderr=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-stopwaitsecs=3600
-
-[program:scheduler]
-command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run --verbose --no-interaction &); sleep 60; done"
-autostart=true
-autorestart=true
-user=www-data
-redirect_stderr=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0

docker/app/public/.keep

@@ -1 +0,0 @@
-

docker/app/storage/.keep

@@ -1 +0,0 @@
-

octane/.env

@@ -1,5 +1,5 @@
 # IN application vars
-APP_URL=http://localhost:8012
+APP_URL=http://localhost
 APP_KEY=base64:RR++yx2rJ9kdxbdh3+AmbHLDQu+Q76i++co9Y8ybbno=
 APP_ENV=production
 APP_DEBUG=true
@@ -8,10 +8,16 @@ PHANTOMJS_PDF_GENERATION=false
 PDF_GENERATOR=snappdf
 TRUSTED_PROXIES='*'
 
+
+CACHE_DRIVER=redis
 QUEUE_CONNECTION=redis
+SESSION_DRIVER=redis
 
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
 
-# FILESYSTEM_DISK=local
+FILESYSTEM_DISK=debian_docker
 
 # DB connection
 DB_HOST=mysql
@@ -51,5 +57,6 @@ NORDIGEN_SECRET_KEY=
 
 IS_DOCKER=true
 SCOUT_DRIVER=null
-SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome
+#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+
+

octane/Dockerfile

@@ -0,0 +1,102 @@
+ARG PHP_VERSION=8.4
+ARG FRANKENPHP_VERSION=1
+ARG DEBIAN_VERSION=trixie
+
+FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}-${DEBIAN_VERSION} AS prepare-app
+
+ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
+
+ADD ${URL} /tmp/invoiceninja.tar.gz
+
+RUN tar -xf /tmp/invoiceninja.tar.gz \
+    && ln -s ./resources/views/react/index.blade.php ./public/index.html \
+    # Symlink
+    && php artisan storage:link \
+    # Octane
+    && php artisan octane:install --server=frankenphp
+
+# ==================
+# InvoiceNinja image
+# ==================
+FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}-${DEBIAN_VERSION}
+
+ARG user=ninja
+
+# PHP modules
+ARG php_require="bcmath gd mbstring pdo_mysql zip"
+ARG php_suggest="exif imagick intl pcntl saxon soap"
+ARG php_extra="opcache"
+
+# Create a system user UID/GID=999
+RUN	useradd -r ${user}
+
+# Allow to bind to privileged ports
+RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    mariadb-client \
+    gpg \
+    # Unicode support for PDF
+    fonts-noto-cjk-extra \
+    fonts-wqy-microhei \
+    fonts-wqy-zenhei \
+    xfonts-wqy \
+    # Install google-chrome-stable(amd64)/chromium(arm64)
+    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
+    mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | \
+    gpg --dearmor -o /etc/apt/keyrings/google.gpg \
+    && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends google-chrome-stable \
+    && mkdir /config/google-chrome \
+    && chown ${user}: /config/google-chrome; \
+    elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
+    apt-get install -y --no-install-recommends \
+    chromium \
+    && mkdir /config/chromium \
+    && chown ${user}: /config/chromium; \
+    fi \
+    # Cleanup
+    && apt-get purge -y gpg \
+    && apt-get autoremove -y \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install PHP extensions
+RUN install-php-extensions \
+    ${php_require} \
+    ${php_suggest} \
+    ${php_extra}
+
+# Configure PHP
+RUN ln -s "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini"
+
+COPY php/php.ini /usr/local/etc/php/conf.d/invoiceninja.ini
+
+# Workaround: Disable SSL for mariadb-client for compatibility with MySQL
+RUN echo "skip-ssl = true" >> /etc/mysql/mariadb.conf.d/50-client.cnf
+
+# Create directory for artisan tinker (init.sh)
+RUN mkdir /config/psysh \
+    && chown ${user}: /config/psysh
+
+# Change owner for caddy directories
+RUN chown -R ${user}: \
+    /data/caddy \
+    /config/caddy
+
+# InvoiceNinja
+COPY --from=prepare-app --chown=${user}:${user} /app /app
+
+# Add initialization script
+COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
+
+USER ${user}
+
+HEALTHCHECK --start-period=100s CMD curl -f http://localhost/health
+
+ENTRYPOINT ["/usr/local/bin/init.sh"]
+
+CMD ["frankenphp", "php-cli", "artisan", "octane:frankenphp"]

octane/docker-compose.yml

@@ -0,0 +1,129 @@
+# name: invoiceninja
+
+x-app-volumes: &volumes
+  volumes:
+    - app_storage:/app/storage
+    - caddy_data:/data
+
+services:
+  app:
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-octane:${TAG:-latest}
+    restart: unless-stopped
+    # php artisan help octane:frankenphp
+    command: --port=80 --workers=2
+    # command: --host=example.com --port=443 --workers=2 --https --http-redirect --log-level=info
+    ports:
+      - "80:80" # HTTP
+      # - "443:443" # HTTPS
+      # - "443:443/udp" # HTTP/3, Works for chromium based browser, but causes H3_GENERAL_PROTOCOL_ERROR for pdf previews in Firefox
+    env_file:
+      - ./.env
+    environment:
+      LARAVEL_ROLE: app
+    <<: *volumes
+    depends_on:
+      mysql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      # mariadb:
+      #   condition: service_healthy
+      # valkey:
+      #   condition: service_healthy
+
+  app-worker:
+    image: invoiceninja/invoiceninja-octane:${TAG:-latest}
+    restart: unless-stopped
+    # php artisan help queue:work
+    command: --verbose --sleep=3 --tries=3 --max-time=3600
+    deploy:
+      mode: replicated
+      replicas: 2
+    env_file:
+      - ./.env
+    environment:
+      LARAVEL_ROLE: worker
+    <<: *volumes
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "queue:work"]
+    depends_on:
+      app:
+        condition: service_healthy
+
+  app-scheduler:
+    image: invoiceninja/invoiceninja-octane:${TAG:-latest}
+    restart: unless-stopped
+    # php artisan help schedule:work
+    command: --verbose
+    env_file:
+      - ./.env
+    environment:
+      LARAVEL_ROLE: scheduler
+    <<: *volumes
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "schedule:work"]
+    depends_on:
+      app:
+        condition: service_healthy
+
+  mysql:
+    image: mysql:8
+    restart: unless-stopped
+    environment:
+      MYSQL_DATABASE: ${DB_DATABASE}
+      MYSQL_USER: ${DB_USERNAME}
+      MYSQL_PASSWORD: ${DB_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
+    volumes:
+      - mysql_data:/var/lib/mysql
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "mysqladmin",
+          "ping",
+          "-h",
+          "localhost",
+          "-u${MYSQL_USER}",
+          "-p${MYSQL_PASSWORD}",
+        ]
+
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    volumes:
+      - redis_data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+
+  # mariadb:
+  #   image: mariadb:11.8
+  #   restart: unless-stopped
+  #   environment:
+  #     MARIADB_DATABASE: ${DB_DATABASE}
+  #     MARIADB_USER: ${DB_USERNAME}
+  #     MARIADB_PASSWORD: ${DB_PASSWORD}
+  #     MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
+  #   volumes:
+  #     - mariadb:/var/lib/mysql
+  #   healthcheck:
+  #     test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+
+  # valkey:
+  #   image: valkey/valkey:8
+  #   restart: unless-stopped
+  #   volumes:
+  #     - valkey:/data
+  #   healthcheck:
+  #     test: [ "CMD", "valkey-cli", "ping" ]
+
+
+volumes:
+  app_storage:
+  caddy_data:
+  mysql_data:
+  redis_data:
+  # mariadb:
+  # valkey:

octane/php/php.ini

@@ -0,0 +1,24 @@
+[core]
+; https://www.php.net/manual/en/ini.core.php
+post_max_size=10M
+upload_max_filesize=10M
+memory_limit=512M
+
+[opcache]
+; https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
+opcache.enable_cli=1
+
+[jit]
+; https://wiki.php.net/rfc/jit_config_defaults
+opcache.jit=tracing
+opcache.jit_buffer_size=64M
+
+[extra]
+; https://frankenphp.dev/docs/performance/#php-performance
+; http://symfony.com/doc/current/performance.html
+opcache.memory_consumption=256
+opcache.max_accelerated_files=20000
+opcache.preload=/app/preload.php
+opcache.validate_timestamps=0
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600

octane/scripts/init.sh

@@ -0,0 +1,97 @@
+#!/bin/sh -eu
+
+# Fallback to app
+role=${LARAVEL_ROLE:-app}
+
+# Set PDF generation browser path based on architecture
+export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+if [ "$(dpkg --print-architecture)" = "arm64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/chromium
+fi
+
+# Check for default CMD, flag(s) or empty CMD
+if [ "$*" = 'frankenphp php-cli artisan octane:frankenphp' ] || [ "${1#-}" != "$1" ] || [ "$#" -eq  "0" ]; then
+
+    if [ "--help" = "$1" ]; then
+        echo [CMD]
+        echo "This image will execute specific CMDs based on the environment variable LARAVEL_ROLE"
+        echo
+        echo "LARAVEL_ROLE=app:       frankenphp php-cli artisan octane:frankenphp (default)"
+        echo "LARAVEL_ROLE=worker:    frankenphp php-cli artisan queue:work"
+        echo "LARAVEL_ROLE=scheduler: frankenphp php-cli artisan schedule:work"
+        echo
+        echo [FLAGS]
+        echo To the CMD defined by LARAVEL_ROLE can be extended with flags for artisan commands
+        echo
+        echo Available flags can be displaced:
+        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan help octane:frankenphp
+        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan queue:work
+        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan schedule:work
+        echo
+        echo Example:
+        echo docker run -e LARAVEL_ROLE=worker invoiceninja/invoiceninja-debian --verbose --sleep=3 --tries=3 --max-time=3600
+        echo
+        echo [Deployment]
+        echo Docker compose is recommended
+        echo
+        echo Example:
+        echo https://github.com/invoiceninja/dockerfiles/blob/octane/debian/docker-compose.yml
+        echo
+        exit 0
+    fi
+
+    # Run app
+    if [ "${role}" = "app" ]; then
+        cmd="frankenphp php-cli artisan octane:frankenphp"
+
+        # Check for required folders and create if needed, relevant for bind mounts
+        # It is not possible to chown, as we are not executing this script as root
+        [ -d /var/www/html/storage/app/public ] || mkdir -p /var/www/html/storage/app/public
+        [ -d /app/storage/framework/sessions ] || mkdir -p /app/storage/framework/sessions
+        [ -d /app/storage/framework/views ] || mkdir -p /app/storage/framework/views
+        [ -d /app/storage/framework/cache ] || mkdir -p /app/storage/framework/cache
+        [ -d /app/storage/logs ] || mkdir -p /app/storage/logs
+
+        if [ "$APP_ENV" = "production" ]; then
+            frankenphp php-cli artisan migrate --force
+            frankenphp php-cli artisan cache:clear # Clear after the migration
+            frankenphp php-cli artisan ninja:design-update
+            frankenphp php-cli artisan optimize
+
+            # If first IN run, it needs to be initialized
+            if [ "$(frankenphp php-cli artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
+                echo "Running initialization..."
+
+                frankenphp php-cli artisan db:seed --force
+
+                if [ -n "${IN_USER_EMAIL}" ] && [ -n "${IN_PASSWORD}" ]; then
+                    frankenphp php-cli artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
+                else
+                    echo "Initialization failed - Set IN_USER_EMAIL and IN_PASSWORD in .env"
+                    exit 1
+                fi
+            fi
+        fi
+
+        echo "Production setup completed"
+    # Run worker
+    elif [ "${role}" = "worker" ]; then
+        cmd="frankenphp php-cli artisan queue:work"
+    # Run scheduler
+    elif [ "${role}" = "scheduler" ]; then
+        cmd="frankenphp php-cli artisan schedule:work"
+    # Invalid role
+    else
+        echo "Invalid role: ${role}"
+        exit 1
+    fi
+
+    # Append flag(s) to role cmd
+    if [ "${1#-}" != "$1" ]; then
+        set -- ${cmd} "$@"
+    else
+        set -- ${cmd}
+    fi
+fi
+
+exec "$@"