Merge pull request #752 from benbrummer/octane

saxon defaults now to 12.5.0

.github/workflows/auto-close-issues.yml

@@ -1,19 +0,0 @@
-name: Close stale issues after 5 days
-on:
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  close-issues:
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-    steps:
-      - uses: actions/stale@v10
-        with:
-          days-before-issue-stale: 4
-          days-before-issue-close: 1
-          stale-issue-label: "stale"
-          close-issue-message: "This issue has been automatically closed due to inactivity for 5 days."
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          exempt-issue-labels: "keep-open,triage,bug"

.github/workflows/build-image-debian.yaml

@@ -1,49 +1,38 @@
-name: Build Debian Container Image
+name: Build Debian Octane Container Image
 
 on:
   pull_request:
     paths:
-      - ".github/**"
       - "debian/**"
   push:
     paths:
-      - ".github/**"
       - "debian/**"
-
-env:
-  REGISTRY_IMAGE: invoiceninja/invoiceninja-debian
+    branches:
+      - master
 
 jobs:
-  build:
-    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
+  docker:
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
         with:
-          images: ${{ env.REGISTRY_IMAGE }}
+          platforms: all
 
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build
-        id: build
-        uses: docker/build-push-action@v6
+        id: docker_build
+        uses: docker/build-push-action@v5
         with:
-          context: debian
-          platforms: ${{ matrix.platform }}
-          labels: ${{ steps.meta.outputs.labels }}
-          tags: ${{ env.REGISTRY_IMAGE }}
-          outputs: type=image,push-by-digest=true,name-canonical=true
+          context: debian  
+          file: debian/Dockerfile  
+          load: true
+          tags: invoiceninja/invoiceninja-octane:test
           cache-from: type=gha
           cache-to: type=gha,mode=max

.github/workflows/publish-image-debian.yaml

@@ -1,166 +0,0 @@
-name: Publish Debian Container Images
-
-on:
-  push:
-    tags-ignore:
-      - "invoiceninja-*"
-
-env:
-  REGISTRY_IMAGE: invoiceninja/invoiceninja-debian
-
-jobs:
-  version:
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.version.outputs.version }}
-      major: ${{ steps.version.outputs.major }}
-      minor: ${{ steps.version.outputs.minor }}
-      url: ${{ steps.version.outputs.url }}
-    steps:
-      - id: version
-        run: |
-
-          VERSION=edge
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-            # Remove -o or -d suffix if present
-            VERSION=${VERSION%-*}
-          fi
-          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
-          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
-          URL=https://github.com/invoiceninja/invoiceninja/releases/download/v${VERSION}/invoiceninja.tar.gz
-
-          # Debug output
-          echo "Current version: ${VERSION}"
-          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
-
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
-          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
-          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
-          echo "url=${URL}" >> $GITHUB_OUTPUT
-
-  build:
-    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
-    needs:
-      - version
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Prepare
-        id: prep
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@v6
-        with:
-          context: debian
-          build-args: URL=${{ needs.version.outputs.url }}
-          platforms: ${{ matrix.platform }}
-          labels: ${{ steps.meta.outputs.labels }}
-          tags: ${{ env.REGISTRY_IMAGE }}
-          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Export digest
-        run: |
-          mkdir -p ${{ runner.temp }}/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "${{ runner.temp }}/digests/${digest#sha256:}"
-
-      - name: Upload digest
-        uses: actions/upload-artifact@v4
-        with:
-          name: digests-${{ env.PLATFORM_PAIR }}
-          path: ${{ runner.temp }}/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs:
-      - version
-      - build
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@v4
-        with:
-          path: ${{ runner.temp }}/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-          tags: |
-            ${{ needs.version.outputs.version }}
-            ${{ needs.version.outputs.major }}
-            ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}
-            latest
-
-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests
-        if: ${{ github.event_name != 'pull_request' }}
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
-
-      - name: Inspect image
-        if: ${{ github.event_name != 'pull_request' }}
-        run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
-
-  Description:
-    if: ${{ github.event_name != 'pull_request' }}
-    runs-on: ubuntu-latest
-    needs:
-      - merge
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-        with:
-          sparse-checkout: "README.md"
-
-      - name: Docker Hub Description
-        uses: peter-evans/dockerhub-description@v4
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-          repository: ${{ env.REGISTRY_IMAGE }}

.github/workflows/publish-image.yaml

@@ -0,0 +1,75 @@
+name: Publish Debian Container Images
+
+on:
+  push:
+    tags-ignore:
+      - "invoiceninja-*"
+
+jobs:
+  docker:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+          - image: invoiceninja/invoiceninja-octane
+            context: debian
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4  
+        with:
+          fetch-depth: 0
+
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=${{ matrix.image }}
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+          fi
+          TAGS="${DOCKER_IMAGE}:${VERSION}"
+          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
+          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
+          TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:${MAJOR}.${MINOR}"
+          
+          # Debug output
+          echo "Current version: ${VERSION}"
+          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
+          
+          TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+
+          echo "tags=${TAGS}" >> $GITHUB_OUTPUT  # Updated output syntax
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3  # Updated from v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3  # Updated from v1
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3  # Updated from v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v5  # Updated from v2
+        with:
+          context: ${{ matrix.context }}
+          build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.prep.outputs.tags }}
+          cache-from: type=gha  # Updated cache type
+          cache-to: type=gha,mode=max
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

README.md

@@ -1,11 +1,11 @@
 [![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-debian?label=debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
 [![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-debian.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-debian.yaml)
-[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-debian.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-debian.yaml)
+[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml)
+[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
 
 # Debian Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
-👑 **Features**
+:crown: **Features**
 
 NGINX webserver support [NGINX](https://nginx.org/)  
 Built-in Chrome for PDF generation and other features  
@@ -54,7 +54,7 @@ The `APP_KEY` can be generated by running:
 docker run --rm -it invoiceninja/invoiceninja-debian php artisan key:generate --show
 
 # Or if your containers are already running:
-docker compose exec app php artisan key:generate --show
+docker-compose exec app php artisan key:generate --show
 ```
 
 Copy the entire string and insert in the .env file at `APP_KEY=base64....`
@@ -64,7 +64,7 @@ Copy the entire string and insert in the .env file at `APP_KEY=base64....`
 Start the container with:
 
 ```bash
-docker compose up -d
+docker-compose up -d
 ```
 
 **Note: When performing the setup, the Database host is ```mysql```
@@ -74,8 +74,9 @@ docker compose up -d
 To upgrade to a newer release image, update your docker-compose.yml first by running:
 
 ```bash
-docker compose pull
-docker compose up -d
+docker-compose down
+docker-compose pull
+docker-compose up
 ```
 
 It is recommended to perform a backup before updating.
@@ -91,4 +92,4 @@ This is a new image which should provide much better support for all users, howe
 
 - [ ] Backup script  
 - [ ] Integrate soketi server  
-- [ ] Add elastic search for site wide search  
+- [ ] Add elastic search for site wide search  

debian/Dockerfile

@@ -1,33 +1,39 @@
-ARG PHP=8.4
+ARG PHP_VERSION=8.3
+ARG FRANKENPHP_VERSION=1
+ARG DEBIAN_VERSION=bookworm
 
-FROM php:${PHP}-fpm AS prepare-app
+FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}-${DEBIAN_VERSION} AS prepare-app
 
-ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
-
-ADD ${URL} /tmp/invoiceninja.tar.gz
-
-RUN tar -xzf /tmp/invoiceninja.tar.gz -C /var/www/html \
-    && ln -s /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
+RUN curl -sL "https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz" | \
+    tar -xz \
+    && ln -s ./resources/views/react/index.blade.php ./public/index.html \
+    # Symlink
     && php artisan storage:link \
-    # Workaround for application updates
-    && mv /var/www/html/public /tmp/public
+    # Octane
+    && php artisan octane:install --server=frankenphp
 
 # ==================
 # InvoiceNinja image
 # ==================
-FROM php:${PHP}-fpm
+FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}-${DEBIAN_VERSION}
+
+ARG user=ninja
 
 # PHP modules
 ARG php_require="bcmath gd mbstring pdo_mysql zip"
 ARG php_suggest="exif imagick intl pcntl saxon soap"
 ARG php_extra="opcache"
 
+# Create a system user UID/GID=999
+RUN	useradd -r ${user}
+
+# Allow to bind to privileged ports
+RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp
+
 # Install system dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    libfcgi-bin \
     mariadb-client \
     gpg \
-    supervisor \
     # Unicode support for PDF
     fonts-noto-cjk-extra \
     fonts-wqy-microhei \
@@ -40,14 +46,15 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     gpg --dearmor -o /etc/apt/keyrings/google.gpg \
     && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
     && apt-get update \
-    && apt-get install -y --no-install-recommends google-chrome-stable; \
+    && apt-get install -y --no-install-recommends google-chrome-stable \
+    && mkdir /config/google-chrome \
+    && chown ${user}: /config/google-chrome; \
     elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
     apt-get install -y --no-install-recommends \
-    chromium; \
+    chromium \
+    && mkdir /config/chromium \
+    && chown ${user}: /config/chromium; \
     fi \
-    # Create config directory for chromium/google-chrome-stable
-    && mkdir /var/www/.config \
-    && chown www-data:www-data /var/www/.config \
     # Cleanup
     && apt-get purge -y gpg \
     && apt-get autoremove -y \
@@ -55,36 +62,35 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 # Install PHP extensions
-COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
-
 RUN install-php-extensions \
     ${php_require} \
     ${php_suggest} \
     ${php_extra}
 
 # Configure PHP
-RUN ln -s "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+RUN ln -s "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini"
 
 COPY php/php.ini /usr/local/etc/php/conf.d/invoiceninja.ini
 
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/invoiceninja.conf
+# Create directory for artisan tinker (init.sh)
+RUN mkdir /config/psysh \
+    && chown ${user}: /config/psysh
 
-# Workaround: Disable SSL for mariadb-client for compatibility with MySQL
-RUN echo "skip-ssl = true" >> /etc/mysql/mariadb.conf.d/50-client.cnf
+# Change owner for caddy directories
+RUN chown -R ${user}: \
+    /data/caddy \
+    /config/caddy
 
-# Setup supervisor
-COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-
-# Setup InvoiceNinja
-COPY --from=prepare-app --chown=www-data:www-data /var/www/html /var/www/html
-COPY --from=prepare-app --chown=www-data:www-data /tmp/public /tmp/public
+# InvoiceNinja
+COPY --from=prepare-app --chown=${user}:${user} /app /app
 
 # Add initialization script
 COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
-# Health check
-HEALTHCHECK --start-period=100s \
-    CMD REMOTE_ADDR=127.0.0.1 REQUEST_URI=/health REQUEST_METHOD=GET SCRIPT_FILENAME=/var/www/html/public/index.php cgi-fcgi -bind -connect 127.0.0.1:9000 | grep '{"status":"ok","message":"API is healthy"}'
+USER ${user}
+
+HEALTHCHECK --start-period=10s CMD curl -f http://localhost/health
 
 ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]
+
+CMD ["frankenphp", "php-cli", "artisan", "octane:frankenphp"]

debian/docker-compose.yml

@@ -1,39 +1,90 @@
+# name: invoiceninja
+
+x-logging: &default-logging
+  options:
+    max-size: "10m"
+    max-file: "3"
+  driver: json-file
+
+x-app-volumes: &volumes
+  volumes:
+      - ./.env:/app/.env
+      - app_storage:/app/storage
+      - caddy_data:/data
+
 services:
   app:
     build:
       context: .
     image: invoiceninja/invoiceninja-debian:${TAG:-latest}
     restart: unless-stopped
+    # php artisan help octane:frankenphp
+    command: --port=80 --workers=2 --log-level=info
+    # command: --host=example.com --port=443 --workers=2 --https --http-redirect --log-level=info
+    ports:
+      - "80:80" # HTTP
+      # - "443:443" # HTTPS
+      # - "443:443/udp" # HTTP/3, Works for chromium based browser, but causes H3_GENERAL_PROTOCOL_ERROR for pdf previews in Firefox 
     env_file:
       - ./.env
-    volumes:
-      # - ./php/php.ini:/usr/local/etc/php/conf.d/invoiceninja.ini:ro
-      # - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/invoiceninja.conf:ro
-      # - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
-      - app_public:/var/www/html/public
-      - app_storage:/var/www/html/storage
+    environment:
+      LARAVEL_ROLE: app
+    <<: *volumes
     depends_on:
       mysql:
         condition: service_healthy
       redis:
         condition: service_healthy
-
-  nginx:
-    image: nginx:alpine
+      # mariadb:
+      #   condition: service_healthy
+      # valkey:
+      #   condition: service_healthy
+    logging: *default-logging
+  
+  app-worker:
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
     restart: unless-stopped
-    ports:
-      - "80:80"
-    volumes:
-      - ./nginx:/etc/nginx/conf.d:ro
-      - app_public:/var/www/html/public:ro
-      - app_storage:/var/www/html/storage:ro
+    # php artisan help queue:work
+    command: --verbose --sleep=3 --tries=3 --max-time=3600
+    deploy:
+      mode: replicated
+      replicas: 2
+    env_file:
+      - ./.env
+    environment:
+      LARAVEL_ROLE: worker
+    <<: *volumes
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "queue:work"]
+      start_period: 10s
     depends_on:
       app:
         condition: service_healthy
+    logging: *default-logging
+
+  app-scheduler:
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
+    restart: unless-stopped
+    # php artisan help schedule:work
+    command: --verbose
+    env_file:
+      - ./.env
+    environment:
+      LARAVEL_ROLE: scheduler
+    <<: *volumes
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "schedule:work"]
+      start_period: 10s
+    depends_on:
+      app:
+        condition: service_healthy
+    logging: *default-logging
 
   mysql:
     image: mysql:8
     restart: unless-stopped
+    env_file:
+      - ./.env
     environment:
       MYSQL_DATABASE: ${DB_DATABASE}
       MYSQL_USER: ${DB_USERNAME}
@@ -42,16 +93,11 @@ services:
     volumes:
       - mysql_data:/var/lib/mysql
     healthcheck:
-      test:
-        [
-          "CMD",
-          "mysqladmin",
-          "ping",
-          "-h",
-          "localhost",
-          "-u${MYSQL_USER}",
-          "-p${MYSQL_PASSWORD}",
-        ]
+      test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    logging: *default-logging
 
   redis:
     image: redis:alpine
@@ -59,14 +105,43 @@ services:
     volumes:
       - redis_data:/data
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: [ "CMD", "redis-cli", "ping" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    logging: *default-logging
+
+  # mariadb:
+  #   image: mariadb:11.4
+  #   restart: unless-stopped
+  #   env_file:
+  #     - ./.env
+  #   environment:
+  #     MARIADB_DATABASE: ${DB_DATABASE}
+  #     MARIADB_USER: ${DB_USERNAME}
+  #     MARIADB_PASSWORD: ${DB_PASSWORD}
+  #     MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
+  #   volumes:
+  #     - mariadb:/var/lib/mysql
+  #   healthcheck:
+  #     test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+  #     start_period: 60s
+  #   logging: *default-logging
+
+  # valkey:
+  #   image: valkey/valkey:8
+  #   restart: unless-stopped
+  #   volumes:
+  #     - valkey:/data
+  #   healthcheck:
+  #     test: [ "CMD", "valkey-cli", "ping" ]
+  #     start_period: 10s
+  #   logging: *default-logging
 
 volumes:
-  app_public:
-    driver: local
   app_storage:
-    driver: local
+  caddy_data:
   mysql_data:
-    driver: local
   redis_data:
-    driver: local
+  # mariadb:
+  # valkey:

debian/nginx/invoiceninja.conf

@@ -1,14 +0,0 @@
-# https://nginx.org/en/docs/http/ngx_http_core_module.html
-client_max_body_size 10M;
-client_body_buffer_size 10M;
-server_tokens off;
-
-# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
-fastcgi_buffers 32 16K;
-
-# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
-gzip on;
-gzip_comp_level 2;
-gzip_min_length 1M;
-gzip_proxied any;
-gzip_types *;

debian/nginx/laravel.conf

@@ -1,32 +0,0 @@
-# https://laravel.com/docs/master/deployment#nginx
-server {
-    listen 80 default_server;
-    server_name _;   
-    root /var/www/html/public;
-
-    add_header X-Frame-Options "SAMEORIGIN";
-    add_header X-Content-Type-Options "nosniff";
-
-    index index.php;
- 
-    charset utf-8;
- 
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-    }
- 
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location = /robots.txt  { access_log off; log_not_found off; }
- 
-    error_page 404 /index.php;
-
-    location ~ \.php$ {
-        fastcgi_pass app:9000;
-        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        include fastcgi_params;
-    }
-
-    location ~ /\.(?!well-known).* {
-        deny all;
-    }
-}

debian/php/php-fpm.conf

@@ -1 +0,0 @@
-pm.max_children = 10

debian/php/php.ini

@@ -2,7 +2,6 @@
 ; https://www.php.net/manual/en/ini.core.php
 post_max_size=10M
 upload_max_filesize=10M
-memory_limit=512M
 
 [opcache]
 ; https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
@@ -14,11 +13,11 @@ opcache.jit=tracing
 opcache.jit_buffer_size=64M
 
 [extra]
+; https://frankenphp.dev/docs/performance/#php-performance
 ; http://symfony.com/doc/current/performance.html
 opcache.memory_consumption=256
 opcache.max_accelerated_files=20000
-opcache.preload=/var/www/html/preload.php
-opcache.preload_user=www-data
+opcache.preload=/app/preload.php
 opcache.validate_timestamps=0
 realpath_cache_size = 4096K
 realpath_cache_ttl = 600

debian/scripts/init.sh

@@ -1,71 +1,97 @@
 #!/bin/sh -eu
 
+# Fallback to app
+role=${LARAVEL_ROLE:-app}
+
 # Set PDF generation browser path based on architecture
-if [ "$(dpkg --print-architecture)" = "amd64" ]; then
-    export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-elif [ "$(dpkg --print-architecture)" = "arm64" ]; then
+export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+if [ "$(dpkg --print-architecture)" = "arm64" ]; then
     export SNAPPDF_CHROMIUM_PATH=/usr/bin/chromium
 fi
 
-if [ "$*" = 'supervisord -c /etc/supervisor/supervisord.conf' ]; then
+# Check for default CMD, flag(s) or empty CMD
+if [ "$*" = 'frankenphp php-cli artisan octane:frankenphp' ] || [ "${1#-}" != "$1" ] || [ "$#" -eq  "0" ]; then
 
-    # Check for required folders and create if needed
-    [ -d /var/www/html/public] || mkdir -p /var/www/html/public
-    [ -d /var/www/html/storage/app/public ] || mkdir -p /var/www/html/storage/app/public
-    [ -d /var/www/html/storage/framework/sessions ] || mkdir -p /var/www/html/storage/framework/sessions
-    [ -d /var/www/html/storage/framework/views ] || mkdir -p /var/www/html/storage/framework/views
-    [ -d /var/www/html/storage/framework/cache ] || mkdir -p /var/www/html/storage/framework/cache
-
-    # Workaround for application updates
-    if [ "$(ls -A /tmp/public)" ]; then
-        echo "Updating public folder..."
-        rm -rf /var/www/html/public/.htaccess \
-            /var/www/html/public/.well-known \
-            /var/www/html/public/*
-        cp -r /tmp/public/* \
-            /tmp/public/.htaccess \
-            /tmp/public/.well-known \
-            /var/www/html/public/ && \
-            rm -rf /tmp/public/*
+    if [ "--help" = "$1" ]; then
+        echo [CMD]
+        echo "This image will execute specific CMDs based on the environment variable LARAVEL_ROLE"
+        echo
+        echo "LARAVEL_ROLE=app:       frankenphp php-cli artisan octane:frankenphp (default)"
+        echo "LARAVEL_ROLE=worker:    frankenphp php-cli artisan queue:work"
+        echo "LARAVEL_ROLE=scheduler: frankenphp php-cli artisan schedule:work"
+        echo
+        echo [FLAGS]
+        echo To the CMD defined by LARAVEL_ROLE can be extended with flags for artisan commands
+        echo
+        echo Available flags can be displaced:
+        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan help octane:frankenphp
+        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan queue:work
+        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan schedule:work
+        echo
+        echo Example:
+        echo docker run -e LARAVEL_ROLE=worker invoiceninja/invoiceninja-debian --verbose --sleep=3 --tries=3 --max-time=3600
+        echo
+        echo [Deployment]
+        echo Docker compose is recommended
+        echo
+        echo Example:
+        echo https://github.com/invoiceninja/dockerfiles/blob/octane/debian/docker-compose.yml
+        echo
+        exit 0
     fi
-    echo "Public Folder is up to date"
 
-    # Ensure owner, file and directory permissions are correct
-    chown -R www-data:www-data \
-        /var/www/html/public \
-        /var/www/html/storage
-    find /var/www/html/public \
-        /var/www/html/storage \
-        -type f -exec chmod 644 {} \;
-    find /var/www/html/public \
-        /var/www/html/storage \
-        -type d -exec chmod 755 {} \;
+    # Run app
+    if [ "${role}" = "app" ]; then
+        cmd="frankenphp php-cli artisan octane:frankenphp"
 
-    # Clear and cache config in production
-    if [ "$APP_ENV" = "production" ]; then
-        runuser -u www-data -- php artisan migrate --force       
-        runuser -u www-data -- php artisan cache:clear # Clear after the migration
-        runuser -u www-data -- php artisan ninja:design-update
-        runuser -u www-data -- php artisan optimize
+        # Check for required folders and create if needed, relevant for bind mounts
+        # It is not possible to chown, as we are not executing this script as root
+        [ -d /var/www/html/storage/framework/sessions ] || mkdir -p /var/www/html/storage/framework/sessions
+        [ -d /var/www/html/storage/framework/views ] || mkdir -p /var/www/html/storage/framework/views
+        [ -d /var/www/html/storage/framework/cache ] || mkdir -p /var/www/html/storage/framework/cache
+
+        if [ "$APP_ENV" = "production" ]; then
+            frankenphp php-cli artisan optimize
+        fi
+
+        frankenphp php-cli artisan package:discover
+
+        # Run migrations (if any)
+        frankenphp php-cli artisan migrate --force
 
         # If first IN run, it needs to be initialized
-        if [ "$(runuser -u www-data -- php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
+        if [ "$(frankenphp php-cli artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
             echo "Running initialization..."
-            
-            runuser -u www-data -- php artisan db:seed --force
+
+            frankenphp php-cli artisan db:seed --force
 
             if [ -n "${IN_USER_EMAIL}" ] && [ -n "${IN_PASSWORD}" ]; then
-                runuser -u www-data -- php artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
+                frankenphp php-cli artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
             else
                 echo "Initialization failed - Set IN_USER_EMAIL and IN_PASSWORD in .env"
                 exit 1
             fi
-
         fi
+
         echo "Production setup completed"
+    # Run worker
+    elif [ "${role}" = "worker" ]; then
+        cmd="frankenphp php-cli artisan queue:work"
+    # Run scheduler
+    elif [ "${role}" = "scheduler" ]; then
+        cmd="frankenphp php-cli artisan schedule:work"
+    # Invalid role
+    else
+        echo "Invalid role: ${role}"
+        exit 1
     fi
 
-    echo "Starting supervisord..."
+    # Append flag(s) to role cmd
+    if [ "${1#-}" != "$1" ]; then
+        set -- ${cmd} "$@"
+    else
+        set -- ${cmd}
+    fi
 fi
 
 exec "$@"

debian/supervisor/supervisord.conf

@@ -1,39 +0,0 @@
-[supervisord]
-nodaemon=true
-user=root
-logfile=/dev/null
-logfile_maxbytes=0
-pidfile=/var/run/supervisord.pid
-
-[program:php-fpm]
-command=/usr/local/sbin/php-fpm -F
-autostart=true
-autorestart=true
-priority=5
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-
-[program:queue-worker]
-process_name=%(program_name)s_%(process_num)02d
-command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600 --verbose
-autostart=true
-autorestart=true
-stopasgroup=true
-killasgroup=true
-user=www-data
-numprocs=2
-environment=HOME="/var/www"
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-stopwaitsecs=3600
-
-[program:scheduler]
-command=php /var/www/html/artisan schedule:work --verbose
-autostart=true
-autorestart=true
-user=www-data
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-redirect_stderr=true

docker/app/public/.keep

@@ -0,0 +1 @@
+

docker/app/storage/.keep

@@ -0,0 +1 @@
+