Add team build pipeline

.dockerignore

@@ -0,0 +1,57 @@
+### Laravel ###
+bootstrap/compiled.php
+bootstrap/cache/*
+storage/*.key
+vendor
+public/storage
+public/hot
+Homestead.yaml
+Homestead.json
+.env
+.env-file.list
+**/*.log
+composer.phar
+
+resources/views/vendor/mail/html/themes/*
+storage/app/*
+storage/debugbar
+storage/framework/cache/*
+storage/framework/sessions/*
+storage/framework/testing/*
+storage/framework/views/*
+storage/logs/*
+tests
+
+### OSX ###
+**/.DS_Store
+
+### Bundler ###
+Gemfile.lock
+
+### Node ###
+node_modules
+
+### Bower ###
+bower_components
+
+### Sass ###
+*.sass-cache
+
+### Netbeans ###
+nbproject
+
+### PhpStorm ###
+.idea
+
+### Sublime Text ###
+*.sublime-*
+!*.sublime-project
+
+### Application specific ###
+.heroku_builder
+public/css/*
+public/files/*
+public/fonts
+public/js/*
+public/uploads/*
+public/mix-manifest.json

.github/workflows/build-and-publish-team-docker-image.yaml.sample

@@ -0,0 +1,50 @@
+# 0. As always, creates onw fork.
+# 1. Rename to be valid YAML file
+# 2. Go to Github Settings -> Developer settings -> Generate new classic token. Add `repo`, `workflow` and `write:packages` scopes.
+# 3. Go to Repo settings and create Repository Secret with GH_PAT name and put generated token.
+# 4. Modify last line starting with `gh workflow run` and put there Pipeline YAML file created in czechitas/terraform repo.
+
+---
+name: Build and publish team Docker image
+on:
+    push:
+        branches:
+            - team/*
+
+concurrency:
+    group: build-${{ github.ref }}
+    cancel-in-progress: true
+
+jobs:
+    publish:
+        name: Build and publish team Docker image
+        runs-on: ubuntu-latest
+        permissions:
+            packages: write
+            contents: read
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v4
+
+            - name: Login to GitHub Container Registry
+              uses: docker/login-action@v3
+              with:
+                registry: ghcr.io
+                username: ${{ github.actor }}
+                password: ${{ secrets.GH_PAT }}
+
+            - name: Build, Tag and Publish docker image
+              id: push
+              run: |
+                  DOCKER_LABEL=$(echo "${{ github.ref_name }}" | sed -e 's|team/||')
+                  echo "team=$DOCKER_LABEL" >> $GITHUB_OUTPUT
+                  echo "Docker label: $DOCKER_LABEL"
+                  docker build --label="org.opencontainers.image.source=${{ github.event.repository.html_url }}" -t ghcr.io/${{ github.repository }}:${DOCKER_LABEL} .
+                  docker push ghcr.io/${{ github.repository }}:${DOCKER_LABEL}
+            - name: Trigger Deployment pipeline
+              env:
+                GH_TOKEN: ${{ secrets.GH_PAT }}
+              run: |
+                  # Example:
+                  # gh workflow run datoj24_deploy.yaml --repo czechitas/terraform --ref main -f team=${{ steps.push.outputs.team }}
+                  gh workflow run [YOUR_FILE_FROM_TERRAFORM_REPO_HERE] --repo czechitas/terraform --ref main -f team=${{ steps.push.outputs.team }}

.gitignore

@@ -7,6 +7,7 @@
 Homestead.yaml
 Homestead.json
 .env
+.env-file.list
 *.log
 composer.phar
 

Dockerfile

@@ -0,0 +1,50 @@
+FROM composer:2 AS vendor
+
+WORKDIR /app
+
+COPY app/helpers.php app/helpers.php
+COPY database/ database/
+COPY composer.json composer.lock /app/
+
+RUN composer install \
+    --optimize-autoloader \
+    --ignore-platform-reqs \
+    --prefer-dist \
+    --no-dev \
+    --no-ansi \
+    --no-scripts \
+    --no-interaction
+
+# -------------------------------
+
+FROM node:20 AS assets
+
+WORKDIR /app
+
+# Too many folder and files required - this is shorter and sufficient for now
+COPY . .
+
+RUN npm ci --omit=optional && \
+    npm run build
+
+# -------------------------------
+
+FROM webdevops/php-apache:8.2-alpine
+
+WORKDIR /app
+
+ENV WEB_DOCUMENT_ROOT=/app/public
+
+COPY --chown=application:application . /app
+
+COPY --from=vendor /app/vendor/ /app/vendor/
+
+COPY --from=assets /app/public/css/ /app/public/css/
+COPY --from=assets /app/public/fonts/ /app/public/fonts/
+COPY --from=assets /app/public/js/ /app/public/js/
+COPY --from=assets /app/public/mix-manifest.json /app/public/mix-manifest.json
+
+COPY --from=assets /app/resources/views/vendor/mail/html/themes/ /app/resources/views/vendor/mail/html/themes/
+
+RUN mv docker.env.example .env && \
+    composer dump-autoload --optimize

app/Http/Middleware/HttpsMiddleware.php

@@ -16,7 +16,12 @@ class HttpsMiddleware
      */
     public function handle(Request $request, Closure $next)
     {
-        if (\config('https.enable') === true) {
+        // This should work by default via X-Forwarded headers.
+        // But if they are not working, it is possible to fake it via this.
+        if (\config('https.fake') === true) {
+            $request->headers->set('X-FORWARDED-PROTO', 'https');
+            $request->headers->set('X-FORWARDED-PORT', '443');
+        } elseif (\config('https.enable') === true) {
             if (!$request->secure()) {
                 return \redirect()->secure($request->getRequestUri(), 301);
             }

app/Services/AresService.php

@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace SunApp\Services;
+namespace CzechitasApp\Services;
 
 use GuzzleHttp\Client;
 use GuzzleHttp\Utils;

config/https.php

@@ -26,4 +26,9 @@
      * Url of HSTS pixel to add to HTML, if empty, nothing is added
      */
     'hsts_pixel_url'    => env('HSTS_PIXEL_URL', ''),
+
+    /**
+     * Set to true to act as web is on HTTPS even it is not set in headers nor Forwarded headers
+     */
+    'fake' => env('HTTPS_FAKE', false),
 ];

docker.env.example

@@ -0,0 +1,47 @@
+APP_NAME="CzechitasApp"
+APP_ENV=production
+# Generate via php artisan key:generate and set as Heroku environment variable
+#APP_KEY=base64:UBSDAecgGF/HzdFBQNwsRsPJxH0PlVo97bxqOP4KRH8=
+APP_DEBUG=false
+# APP_URL=
+APP_FORCE_URL=false
+
+HTTPS_ENABLE=false
+# SESSION_SECURE_COOKIE=true
+# HSTS_LIFETIME=2592000
+
+LOG_CHANNEL=daily
+DAILY_LOG_DAYS=30
+
+DB_CONNECTION=mysql
+# DB_HOST=
+# DB_PORT=3306
+# DB_DATABASE=
+# DB_USERNAME=
+# DB_PASSWORD=
+
+CACHE_DRIVER=file
+QUEUE_CONNECTION=sync
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+# On Heroku we need to use S3 as Heroku does not have permanent storage
+# FILESYSTEM_DRIVER=s3
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# AWS_DEFAULT_REGION=
+# AWS_BUCKET=
+# AWS_URL=
+
+# MAILER array just save it locally, set to smtp/mailgun/ses etc to send real emails
+MAIL_MAILER=array
+MAIL_FROM_ADDRESS="info@czechitas-app.cz"
+MAIL_FROM_NAME="Czechitas"
+MAIL_SUBJECT_ADD="Czechitas"
+MAIL_REPLY_TO_ADDRESS="info@czechitas-app.cz"
+MAIL_REPLY_TO_NAME="Czechitas"
+#MAIL_HOST=smtp.mailtrap.io
+#MAIL_PORT=2525
+#MAIL_USERNAME=
+#MAIL_PASSWORD=
+#MAIL_ENCRYPTION=tls

package.json

@@ -4,8 +4,8 @@
   "private": true,
   "type": "module",
   "engines": {
-    "npm": "^9",
-    "node": "^18"
+    "npm": "^10",
+    "node": "^20"
   },
   "scripts": {
     "start": "cross-env NODE_ENV=development webpack --mode=development --watch",