build: create local dev environment that mirrors kube

.env.local.example

@@ -0,0 +1,78 @@
+# accessibility-app variables
+APP_NAME="The Accessibility Exchange"
+APP_ENV=local
+APP_KEY=
+APP_URL=https://platform.test
+APP_SERVICE=platform.test
+
+DB_CONNECTION=mysql
+DB_HOST=platform.mysql
+DB_PORT=3306
+DB_DATABASE=accessibilityexchange
+DB_USERNAME=root
+DB_PASSWORD=
+
+FILES_PATH="/opt/data/storage"
+CACHE_PATH="/opt/data/cache"
+
+LOG_CHANNEL=stack
+LOG_LEVEL=debug
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=file
+QUEUE_CONNECTION=sync
+SESSION_DRIVER=database
+SESSION_LIFETIME=120
+
+MEMCACHED_HOST=memcached
+
+# REDIS_HOST=127.0.0.1
+REDIS_HOST=platform.redis
+REDIS_PASSWORD=
+REDIS_PORT=6379
+
+
+MAIL_MAILER=smtp
+MAIL_HOST=platform.mailpit
+MAIL_PORT=1025
+MAIL_USERNAME=
+MAIL_PASSWORD=
+MAIL_ENCRYPTION=
+MAIL_FROM_ADDRESS=noreply@example.com
+MAIL_FROM_NAME="${APP_NAME}"
+
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_DEFAULT_REGION=us-east-1
+AWS_BUCKET=
+
+SNAPSHOTS_DISK=snapshots
+SNAPSHOTS_AWS_ACCESS_KEY_ID=
+SNAPSHOTS_AWS_SECRET_ACCESS_KEY=
+SNAPSHOTS_AWS_DEFAULT_REGION=us-east-1
+SNAPSHOTS_AWS_BUCKET=
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+PUSHER_APP_CLUSTER=mt1
+
+VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
+VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+SAIL_XDEBUG_MODE=develop,debug,coverage
+
+CIPHERSWEET_KEY=
+
+FLARE_KEY=
+
+WWWUSER=
+WWWGROUP=
+
+# if you want to test s3 connection from local setup and have proper credentials to an s3 bucket
+# MINIO_DRIVER=s3
+# MINIO_ENDPOINT=
+# MINIO_REGION=
+# MINIO_PROJECT_BUCKET=
+# MINIO_ACCESS_KEY=
+# MINIO_SECRET_KEY=

.kube/app/Dockerfile

@@ -1,9 +1,9 @@
 FROM php:8.1-fpm
 
 ENV PHP_VERSION 8.1
-ENV NODE_VERSION 18
+ENV NODE_VERSION 18.18.2
 ENV NVM_VERSION 0.39.3
-ENV NVM_DIR /root/.nvm
+ENV NVM_DIR /var/www/.nvm
 
 ENV APP_DIR /app
 ENV KUBE_DIR .kube/app
@@ -34,11 +34,7 @@ RUN apt-get install -y \
     s3cmd
 
 RUN docker-php-ext-configure gd --with-freetype --with-jpeg
-RUN docker-php-ext-install -j$(nproc) gd
-RUN docker-php-ext-install pdo_mysql mbstring exif pcntl bcmath bz2 zip soap
-RUN docker-php-ext-install opcache
-RUN docker-php-ext-configure intl
-RUN docker-php-ext-install intl
+RUN docker-php-ext-install -j$(nproc) gd pdo_mysql mbstring exif pcntl bcmath bz2 zip soap intl opcache
 
 RUN apt-get install -y libmagickwand-dev --no-install-recommends
 
@@ -54,6 +50,7 @@ RUN pecl install -o -f redis && \
 
 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
 
+RUN mkdir -p $NVM_DIR
 RUN wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v$NVM_VERSION/install.sh | bash
 RUN . "$NVM_DIR/nvm.sh" && nvm install $NODE_VERSION
 ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
@@ -70,6 +67,6 @@ RUN composer install
 
 RUN . "$NVM_DIR/nvm.sh" && nvm use $NODE_VERSION && npm ci
 
-RUN chown www-data:root $APP_DIR/public/ -R
+RUN chown -R www-data:root $APP_DIR/public/ $NVM_DIR
 
 ENTRYPOINT $APP_DIR/$KUBE_DIR/entrypoint.sh

.local-deploy/accessibility-app/entrypoint.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+# TODO permanent remove cache lines once testing on per/pod caching is tested
+if [ -f /usr/local/etc/php/php.ini-development ]; then
+    rm -f /usr/local/etc/php/conf.d/php.ini
+    ln -s /usr/local/etc/php/php.ini-development /usr/local/etc/php/conf.d/php.ini
+fi
+
+# mirror developers user id so that they can edit live files in the docker
+if [ -n "$USER_ID" ]; then
+  usermod -u $USER_ID www-data
+  chown -R www-data:root /app $NVM_DIR
+  chown www-data:root /var/www
+fi
+
+mkdir -p $FILES_PATH
+# mkdir -p $CACHE_PATH removed per https://github.com/accessibility-exchange/platform/issues/1596
+
+## fix permissions before syncing to existing storage and cache https://github.com/accessibility-exchange/platform/issues/1226
+chown -R www-data:root /app/storage /app/bootstrap/cache $FILES_PATH $VIEW_COMPILED_PATH # $CACHE_PATH removed per https://github.com/accessibility-exchange/platform/issues/1596
+
+## sync files from container storage to permanent storage then remove container storage
+rsync -a /app/storage/ $FILES_PATH
+rm -rf /app/storage
+
+## sync files from container cache to permanent storage then remove container cache
+## removed syncing to shared/permenant storage https://github.com/accessibility-exchange/platform/issues/1596
+# rsync -a /app/bootstrap/cache/ $CACHE_PATH
+# rm -rf /app/bootstrap/cache
+
+## create symlinks from permanent storage & cache to application directory folders
+ln -s $FILES_PATH /app/storage
+## removed linked to shared/permenant storage https://github.com/accessibility-exchange/platform/issues/1596
+# ln -s $CACHE_PATH /app/bootstrap/cache
+
+# make sure to test mysql connection before running the php artisan commands
+while ! mysqladmin ping -h$DB_HOST -uroot -p$DB_PASSWORD --silent; do
+    sleep 1
+done
+
+php artisan deploy:local # run before global so that storage is linked https://github.com/accessibility-exchange/platform/issues/1357
+
+flock -n -E 0 /opt/data -c "php artisan deploy:global" # run exclusively on a single instance at once
+
+## fix permissions after syncing to existing storage and cache https://github.com/accessibility-exchange/platform/issues/1236
+chown -R www-data:root /app/bootstrap/cache $FILES_PATH # $CACHE_PATH removed per and added path to cache in the pod https://github.com/accessibility-exchange/platform/issues/1596
+
+/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

.local-deploy/accessibility-app/etc/nginx/includes/laravel.conf

@@ -0,0 +1,46 @@
+sendfile off;
+absolute_redirect off;
+
+root /app/public;
+index index.php index.html index.htm;
+
+expires epoch;
+
+location / {
+    try_files $uri $uri/ /index.php?$query_string;
+}
+
+location ~ /build/assets/.*\.(css|js)$ {
+    access_log off;
+}
+
+location ~ /_debugbar/assets/javascript/.*\.js$ {
+    access_log off;
+}
+
+location ~ /storage/fonts/.*\.woff2$ {
+    access_log off;
+}
+
+location = /favicon.ico {
+    access_log off;
+    log_not_found off;
+}
+
+location = /robots.txt {
+    access_log off;
+    log_not_found off;
+}
+
+error_page 404 /index.php;
+
+location ~ \.php$ {
+    fastcgi_pass    127.0.0.1:9000;
+    include fastcgi_params;
+    fastcgi_param   SCRIPT_FILENAME     $realpath_root$fastcgi_script_name;
+    fastcgi_param HTTPS "on";
+}
+
+location ~ /\.(?!well-known).* {
+    deny all;
+}

.local-deploy/accessibility-app/etc/nginx/nginx.conf

@@ -0,0 +1,52 @@
+worker_processes auto;
+error_log stderr warn;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for" '
+                          '$request_time $upstream_response_time $pipe $upstream_cache_status';
+
+    access_log /dev/stdout main_timed;
+    error_log /dev/stderr notice;
+
+    keepalive_timeout 65;
+
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    server {
+        listen [::]:8080;
+        listen 8080;
+        server_name _;
+
+        location /nginx_status {
+            stub_status on;
+            allow 127.0.0.1;
+            allow 10.0.0.0/8;
+            allow 172.0.0.0/8;
+            deny all;
+        }
+
+        include /etc/nginx/includes/laravel.conf;
+    }
+
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
+    gzip_vary on;
+    gzip_disable "msie6";
+
+    include /etc/nginx/conf.d/*.conf;
+}

.local-deploy/accessibility-app/php.ini-development

@@ -0,0 +1,5 @@
+[PHP]
+post_max_size = 100M
+upload_max_filesize = 100M
+variables_order = EGPCS
+memory_limit = 1G

.local-deploy/accessibility-db/opt/bitnami/mysql/conf/my_custom.cnf

@@ -0,0 +1,40 @@
+[mysqld]
+    basedir=/opt/bitnami/mysql
+    bind-address=0.0.0.0
+    character-set-server=UTF8
+    collation-server=utf8_general_ci
+    datadir=/bitnami/mysql/data
+    default_authentication_plugin=mysql_native_password
+    explicit_defaults_for_timestamp
+    innodb_buffer_pool_size=1G
+    innodb_doublewrite=1
+    innodb_flush_log_at_trx_commit=1
+    innodb_flush_method=O_DIRECT
+    innodb_lock_wait_timeout=50
+    innodb_log_buffer_size=16M
+    innodb_max_dirty_pages_pct=80
+    innodb_thread_concurrency=0
+    log-error=/opt/bitnami/mysql/logs/mysqld.log
+    long_query_time=10.0
+    max_allowed_packet=16M
+    pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+    plugin_dir=/opt/bitnami/mysql/lib/plugin
+    port=3306
+    skip-name-resolve
+    slow_query_log=0
+    slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
+    socket=/opt/bitnami/mysql/tmp/mysql.sock
+    table_definition_cache=2048
+    table_open_cache=512
+    tmpdir=/opt/bitnami/mysql/tmp
+
+[client]
+    default-character-set=UTF8
+    plugin_dir=/opt/bitnami/mysql/lib/plugin
+    port=3306
+    socket=/opt/bitnami/mysql/tmp/mysql.sock
+
+[manager]
+    pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+    port=3306
+    socket=/opt/bitnami/mysql/tmp/mysql.sock

.local-deploy/accessibility-proxy/Dockerfile

@@ -0,0 +1,18 @@
+FROM nginx:1.23-alpine
+
+RUN apk update
+RUN apk add --no-cache openssl
+
+ARG SSL_SUBJECT
+
+RUN openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+
+RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -subj "$SSL_SUBJECT" \
+    -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
+
+COPY etc /etc
+
+RUN mkdir -p /etc/nginx/sites-enabled
+RUN cp /etc/nginx/sites-available/default_ssl.conf /etc/nginx/sites-enabled/default_ssl.conf
+RUN cp /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf

.local-deploy/accessibility-proxy/etc/nginx/nginx.conf

@@ -0,0 +1,40 @@
+worker_processes auto;
+error_log stderr warn;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for" '
+                          '$request_time $upstream_response_time $pipe $upstream_cache_status';
+
+    access_log /dev/stdout main_timed;
+    error_log /dev/stderr notice;
+
+    keepalive_timeout 65;
+
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
+    gzip_vary on;
+    gzip_disable "msie6";
+
+    upstream platform.test {
+        server platform.test:8080;
+    }
+
+    include /etc/nginx/sites-enabled/*.conf;
+}

.local-deploy/accessibility-proxy/etc/nginx/sites-available/default.conf

@@ -0,0 +1,12 @@
+    server {
+        listen 80;
+        listen [::]:80;
+
+        location / {
+            proxy_pass http://platform.test;
+            proxy_set_header    Host            $host;
+            proxy_set_header    X-Real-IP       $remote_addr;
+            proxy_set_header    X-Forwarded-for $remote_addr;
+            proxy_connect_timeout 300;
+        }
+    }