fix: staging-app should only run PHP-FPM (not nginx) + fix git ownership warnings

deployment/stacks/staging/docker-compose.yml

@@ -46,8 +46,82 @@ services:
       - staging-logs:/var/www/html/storage/logs
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+    # Override entrypoint to only start PHP-FPM (not nginx) + fix git ownership
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        # Load secrets from /run/secrets/
+        echo "🔐 Loading secrets from /run/secrets/..."
+        [ -f /run/secrets/DB_PASSWORD ] && export DB_PASSWORD="$(cat /run/secrets/DB_PASSWORD)" || true
+        [ -f /run/secrets/APP_KEY ] && export APP_KEY="$(cat /run/secrets/APP_KEY)" || true
+        [ -f /run/secrets/GIT_TOKEN ] && export GIT_TOKEN="$(cat /run/secrets/GIT_TOKEN)" || true
+        
+        # Fix Git ownership issue
+        git config --global --add safe.directory /var/www/html 2>/dev/null || true
+        
+        # Git Clone/Pull functionality
+        if [ -n "$GIT_REPOSITORY_URL" ]; then
+          echo ""
+          echo "📥 Cloning/Pulling code from Git repository..."
+          
+          GIT_BRANCH="${GIT_BRANCH:-main}"
+          GIT_TARGET_DIR="/var/www/html"
+          
+          # Setup Git credentials
+          if [ -n "$GIT_TOKEN" ]; then
+            GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_TOKEN}@|")
+          elif [ -n "$GIT_USERNAME" ] && [ -n "$GIT_PASSWORD" ]; then
+            GIT_URL_WITH_AUTH=$(echo "$GIT_REPOSITORY_URL" | sed "s|https://|https://${GIT_USERNAME}:${GIT_PASSWORD}@|")
+          else
+            GIT_URL_WITH_AUTH="$GIT_REPOSITORY_URL"
+          fi
+          
+          # Clone or pull
+          if [ ! -d "$GIT_TARGET_DIR/.git" ]; then
+            echo "📥 Cloning repository from $GIT_REPOSITORY_URL (branch: $GIT_BRANCH)..."
+            if [ "$(ls -A $GIT_TARGET_DIR 2>/dev/null)" ]; then
+              find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true
+            fi
+            TEMP_CLONE="${GIT_TARGET_DIR}.tmp"
+            rm -rf "$TEMP_CLONE" 2>/dev/null || true
+            if git clone --branch "$GIT_BRANCH" --depth 1 "$GIT_URL_WITH_AUTH" "$TEMP_CLONE"; then
+              find "$GIT_TARGET_DIR" -mindepth 1 -maxdepth 1 ! -name "storage" -exec rm -rf {} \; 2>/dev/null || true
+              find "$TEMP_CLONE" -mindepth 1 -maxdepth 1 ! -name "." ! -name ".." -exec mv {} "$GIT_TARGET_DIR/" \; 2>/dev/null || true
+              rm -rf "$TEMP_CLONE" 2>/dev/null || true
+              echo "✅ Repository cloned successfully"
+            fi
+          else
+            echo "🔄 Pulling latest changes from $GIT_BRANCH..."
+            cd "$GIT_TARGET_DIR"
+            git fetch origin "$GIT_BRANCH" || echo "⚠️  Git fetch failed"
+            git reset --hard "origin/$GIT_BRANCH" || echo "⚠️  Git reset failed"
+            git clean -fd || true
+          fi
+          
+          # Install dependencies
+          if [ -f "$GIT_TARGET_DIR/composer.json" ]; then
+            echo "📦 Installing/updating Composer dependencies..."
+            cd "$GIT_TARGET_DIR"
+            composer install --no-dev --optimize-autoloader --no-interaction --no-scripts || echo "⚠️  Composer install failed"
+            composer dump-autoload --optimize --classmap-authoritative || true
+          fi
+          
+          echo "✅ Git sync completed"
+        else
+          echo ""
+          echo "ℹ️  GIT_REPOSITORY_URL not set, using code from image"
+        fi
+        
+        echo ""
+        echo "📊 Environment variables:"
+        env | grep -E "DB_|APP_" | grep -v "PASSWORD|KEY|SECRET" || true
+        
+        # Start PHP-FPM only (no nginx)
+        echo ""
+        echo "🚀 Starting PHP-FPM..."
+        exec php-fpm
     healthcheck:
-      test: ["CMD-SHELL", "true"]
+      test: ["CMD-SHELL", "php-fpm-healthcheck || true"]
       interval: 30s
       timeout: 10s
       retries: 3