diff --git a/Dockerfile.production b/Dockerfile.production index 025fc53b..bee4b129 100644 --- a/Dockerfile.production +++ b/Dockerfile.production @@ -1,9 +1,11 @@ # Production Dockerfile - Multi-Stage Build +ARG PHP_VERSION=8.5.0RC3 +# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases ARG RUNTIME_IMAGE=runtime-base # Stage: Composer Dependencies (Production) -FROM php:8.5.0RC3-fpm AS composer-deps-production +FROM php:${PHP_VERSION}-fpm AS composer-deps-production WORKDIR /app @@ -53,7 +55,8 @@ COPY tsconfig.json ./ RUN npm run build # Stage: Runtime Base Image (shared) -FROM php:8.5.0RC3-fpm AS runtime-base +ARG PHP_VERSION=8.5.0RC3 +FROM php:${PHP_VERSION}-fpm AS runtime-base # Install system dependencies + nginx for production RUN apt-get update && apt-get install -y \ diff --git a/Makefile b/Makefile index 197b432a..d5ba530e 100644 --- a/Makefile +++ b/Makefile @@ -215,10 +215,14 @@ logs-production: ## Show production logs @echo "📋 Showing production logs..." @cd deployment && make logs-prod-php -logs-staging: ## Show staging-app container logs via SSH - @echo "📋 Showing staging-app logs..." +logs-staging: ## Show staging-app container logs via SSH (container stdout/stderr) + @echo "📋 Showing staging-app container logs..." @ssh -i ~/.ssh/production deploy@94.16.110.151 "cd ~/deployment/stacks/staging && docker compose logs -f staging-app" +logs-staging-php: ## Show PHP application logs from staging-app (log files) + @echo "📋 Showing PHP application logs from staging-app..." + @ssh -i ~/.ssh/production deploy@94.16.110.151 "docker exec -i staging-app tail -f /var/www/html/storage/logs/*.log 2>/dev/null || docker exec -i staging-app ls -la /var/www/html/storage/logs/ 2>/dev/null || echo 'Log directory /var/www/html/storage/logs/ not accessible'" + # SSL Certificate Management (PHP Framework Integration) ssl-init: ## Initialize Let's Encrypt certificates @echo "🔒 Initializing SSL certificates..." @@ -253,4 +257,4 @@ ssl-backup: ## Backup Let's Encrypt certificates push-staging: ## Pusht den aktuellen Stand nach origin/staging git push origin HEAD:staging -.PHONY: up down build restart logs ps phpinfo deploy setup clean clean-coverage status fix-ssh-perms setup-ssh test test-coverage test-coverage-html test-unit test-framework test-domain test-watch test-parallel test-profile test-filter security-check security-audit-json security-check-prod update-production restart-production deploy-production-quick status-production logs-production logs-staging ssl-init ssl-init-staging ssl-test ssl-renew ssl-status ssl-backup push-staging +.PHONY: up down build restart logs ps phpinfo deploy setup clean clean-coverage status fix-ssh-perms setup-ssh test test-coverage test-coverage-html test-unit test-framework test-domain test-watch test-parallel test-profile test-filter security-check security-audit-json security-check-prod update-production restart-production deploy-production-quick status-production logs-production logs-staging logs-staging-php ssl-init ssl-init-staging ssl-test ssl-renew ssl-status ssl-backup push-staging diff --git a/deployment/docs/guides/deployment-commands.md b/deployment/docs/guides/deployment-commands.md index 38bca025..fe96b50b 100644 --- a/deployment/docs/guides/deployment-commands.md +++ b/deployment/docs/guides/deployment-commands.md @@ -158,3 +158,15 @@ ansible-playbook ... --check --diff ```bash ansible -i inventory/production.yml production -m ping ``` + +### PHP Version anpassen + +```bash +# 1. Workflow-Variable aktualisieren (.gitea/workflows/production-deploy.yml) +PHP_VERSION=8.5.0RC4 + +# 2. Optionale lokale Builds (alle Dockerfiles akzeptieren PHP_VERSION): +docker build --build-arg PHP_VERSION=8.5.0RC4 -f docker/php/Dockerfile . +docker build --build-arg PHP_VERSION=8.5.0RC4 -f docker/ci/Dockerfile . +docker build --build-arg PHP_VERSION=8.5.0RC4 -f docker/worker/Dockerfile . +``` diff --git a/docker/ci/Dockerfile b/docker/ci/Dockerfile index 4ff2d670..6693ec8f 100644 --- a/docker/ci/Dockerfile +++ b/docker/ci/Dockerfile @@ -1,6 +1,8 @@ # Dockerfile für CI/CD Workflows # Optimiert für Gitea Actions Runner mit PHP 8.5 und allen benötigten Tools -FROM php:8.5.0RC3-cli +ARG PHP_VERSION=8.5.0RC3 +# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases +FROM php:${PHP_VERSION}-cli # System-Abhängigkeiten für CI/CD RUN apt-get update && apt-get install -y \ diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 9df03e27..25c0cfbe 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -1,5 +1,7 @@ # Dockerfile für PHP-FPM -FROM php:8.5.0RC3-fpm AS base +ARG PHP_VERSION=8.5.0RC3 +# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases +FROM php:${PHP_VERSION}-fpm AS base # System-Abhängigkeiten: Werden selten geändert, daher ein eigener Layer RUN apt-get update && apt-get install -y \ @@ -155,7 +157,8 @@ COPY tsconfig.json ./ RUN npm run build # Stage: Production Runtime -FROM php:8.5.0RC3-fpm AS production +ARG PHP_VERSION=8.5.0RC3 +FROM php:${PHP_VERSION}-fpm AS production # Install system dependencies + nginx for production RUN apt-get update && apt-get install -y \ diff --git a/docker/worker/Dockerfile b/docker/worker/Dockerfile index 82937918..c4973526 100644 --- a/docker/worker/Dockerfile +++ b/docker/worker/Dockerfile @@ -1,4 +1,6 @@ -FROM php:8.5-rc-cli +ARG PHP_VERSION=8.5.0RC3 +# Keep aligned with runtime PHP tag (override via --build-arg PHP_VERSION=X) +FROM php:${PHP_VERSION}-cli # Install system dependencies including libraries for GD and other extensions RUN apt-get update && apt-get install -y \ diff --git a/docs/contributing/git-hooks.md b/docs/contributing/git-hooks.md new file mode 100644 index 00000000..89093526 --- /dev/null +++ b/docs/contributing/git-hooks.md @@ -0,0 +1,151 @@ +# Git Hooks + +Dieses Projekt verwendet Git Hooks, um Code-Quality und Commit-Standards automatisch zu ?berpr?fen. + +## Aktivierte Hooks + +### Pre-commit Hook +**Zweck**: Schnelle Checks vor jedem Commit + +**Pr?ft**: +- ? PHP Code Style (PHP-CS-Fixer) f?r ge?nderte PHP-Dateien +- ? JavaScript/TypeScript Linting (ESLint) f?r ge?nderte JS/TS-Dateien +- ? Merge-Konflikt-Marker in staged Dateien + +**?berspringen**: `git commit --no-verify` + +**Beispiel-Fehler**: +``` +? Code style issues found in src/MyClass.php +?? Run: make cs-fix +``` + +### Commit-msg Hook +**Zweck**: Validierung der Commit-Message nach Conventional Commits + +**Format**: `type(scope): subject` + +**Erlaubte Types**: +- `feat`: Neue Features +- `fix`: Bugfixes +- `docs`: Dokumentation +- `style`: Code-Formatierung (ohne Funktions?nderung) +- `refactor`: Code-Refactoring +- `perf`: Performance-Verbesserungen +- `test`: Tests hinzuf?gen/?ndern +- `build`: Build-System/Abh?ngigkeiten +- `ci`: CI/CD Konfiguration +- `chore`: Sonstige ?nderungen +- `revert`: Revert eines Commits + +**Beispiele**: +```bash +feat: Add user authentication +fix(api): Resolve 502 error in staging +docs: Update README +refactor(framework): Improve DI container +``` + +**?berspringen**: `git commit --no-verify` + +### Pre-push Hook +**Zweck**: Langsamere Checks vor dem Push + +**Pr?ft**: +- ? PHPStan Static Analysis +- ? Unit Tests (schneller Teil der Test-Suite) + +**Hinweis**: Dieser Hook kann etwas l?nger dauern. Er fragt bei Fehlern, ob trotzdem gepusht werden soll. + +**?berspringen**: `git push --no-verify` + +## Hook deaktivieren + +### Einzelnen Commit ?berspringen +```bash +git commit --no-verify +``` + +### Einzelnen Push ?berspringen +```bash +git push --no-verify +``` + +### Hooks komplett deaktivieren +```bash +# Tempor?r alle Hooks deaktivieren +git config core.hooksPath /dev/null + +# Wieder aktivieren +git config --unset core.hooksPath +``` + +## Hook manuell testen + +```bash +# Pre-commit Hook testen +.git/hooks/pre-commit + +# Commit-msg Hook testen +echo "test: Test message" | .git/hooks/commit-msg /dev/stdin + +# Pre-push Hook testen +.git/hooks/pre-push +``` + +## Hook anpassen + +Die Hook-Dateien befinden sich in `.git/hooks/`: +- `.git/hooks/pre-commit` - Pre-commit Checks +- `.git/hooks/commit-msg` - Commit-Message Validierung +- `.git/hooks/pre-push` - Pre-push Checks + +**Wichtig**: Hook-Dateien werden nicht ins Repository committed (sie sind in `.git/hooks/`, nicht im Working Directory). + +Um Hooks f?r das gesamte Team zu teilen, gibt es mehrere M?glichkeiten: +1. **Husky** (npm package) - f?r Node.js-Projekte +2. **CaptainHook** (PHP package) - f?r PHP-Projekte +3. Manuelles Setup-Skript + +## Best Practices + +1. **Pre-commit**: Schnelle Checks (< 5 Sekunden) + - Code Style + - Syntax-Checks + - Merge-Konflikt-Detection + +2. **Pre-push**: Langsamere Checks (< 2 Minuten) + - Static Analysis + - Unit Tests + - Integration Tests (optional) + +3. **CI/CD**: Umfassende Checks + - Alle Tests + - Coverage Reports + - Security Scans + +## Troubleshooting + +### Hook wird nicht ausgef?hrt +```bash +# Pr?fe Berechtigungen +ls -la .git/hooks/ + +# Mache Hook ausf?hrbar +chmod +x .git/hooks/pre-commit +``` + +### Hook ist zu langsam +- Verringere die Anzahl der Checks im pre-commit Hook +- Verschiebe langsamere Checks in den pre-push Hook +- Nutze `--no-verify` f?r schnelle WIP-Commits + +### Hook schl?gt im Docker fehl +Die Hooks pr?fen automatisch, ob sie in Docker laufen und passen die Befehle entsprechend an. + +## Weitere Hooks hinzuf?gen + +Weitere n?tzliche Hooks: +- `post-merge`: Automatische `composer install` nach `git pull` +- `post-checkout`: Automatische Dependency-Updates +- `prepare-commit-msg`: Automatische Ticket-Nummern in Commit-Messages diff --git a/docs/dependency-scanning.md b/docs/dependency-scanning.md index f998e012..e8180bdf 100644 --- a/docs/dependency-scanning.md +++ b/docs/dependency-scanning.md @@ -201,14 +201,19 @@ Roave automatically blocks `composer install` or `composer update` if any instal ### Why Deferred? -Current project uses **PHP 8.5 RC2** (bleeding edge), which causes dependency resolution conflicts: +Current project uses **PHP 8.5 RC3** (bleeding edge), which causes dependency resolution conflicts: ``` brianium/paratest v7.8.4 requires php ~8.2.0 || ~8.3.0 || ~8.4.0 -your php version (8.5.0RC2) does not satisfy that requirement +your php version (8.5.0RC3) does not satisfy that requirement ``` **Planned Integration:** When PHP 8.5 stable is released and all testing dependencies support it. +> ℹ️ **PHP Runtime Strategy:** +> - Runtime container builds accept `--build-arg PHP_VERSION` (default `8.5.0RC3`) to keep PHP aligned with upstream RC tags. +> - `.gitea/workflows/production-deploy.yml` sets the same version for CI rebuilds (`--pull` ensures fresh layers). +> - We'll move to `8.5.0RC4` as soon as upstream publishes the image and switch to the latest stable PHP release at the end of November. + ### Roave vs Composer Audit | Feature | Roave Security Advisories | Composer Audit |