feat(Docker): Upgrade to PHP 8.5.0RC3 with native ext-uri support

BREAKING CHANGE: Requires PHP 8.5.0RC3 Changes: - Update Docker base image from php:8.4-fpm to php:8.5.0RC3-fpm - Enable ext-uri for native WHATWG URL parsing support - Update composer.json PHP requirement from ^8.4 to ^8.5 - Add ext-uri as required extension in composer.json - Move URL classes from Url.php85/ to Url/ directory (now compatible) - Remove temporary PHP 8.4 compatibility workarounds Benefits: - Native URL parsing with Uri\WhatWg\Url class - Better performance for URL operations - Future-proof with latest PHP features - Eliminates PHP version compatibility issues
2025-10-27 09:31:28 +01:00
parent 799f74f00a
commit c8b47e647d
81 changed files with 6988 additions and 601 deletions
--- a/deployment/infrastructure/playbooks/deploy-rsync-based.yml
+++ b/deployment/infrastructure/playbooks/deploy-rsync-based.yml
@@ -28,7 +28,8 @@

    # Release configuration
    release_timestamp: "{{ ansible_date_time.epoch }}"
-    release_name: "{{ release_tag | default(release_timestamp) }}"
+    # Note: effective_release_tag is set in pre_tasks based on Git tags
+    release_name: "{{ effective_release_tag | default(release_tag | default(release_timestamp)) }}"
    release_path: "{{ releases_path }}/{{ release_name }}"

    # Deployment settings
@@ -66,8 +67,46 @@
      - .php-cs-fixer.cache
      - var/cache/
      - var/logs/
+      - "*.php85/"
+      - src/**/*.php85/

  pre_tasks:
+    # Git Tag Detection and Validation
+    - name: Get current Git tag (if release_tag not specified)
+      local_action:
+        module: command
+        cmd: git describe --tags --exact-match
+        chdir: "{{ local_project_path }}"
+      register: git_current_tag
+      become: false
+      ignore_errors: yes
+      when: release_tag is not defined
+
+    - name: Get current Git commit hash
+      local_action:
+        module: command
+        cmd: git rev-parse --short HEAD
+        chdir: "{{ local_project_path }}"
+      register: git_commit_hash
+      become: false
+
+    - name: Set release_name from Git tag or timestamp
+      set_fact:
+        effective_release_tag: "{{ release_tag | default(git_current_tag.stdout if (git_current_tag is defined and git_current_tag.rc == 0) else release_timestamp) }}"
+        git_hash: "{{ git_commit_hash.stdout }}"
+
+    - name: Display deployment information
+      debug:
+        msg:
+          - "=========================================="
+          - "Deployment Information"
+          - "=========================================="
+          - "Release: {{ effective_release_tag }}"
+          - "Git Hash: {{ git_hash }}"
+          - "Source: {{ local_project_path }}"
+          - "Target: {{ ansible_host }}"
+          - "=========================================="
+
    - name: Install Composer dependencies locally before deployment
      local_action:
        module: command
@@ -155,6 +194,11 @@
    # 2. Rsync Application Code to New Release
    # ==========================================

+    - name: Remove old release directory if exists (prevent permission issues)
+      file:
+        path: "{{ release_path }}"
+        state: absent
+
    - name: Create new release directory
      file:
        path: "{{ release_path }}"
@@ -163,16 +207,25 @@
        group: "{{ app_group }}"
        mode: '0755'

-    - name: Sync application code to new release via rsync
-      synchronize:
-        src: "{{ local_project_path }}/"
-        dest: "{{ release_path }}/"
-        delete: yes
-        recursive: yes
-        rsync_opts: "{{ rsync_excludes | map('regex_replace', '^(.*)$', '--exclude=\\1') | list }}"
-        private_key: "{{ ansible_ssh_private_key_file }}"
+    - name: Temporarily rename .dockerignore to prevent rsync -F from reading it
+      command: mv {{ local_project_path }}/.dockerignore {{ local_project_path }}/.dockerignore.bak
      delegate_to: localhost
      become: false
+      ignore_errors: yes
+
+    - name: Sync application code to new release via rsync (raw command to avoid -F flag)
+      command: >
+        rsync --delay-updates --compress --delete-after --archive --rsh='ssh -i {{ ansible_ssh_private_key_file }} -o StrictHostKeyChecking=no' --no-g --no-o
+        {% for exclude in rsync_excludes %}--exclude='{{ exclude }}' {% endfor %}
+        {{ local_project_path }}/ {{ app_user }}@{{ ansible_host }}:{{ release_path }}/
+      delegate_to: localhost
+      become: false
+
+    - name: Restore .dockerignore after rsync
+      command: mv {{ local_project_path }}/.dockerignore.bak {{ local_project_path }}/.dockerignore
+      delegate_to: localhost
+      become: false
+      ignore_errors: yes

    - name: Set correct ownership for release
      file:
@@ -191,10 +244,10 @@
      changed_when: false
      failed_when: false

-    - name: Log commit hash
+    - name: Log release and commit information
      lineinfile:
        path: "{{ app_base_path }}/deploy.log"
-        line: "[{{ ansible_date_time.iso8601 }}] Commit: {{ commit_hash.stdout | default('N/A - not a git repository') }}"
+        line: "[{{ ansible_date_time.iso8601 }}] Release: {{ effective_release_tag }} | Git Hash: {{ git_hash | default('N/A') }} | Commit: {{ commit_hash.stdout | default('N/A') }}"
      when: commit_hash.rc == 0

    # ==========================================
@@ -325,6 +378,29 @@
        path: "{{ app_base_path }}/deploy.log"
        line: "[{{ ansible_date_time.iso8601 }}] Symlink switched: {{ current_path }} -> {{ release_path }}"

+    # ==========================================
+    # 8.5. SSL Certificate Setup
+    # ==========================================
+
+    - name: Create SSL directory in release
+      file:
+        path: "{{ release_path }}/ssl"
+        state: directory
+        owner: "{{ app_user }}"
+        group: "{{ app_group }}"
+        mode: '0755'
+
+    - name: Copy SSL certificates from certbot to release (if they exist)
+      shell: |
+        if docker ps | grep -q certbot; then
+          docker cp certbot:/etc/letsencrypt/archive/michaelschiemer.de/fullchain1.pem {{ release_path }}/ssl/fullchain.pem 2>/dev/null || true
+          docker cp certbot:/etc/letsencrypt/archive/michaelschiemer.de/privkey1.pem {{ release_path }}/ssl/privkey.pem 2>/dev/null || true
+          chown {{ app_user }}:{{ app_group }} {{ release_path }}/ssl/*.pem 2>/dev/null || true
+        fi
+      args:
+        chdir: "{{ current_path }}"
+      ignore_errors: yes
+
    # ==========================================
    # 9. Start Docker Containers
    # ==========================================
@@ -344,16 +420,17 @@
    # ==========================================

    - name: Wait for application to be ready
-      wait_for:
-        timeout: 10
-      delegate_to: localhost
+      pause:
+        seconds: 10

-    - name: Health check - Summary endpoint
+    - name: Health check - Summary endpoint (HTTPS)
      uri:
-        url: "http://{{ ansible_host }}/health/summary"
+        url: "https://{{ ansible_host }}/health/summary"
        method: GET
        return_content: yes
        status_code: 200
+        validate_certs: no
+        follow_redirects: none
      register: health_check
      retries: 3
      delay: 5