The scheduler and queue-worker containers were crashing with
RequiredEnvironmentVariableException because the APP_KEY_FILE
environment variable was not set, even though the app_key secret
was mounted. The Framework's Environment class needs the *_FILE
pattern to read Docker Secrets.
- Add docker volume prune to deploy.sh to prevent stale code issues
- Add automatic migrations and cache warmup to staging entrypoint
- Fix nginx race condition by waiting for PHP-FPM before starting
- Improve PHP healthcheck to use php-fpm-healthcheck
- Add curl to production nginx Dockerfile for healthchecks
- Add ensureSeedsTable() to SeedRepository for automatic table creation
- Update SeedCommand to ensure seeds table exists before operations
This prevents 502 Bad Gateway errors during deployment and ensures
fresh code is deployed without volume cache issues.
Changed APP_DEBUG from ${APP_DEBUG:-false} to hardcoded false value
in all 4 services (php, nginx, queue-worker, scheduler).
This prevents any server-side .env or environment variables from
accidentally enabling debug mode in staging, which was causing
detailed error pages to be displayed.
Staging environment should not expose detailed error messages,
stack traces, or debug information to end users.
Changed default from 'true' to 'false' in all services:
- php
- nginx
- queue-worker
- scheduler
Shell variables like $SECRETS_DIR in docker-compose command blocks
must be escaped as $$SECRETS_DIR. Without escaping, docker-compose
interprets them as environment variable interpolation and expands
them to empty strings, causing:
- mkdir: cannot create directory ''
- Secrets copied to wrong path (/redis_password instead of /var/www/html/storage/secrets/redis_password)
- PHP TypeError: RedisConfig::__construct() argument #3 must be string, null given
The fix applies $$ escaping to all shell variables in the PHP
service entrypoint script.
- Add explicit sed pattern for production-php:9000 → php:9000
- Fix character class [a-f0-9_]* to [a-zA-Z0-9_-]* to match full container names
- Loop over both sites-enabled and sites-available configs
- Add fastcgi_pass replacement for production-php
- Change docker-compose.staging.yml: git.michaelschiemer.de:5000 -> localhost:5000
- Update deploy-image.yml playbook to:
- Pull images from registry.michaelschiemer.de (source registry)
- Tag and push to localhost:5000 (local registry) for local containers
- Remove hardcoded git.michaelschiemer.de:5000 logic
- Use local_registry from compose files for deployment
This ensures:
- Workflow pushes to registry.michaelschiemer.de (external, HTTPS)
- Containers use localhost:5000 (local, faster, no HTTPS overhead)
- Consistent registry usage across staging and production
- Introduce `EnumResolver` to centralize and cache enum value conversions.
- Enhance `DockerSecretsResolver` with result caching to avoid redundant file reads and improve performance.
- Update `Environment` to integrate `EnumResolver` for enriched enum resolution support and improved maintainability.
- Adjust unit tests to validate caching mechanisms and error handling improvements.
- Add secrets section at end of docker-compose.staging.yml
- Ensures secrets are properly loaded even if inherited from base file
- Should fix issue where REDIS_PASSWORD_FILE variable is not set
- Secrets are now explicitly defined: redis_password, db_user_password, app_key, vault_encryption_key, git_token
- Add REDIS_PASSWORD_FILE=/run/secrets/redis_password to staging-app environment
- Add redis_password to staging-app secrets list
- Ensures REDIS_PASSWORD can be resolved from Docker Secret via *_FILE pattern
- Fixes issue where REDIS_PASSWORD was empty in staging-app even though secret exists
