- Add build-ci-image-production.sh script for building CI images on production
- Add BUILD_ON_PRODUCTION.md documentation
- Fix Dockerfile to handle optional PECL extensions for PHP 8.5 RC
This fixes the issue where Gitea workflows fail with:
'Error response from daemon: pull access denied for php-ci'
- Add example secret files for `app_key`, `db_user_password`, and `redis_password`.
- Introduce `local.vault.yml.example` for Ansible Vault encryption of local secrets.
- Create migration and setup scripts for transitioning from `.env.local` to secrets files.
- Update `docker-compose.local.yml` to adopt Docker Secrets and `_FILE` pattern for local configurations.
- Add deployment playbooks and enhanced logging configurations for local development.
- Introduce `cache-configuration.md` for detailed instructions on cache setup, permission troubleshooting, and best practices.
- Add `cache-permissions-quick-fix.md` for concise resolutions to common permission errors.
- Include a detailed `FILECACHE_PERMISSION_FIX_PLAN.md` outlining solutions for permission-related issues.
- Enhance `docker-entrypoint.sh` with permission fixes for multi-user caches.
- Update `Makefile` with cache clear commands for local and staging environments.
- Improve `FileCache` for graceful degradation on permission errors, ensuring reliability under multi-user scenarios.
- Add app-code volume to both nginx and app containers
- App container clones code once into shared volume
- Nginx container uses shared volume (read-only) and waits for code
- Update entrypoint.sh to handle storage-preserving git clone
- Fix nginx configuration to use app:9000 for PHP-FPM
This eliminates duplicate code cloning and ensures both containers
always use the same code version from the shared volume.
- Registry-Login testet jetzt mehrere URLs (externe Domain, IP, HTTP Port 5000)
- Automatische Erkennung der funktionierenden Registry-URL
- Verbessertes Error-Handling und Debugging-Ausgaben
- Buildx auf v0.29.1 aktualisiert und global installiert
- Shell-Angaben für alle Steps korrigiert (sh für ersten, bash für weitere)
- Registry-URL wird als Step-Output gespeichert und im Build verwendet
- Created Dockerfile.build with Docker CLI, Buildx, Git, Bash
- Updated build-ci-image.sh to build both php-ci and docker-build images
- Updated workflow to use docker-build image (no installation needed)
- Updated runner .env to use docker-build:latest instead of docker:latest
- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS)
- Update all Ansible playbooks and configuration files
- Update CI/CD workflows to use HTTPS registry endpoint
- Update Docker Compose files with new registry URL
- Update documentation and scripts
Benefits:
- Secure HTTPS connection (no insecure registry config needed)
- Consistent use of HTTPS endpoint via Traefik
- Better security practices for production deployment
BREAKING CHANGE: Requires PHP 8.5.0RC3
Changes:
- Update Docker base image from php:8.4-fpm to php:8.5.0RC3-fpm
- Enable ext-uri for native WHATWG URL parsing support
- Update composer.json PHP requirement from ^8.4 to ^8.5
- Add ext-uri as required extension in composer.json
- Move URL classes from Url.php85/ to Url/ directory (now compatible)
- Remove temporary PHP 8.4 compatibility workarounds
Benefits:
- Native URL parsing with Uri\WhatWg\Url class
- Better performance for URL operations
- Future-proof with latest PHP features
- Eliminates PHP version compatibility issues
- Create AnsibleDeployStage using framework's Process module for secure command execution
- Integrate AnsibleDeployStage into DeploymentPipelineCommands for production deployments
- Add force_deploy flag support in Ansible playbook to override stale locks
- Use PHP deployment module as orchestrator (php console.php deploy:production)
- Fix ErrorAggregationInitializer to use Environment class instead of $_ENV superglobal
Architecture:
- BuildStage → AnsibleDeployStage → HealthCheckStage for production
- Process module provides timeout, error handling, and output capture
- Ansible playbook supports rollback via rollback-git-based.yml
- Zero-downtime deployments with health checks
