Rootless Docker/Optimized build (#932)

* Rootless Dockerfile/Optimized build Add unneeded files to .dockerignore Split Dockerfile into more stages to allow Composer/Yarn to run concurrently Don't log supervisord to a file, as file logging in a Docker container makes no sense Redirect process output to container output for log processors Run all processes as non-root Minimize files with write permission for non-root user Move docker folder out of .github, as it has nothing to do with GitHub * Remove install-php-extensions utility after use and name final stage * Test arm64 runner * Allow Docker workflow caching multi-arch separately * Fix Docker publish workflow branches * Move Caddyfile/crontab config into docker directory, remove redundant supervisord user * Further restrict permissions * Supervisord logs
2026-05-04 18:00:48 +03:00 · 2025-01-23 01:01:14 -08:00
parent 37ba62410f
commit 6a4963200c
9 changed files with 116 additions and 65 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -71,6 +71,8 @@ jobs:
            VERSION=${{ steps.build_info.outputs.version_tag }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          tags: ${{ steps.docker_meta.outputs.tags }}
+          cache-from: type=gha,scope=tagged${{ matrix.os }}
+          cache-to: type=gha,scope=tagged${{ matrix.os }},mode=max

      - name: Build and Push (main)
        uses: docker/build-push-action@v6
@@ -84,5 +86,5 @@ jobs:
            VERSION=dev-${{ steps.build_info.outputs.short_sha }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          tags: ${{ steps.docker_meta.outputs.tags }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=${{ matrix.os }}
+          cache-to: type=gha,scope=${{ matrix.os }},mode=max