feat(docker): modernize Docker setup with Bake-first workflow#248
Merged
Conversation
- Define all dependency versions (PHP, Node, Composer, Xdebug, PCOV) - Define image metadata (registry, name, tags) - Define build targets extending compose services - Define build groups (default, all, ci) - Add OCI labels for production image This replaces scattered version definitions with a centralized configuration, similar to package.json for JavaScript projects.
- Check if php-fpm process is running - Verify php-fpm configuration is valid - Used by Docker HEALTHCHECK instruction
- Remove all ARG defaults (versions now in docker-bake.hcl) - Add multi-stage build: base, deps, tools, dev, production - Add non-root user for production security - Add HEALTHCHECK instruction - Optimize layer caching with dependency-first COPY - Build APCu from source for PHP 8.5 compatibility - Use parallel make with -j$(nproc) BREAKING: Must use `docker bake` for builds, not `docker build`
- Remove all build: sections (now in docker-bake.hcl) - Keep only runtime config (image, volumes, environment, ports) - Update target references: devbox -> dev, tools - compose.yml is now runtime-only, docker-bake.hcl is build-only This enforces clean separation of concerns.
- Add bake, bake-dev, bake-tools, bake-all targets - Update up, tools-up, e2e-up to use bake before compose up - Remove --build flags from compose commands - Make 'build' an alias for bake-dev - Update help text with new commands
- Organize by category (IDE, Git, Dependencies, etc.) - Exclude test files, docs, and build artifacts - Keep only bin/console from bin directory
- Update .env.example: remove COMPOSE_BAKE, fix BUILD_TARGET - Update .envrc: update tthelp with bake commands
- README.rst: update Docker setup instructions - DEPLOYMENT_GUIDE.md: use docker bake for builds - xdebug-setup.md: use docker bake app-dev - TROUBLESHOOTING.md: update container reset commands - copilot-instructions.md: update setup commands
Since compose.yml no longer has build: sections (bake-first workflow), CI must build images explicitly with 'docker bake' before running 'docker compose run' commands. Fixes: manifest unknown error in CI
GitHub Actions runners have docker buildx but not the 'docker bake' alias. Use 'docker buildx bake' with --load flag to: 1. Use the correct command for CI environment 2. Export built images to local docker (required for compose)
There was a problem hiding this comment.
Pull request overview
This PR modernizes the Docker setup by introducing docker-bake.hcl as the single source of truth for build configuration, implementing multi-stage builds with security improvements, and reducing production image size by 15%.
Changes:
- Introduces
docker-bake.hclto centralize all build configuration (versions, targets, tags, labels) - Modernizes Dockerfile with multi-stage builds, non-root production user, and healthcheck
- Removes build sections from compose.yml (now runtime-only configuration)
- Updates Makefile to use
docker bakecommands for all image builds - Adds healthcheck script for PHP-FPM monitoring
- Updates all documentation to reflect new build workflow
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| docker-bake.hcl | New centralized build configuration with version definitions and build targets |
| Dockerfile | Multi-stage build with base, deps, tools, dev, and production stages; adds non-root user and healthcheck |
| compose.yml | Removed build sections; services now reference pre-built images |
| Makefile | Added bake targets (bake, bake-dev, bake-tools, bake-all); updated up/tools-up to build first |
| docker/php/healthcheck.sh | New healthcheck script for PHP-FPM process monitoring |
| docs/*.md | Updated all documentation to use docker bake commands and new workflow |
| .dockerignore | Expanded with better organization and more exclusions |
| .env.example | Updated BUILD_TARGET from 'devbox' to 'dev' |
| .envrc | Updated help text to reflect new bake commands |
| README.rst | Updated setup instructions for new build workflow |
| .github/copilot-instructions.md | Updated setup commands to use docker bake |
- ci.yml: Use 'docker buildx bake --load' for CI builds - docker-publish.yml: Replace build-push-action with bake-action - Uses docker-bake.hcl as single source of truth for build args - Merges metadata-action outputs for tags/labels - Adds GHA cache support for faster builds This ensures all CI builds use the same version config from docker-bake.hcl, maintaining the bake-first workflow principle.
The bake-action needs 'source: .' to use the local checkout instead of fetching from git URL. This allows merging the local metadata bake files with docker-bake.hcl.
The tools image runs as non-root user, but the volume mount overwrites the container's /var/www/html with the host directory. Create vendor and var directories with proper permissions before running composer.
- docs/DEPLOYMENT_GUIDE.md: Add validation for IMAGE_TAG variable - .env.example: Remove obsolete BUILD_TARGET (compose no longer builds) - docker/php/healthcheck.sh: Simplify by removing unused cgi-fcgi check - Makefile: Fix misleading comment, add bake-e2e target - compose.yml: Fix app-e2e to use :e2e tag matching bake target - Dockerfile: Run CA cert update at build time (requires root)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docker-bake.hclas single source of truth for all build configuration (like package.json for JS)docker bakefor all buildsArchitecture
New Commands
Breaking Changes
docker bakefor builds, notdocker buildordocker compose builddevbox→devTest plan
docker bake allbuilds successfullymake upstarts dev environment