* Resolve issue with avatar storage
This resolves the issue with getting avatar storage working
updates the entrypoint to create the `pelican-data/storage` folder on start.
Adds a dev dockerfile to build locally instead of needing to update the standard dockerfile.
* Move avatar folder
Moves the avatars folder in the storage folder in-case anything else needs storage as well.
Fixes an issue in the entrypoint where it wasn't creating the sub-folder correctly.
* fix(docker): enable multi-arch builds
* Remove workflow_dispatch and add missing space
* There is no need for a matrix in the job build-and-push
* Update docker-publish.yml
* Only keep the artifacts for 7 days
* Bump dockerfile labs version to 1.13
* Added a comment in the Dockerfile explaining how to self-build it
* build-php-base cache should not be tagged
* Rootless Dockerfile/Optimized build
Add unneeded files to .dockerignore
Split Dockerfile into more stages to allow Composer/Yarn to run concurrently
Don't log supervisord to a file, as file logging in a Docker container makes no sense
Redirect process output to container output for log processors
Run all processes as non-root
Minimize files with write permission for non-root user
Move docker folder out of .github, as it has nothing to do with GitHub
* Remove install-php-extensions utility after use and name final stage
* Test arm64 runner
* Allow Docker workflow caching multi-arch separately
* Fix Docker publish workflow branches
* Move Caddyfile/crontab config into docker directory, remove redundant supervisord user
* Further restrict permissions
* Supervisord logs
Starting the docker container is hampered due to setting `chown -R www-data:www-data /var/www/html/` on every start, causing it to traverse the entire directory which in our use case is very slow. This PR instead changes it to set permissions as part of the build process.
Sidenote: Is `LE_EMAIL` supposed to be used in addition to `ADMIN_EMAIL`?
Update the dockerfile to use supervisord
Update supervisord config to use start caddy unless configured not to.
Updated entrypoint to handle caddy skip for supervisord.
dockerfile
cmd updated to just start php-fpm
entrypoint
now starts caddy unless SKIP_CADDY has been set.
compose file
updated ports to work properly.
updated networks to use the correct network.
added commented port and variable to disable caddy
added further notes.
* feat(docker): automated certificate renewal with certbot
Executes cron on the first day of every month at 23:00 to reduce the load on LE when everyone else is doing it at 00. Certificate that expires in less than 30 days will be renewed.
closes#3907
