From b29de3eb7cc9a10f9fd5bd044e31bd28f9744b8f Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Thu, 22 May 2025 14:05:24 +0300
Subject: [PATCH] add APP_WEB_ROOT to fpm container

---
 .docker/app/Dockerfile |   1 +
 .docker/app/backup.sh  |   2 +-
 .docker/app/startup.sh |   6 +-
 .docker/app/updater.sh |   6 +-
 .gitlab-ci.yml         |   8 +-
 .gitlab-ci.yml~        | 245 +++++++++++++++++++++++++++++++++++++++++
 6 files changed, 258 insertions(+), 10 deletions(-)
 create mode 100644 .gitlab-ci.yml~

diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile
index 786179bd5..553f397e6 100644
--- a/.docker/app/Dockerfile
+++ b/.docker/app/Dockerfile
@@ -7,6 +7,7 @@ ARG ALPINE_MIRROR
 
 ENV SCRIPT_ROOT=/opt/tt-rss
 ENV SRC_DIR=/src/tt-rss/
+ENV APP_WEB_ROOT=/var/www/html
 
 # Used to centralize the PHP version suffix for packages and paths
 ENV PHP_SUFFIX=84
diff --git a/.docker/app/backup.sh b/.docker/app/backup.sh
index 4ecc860b9..f35a5086b 100644
--- a/.docker/app/backup.sh
+++ b/.docker/app/backup.sh
@@ -2,7 +2,7 @@
 
 DST_DIR=/backups
 KEEP_DAYS=28
-APP_ROOT=/var/www/html/tt-rss
+APP_ROOT=$APP_WEB_ROOT/tt-rss
 
 if pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER -p $TTRSS_DB_PORT; then
 	DST_FILE=ttrss-backup-$(date +%Y%m%d).sql.gz
diff --git a/.docker/app/startup.sh b/.docker/app/startup.sh
index cf93b7413..3085edaf7 100644
--- a/.docker/app/startup.sh
+++ b/.docker/app/startup.sh
@@ -11,18 +11,18 @@ unset HTTP_HOST
 
 if ! id app >/dev/null 2>&1; then
 	addgroup -g $OWNER_GID app
-	adduser -D -h /var/www/html -G app -u $OWNER_UID app
+	adduser -D -h $APP_WEB_ROOT -G app -u $OWNER_UID app
 fi
 
 update-ca-certificates || true
 
-DST_DIR=/var/www/html/tt-rss
+DST_DIR=$APP_WEB_ROOT/tt-rss
 
 [ -e $DST_DIR ] && rm -f $DST_DIR/.app_is_ready
 
 export PGPASSWORD=$TTRSS_DB_PASS
 
-[ ! -e /var/www/html/index.php ] && cp ${SCRIPT_ROOT}/index.php /var/www/html
+[ ! -e $APP_WEB_ROOT/index.php ] && cp ${SCRIPT_ROOT}/index.php $APP_WEB_ROOT
 
 if [ -z $SKIP_RSYNC_ON_STARTUP ]; then
 	if [ ! -d $DST_DIR ]; then
diff --git a/.docker/app/updater.sh b/.docker/app/updater.sh
index c35982a44..782d52ca5 100644
--- a/.docker/app/updater.sh
+++ b/.docker/app/updater.sh
@@ -12,7 +12,7 @@ sleep 30
 
 if ! id app; then
 	addgroup -g $OWNER_GID app
-	adduser -D -h /var/www/html -G app -u $OWNER_UID app
+	adduser -D -h $APP_WEB_ROOT -G app -u $OWNER_UID app
 fi
 
 while ! pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER -p $TTRSS_DB_PORT; do
@@ -23,11 +23,11 @@ done
 sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \
 	/etc/php${PHP_SUFFIX}/php.ini
 
-DST_DIR=/var/www/html/tt-rss
+DST_DIR=$APP_WEB_ROOT/tt-rss
 
 while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	echo waiting for app container...
 	sleep 3
 done
 
-sudo -E -u app "${TTRSS_PHP_EXECUTABLE}" /var/www/html/tt-rss/update_daemon2.php "$@"
+sudo -E -u app "${TTRSS_PHP_EXECUTABLE}" $APP_WEB_ROOT/tt-rss/update_daemon2.php "$@"
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a54138312..1c17804e1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -118,6 +118,8 @@ phpunit-integration:
     AUTO_CREATE_USER_PASS: 'test'
     AUTO_CREATE_USER_ACCESS_LEVEL: '10'
     AUTO_CREATE_USER_ENABLE_API: 'true'
+    API_URL: http://web-nginx/tt-rss/api/
+    HEALTHCHECK_URL: http://web-nginx/tt-rss/public.php?op=healthcheck
   services:
     - name: registry.fakecake.org/docker.io/postgres:15-alpine
       alias: db
@@ -128,12 +130,12 @@ phpunit-integration:
   rules:
     - if: $CI_COMMIT_BRANCH && $REGISTRY_USER != null
   script:
-    - export API_URL="http://web-nginx/tt-rss/api/"
     - |
       for a in `seq 1 15`; do
-        php83 vendor/bin/phpunit --group integration --do-not-cache-result --log-junit phpunit-report.xml --coverage-cobertura phpunit-coverage.xml --coverage-text --colors=never && exit 0
-        sleep 10
+        curl -fvs ${HEALTHCHECK_URL} && break
+        sleep 5
       done
+    - php83 vendor/bin/phpunit --group integration --do-not-cache-result --log-junit phpunit-report.xml --coverage-cobertura phpunit-coverage.xml --coverage-text --colors=never
   artifacts:
     when: always
     reports:
diff --git a/.gitlab-ci.yml~ b/.gitlab-ci.yml~
new file mode 100644
index 000000000..6027f9c8b
--- /dev/null
+++ b/.gitlab-ci.yml~
@@ -0,0 +1,245 @@
+stages:
+  - lint
+  - build
+  - push
+  - test
+  - publish
+
+variables:
+  ESLINT_PATHS: js plugins
+  REGISTRY_PROJECT: cthulhoo
+  IMAGE_TAR_FPM: image-fpm.tar
+  IMAGE_TAR_WEB: image-web.tar
+
+include:
+  - project: 'ci/ci-templates'
+    ref: master
+    file: .ci-build-docker-kaniko.yml
+  - project: 'ci/ci-templates'
+    ref: master
+    file: .ci-registry-push.yml
+  - project: 'ci/ci-templates'
+    ref: master
+    file: .ci-lint-common.yml
+  - project: 'ci/ci-templates'
+    ref: master
+    file: .ci-integration-test.yml
+  - project: 'ci/ci-templates'
+    ref: master
+    file: .ci-update-helm-imagetag.yml
+
+# phpunit:
+#   extends: .phpunit
+#   variables:
+#     PHPUNIT_ARGS: --exclude integration --coverage-filter classes --coverage-filter include
+
+# eslint:
+#   extends: .eslint
+
+# phpstan:
+#   extends: .phpstan
+
+ttrss-fpm-pgsql-static:build:
+  extends: .build-docker-kaniko-no-push
+  variables:
+    DOCKERFILE: ${CI_PROJECT_DIR}/.docker/app/Dockerfile
+    IMAGE_TAR: ${IMAGE_TAR_FPM}
+
+ttrss-fpm-pgsql-static:push-master-commit-only:
+  extends: .crane-image-registry-push-master-commit-only
+  variables:
+    IMAGE_TAR: ${IMAGE_TAR_FPM}
+  needs:
+    - job: ttrss-fpm-pgsql-static:build
+
+ttrss-fpm-pgsql-static:push-branch:
+  extends: .crane-image-registry-push-branch
+  variables:
+    IMAGE_TAR: ${IMAGE_TAR_FPM}
+  needs:
+    - job: ttrss-fpm-pgsql-static:build
+
+ttrss-web-nginx:build:
+  extends: .build-docker-kaniko-no-push
+  variables:
+    DOCKERFILE: ${CI_PROJECT_DIR}/.docker/web-nginx/Dockerfile
+    IMAGE_TAR: ${IMAGE_TAR_WEB}
+
+ttrss-web-nginx:push-master-commit-only:
+  extends: .crane-image-registry-push-master-commit-only
+  variables:
+    IMAGE_TAR: ${IMAGE_TAR_WEB}
+  needs:
+    - job: ttrss-web-nginx:build
+
+ttrss-web-nginx:push-branch:
+  extends: .crane-image-registry-push-branch
+  variables:
+    IMAGE_TAR: ${IMAGE_TAR_WEB}
+  needs:
+    - job: ttrss-web-nginx:build
+
+# phpdoc:build:
+#   image: ${PHP_IMAGE}
+#   stage: publish
+#   rules:
+#     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+#   script:
+#     - php83 /phpDocumentor.phar -d classes -d include -t phpdoc --visibility=public
+#   artifacts:
+#     paths:
+#       - phpdoc
+
+# phpdoc:publish:
+#   extends: .build-docker-kaniko
+#   stage: publish
+#   needs:
+#     - job: phpdoc:build
+#   rules:
+#     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $REGISTRY_USER != null && $REGISTRY_PASSWORD != null
+#   variables:
+#     DOCKERFILE: ${CI_PROJECT_DIR}/.docker/phpdoc/Dockerfile
+#     NAME: ttrss-phpdoc
+#     VERSION: latest
+
+phpunit-integration:
+  image: ${PHP_IMAGE}
+  variables:
+    POSTGRES_DB: postgres
+    POSTGRES_USER: postgres
+    POSTGRES_PASSWORD: password
+    TTRSS_DB_HOST: db
+    TTRSS_DB_USER: ${POSTGRES_USER}
+    TTRSS_DB_NAME: ${POSTGRES_DB}
+    TTRSS_DB_PASS: ${POSTGRES_PASSWORD}
+    FF_NETWORK_PER_BUILD: "true"
+    APP_WEB_ROOT: /builds/shared-root
+    AUTO_CREATE_USER: test
+    AUTO_CREATE_USER_PASS: 'test'
+    AUTO_CREATE_USER_ACCESS_LEVEL: '10'
+    AUTO_CREATE_USER_ENABLE_API: 'true'
+  services:
+    - name: registry.fakecake.org/docker.io/postgres:15-alpine
+      alias: db
+    - name: registry.fakecake.org/cthulhoo/ttrss-fpm-pgsql-static:${CI_COMMIT_SHORT_SHA}
+      alias: app
+    - name: registry.fakecake.org/cthulhoo/ttrss-web-nginx:${CI_COMMIT_SHORT_SHA}
+      alias: web-nginx
+  rules:
+    - if: $CI_COMMIT_BRANCH && $REGISTRY_USER != null
+  script:
+    - export API_URL="http://web-nginx/tt-rss/api/"
+    - |
+      for a in `seq 1 15`; do
+        php83 vendor/bin/phpunit --group integration --do-not-cache-result --log-junit phpunit-report.xml --coverage-cobertura phpunit-coverage.xml --coverage-text --colors=never && exit 0
+        sleep 10
+      done
+  artifacts:
+    when: always
+    reports:
+      junit: phpunit-report.xml
+      coverage_report:
+        coverage_format: cobertura
+        path: phpunit-coverage.xml
+  coverage: '/^\s*Lines:\s*\d+.\d+\%/'
+
+# selenium:
+#   image: ${SELENIUM_IMAGE}
+#   variables:
+#     TEST_HELM_REPO: oci://registry.fakecake.org/infra/helm-charts/tt-rss
+#     SELENIUM_GRID_ENDPOINT: http://selenium-hub.selenium-grid.svc.cluster.local:4444/wd/hub
+#   extends: .integration-test
+#   script:
+#     - export K8S_NAMESPACE=$(kubectl get pods -o=custom-columns=NS:.metadata.namespace | tail -1)
+#     - |
+#       for i in `seq 1 3`; do
+#         echo attempt $i...
+#         python3 tests/integration/selenium_test.py && break
+#         sleep 3
+#       done
+#   needs:
+#     - job: phpunit-integration
+#   artifacts:
+#     when: always
+#     reports:
+#       junit: selenium-report.xml
+
+# ttrss-fpm-pgsql-static:publish:
+#   stage: publish
+#   extends: .crane-image-registry-push-master
+#   variables:
+#     IMAGE_TAR: ${IMAGE_TAR_FPM}
+#   needs:
+#     - job: ttrss-fpm-pgsql-static:build
+#     - job: phpunit-integration
+#     - job: selenium
+
+# ttrss-fpm-pgsql-static:publish-docker-hub:
+#   stage: publish
+#   extends: .crane-image-registry-push-master-docker-hub
+#   variables:
+#     IMAGE_TAR: ${IMAGE_TAR_FPM}
+#   needs:
+#     - job: ttrss-fpm-pgsql-static:build
+#     - job: phpunit-integration
+#     - job: selenium
+
+# ttrss-fpm-pgsql-static:publish-gitlab:
+#   stage: publish
+#   extends: .crane-image-registry-push-master-gitlab
+#   variables:
+#     IMAGE_TAR: ${IMAGE_TAR_FPM}
+#   needs:
+#     - job: ttrss-fpm-pgsql-static:build
+#     - job: phpunit-integration
+#     - job: selenium
+
+# ttrss-web-nginx:publish:
+#   stage: publish
+#   extends: .crane-image-registry-push-master
+#   variables:
+#     IMAGE_TAR: ${IMAGE_TAR_WEB}
+#   needs:
+#     - job: ttrss-web-nginx:build
+#     - job: phpunit-integration
+#     - job: selenium
+
+# ttrss-web-nginx:publish-docker-hub:
+#   stage: publish
+#   extends: .crane-image-registry-push-master-docker-hub
+#   variables:
+#     IMAGE_TAR: ${IMAGE_TAR_WEB}
+#   needs:
+#     - job: ttrss-web-nginx:build
+#     - job: phpunit-integration
+#     - job: selenium
+
+# ttrss-web-nginx:publish-gitlab:
+#   stage: publish
+#   extends: .crane-image-registry-push-master-gitlab
+#   variables:
+#     IMAGE_TAR: ${IMAGE_TAR_WEB}
+#   needs:
+#     - job: ttrss-web-nginx:build
+#     - job: phpunit-integration
+#     - job: selenium
+
+# update-demo:
+#   stage: publish
+#   extends: .update-helm-imagetag
+#   variables:
+#     CHART_REPO: gitlab.fakecake.org/git/helm-charts/tt-rss.git
+#     CHART_VALUES: values-demo.yaml
+#     ACCESS_TOKEN: ${DEMO_HELM_TOKEN}
+#   rules:
+#     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $DEMO_HELM_TOKEN != null
+
+# update-prod:
+#   stage: publish
+#   extends: .update-helm-imagetag
+#   variables:
+#     CHART_REPO: gitlab.fakecake.org/git/helm-charts/tt-rss-prod.git
+#     CHART_VALUES: values-prod.yaml
+#     ACCESS_TOKEN: ${PROD_HELM_TOKEN}
+#   rules:
+#     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $PROD_HELM_TOKEN != null