new: add docker build reproducible code

.dockerignore

@@ -0,0 +1,9 @@
+.git
+.gitlab
+Dockerfile
+node_modules
+storage/logs
+storage/framework/cache/data
+.dockerignore
+build.sh
+opensem-*.tar.xz

Dockerfile

@@ -0,0 +1,101 @@
+FROM php:8.3.25-cli-alpine3.21 AS phpdeps
+
+
+## Install composer
+
+RUN apk add wget gnupg ca-certificates
+
+ARG COMPOSER_VERSION=2.8.11
+ENV COMPOSER_ALLOW_SUPERUSER=0
+
+RUN cd tmp && \
+    wget "https://getcomposer.org/download/${COMPOSER_VERSION}/composer.phar" && \
+    wget "https://getcomposer.org/download/${COMPOSER_VERSION}/composer.phar.sha256sum" && \
+    sha256sum -c composer.phar.sha256sum && \
+    install -m0755 /tmp/composer.phar /usr/local/bin/composer && \
+    composer --version
+
+
+## Install PHP extensions
+
+RUN apk add autoconf dpkg-dev dpkg file g++ gcc libc-dev make pkgconf re2c libxml2-dev
+RUN docker-php-ext-install dom
+
+RUN docker-php-ext-install bcmath
+
+RUN apk add libpng-dev libjpeg-turbo-dev libwebp-dev libxpm-dev
+RUN docker-php-ext-configure gd --with-jpeg --with-webp --with-xpm && \
+    docker-php-ext-install gd
+
+RUN apk add libzip-dev
+RUN docker-php-ext-install zip
+
+RUN apk add libexif-dev
+RUN docker-php-ext-install exif
+
+
+## Composer dependencies
+
+RUN apk add git  ## required by composer install
+
+COPY . /app
+
+WORKDIR /app
+
+RUN mkdir -p /app/bootstrap/cache \
+    /app/storage/framework/cache \
+    /app/storage/framework/views \
+    /app/storage/framework/sessions \
+    /app/storage/app/public \
+    /app/storage/logs
+
+RUN composer install --no-dev --optimize-autoloader
+
+RUN chmod +x artisan
+
+RUN ./artisan vendor:publish --tag=public --force  ## creates public/vendor/jsvalidation
+RUN ./artisan vendor:publish --tag=boilerplate-public --force --ansi ## creates public/vendor/boilerplate
+
+## XXXvlab: 2025-09-25 these migration files are breaking first
+## install, but we had to resolve to not install from scratch and use
+## the existing database, so commenting out for now
+#RUN rm -f vendor/sebastienheyd/boilerplate/src/database/migrations/2017_03_24_093351_laratrust_setup_tables.php
+#RUN rm -f vendor/sebastienheyd/boilerplate/src/database/migrations/2017_03_24_093352_users_table_update.php
+#RUN rm -f vendor/sebastienheyd/boilerplate/src/database/migrations/2020_01_14_090810_permissions_categories.php
+
+
+## Node.js, npm, yarn and frontend dependencies
+
+RUN apk add nodejs npm yarn
+RUN yarn install --frozen-lockfile
+RUN yarn production
+RUN yarn grunt   ## this step requires both node_modules and vendor to be present
+
+
+## Separate out the build stages
+
+FROM alpine:3.21 AS pack
+
+WORKDIR /app
+
+RUN apk add --no-cache xz
+
+# bring PHP app with vendor
+COPY --from=phpdeps /app /app
+
+# ensure required runtime dirs exist (empty is fine)
+RUN mkdir -p storage/framework/{cache,views,sessions} bootstrap/cache
+# create artifact (use tar + xz so we don't depend on GNU tar -J)
+RUN mkdir -p /out \
+ && tar -C /app -cf /out/app.tar \
+    --exclude=.git --exclude=.github --exclude=.env --exclude='*.md' \
+    --exclude=tests --exclude=.gitignore \
+    --exclude=.editorconfig --exclude=phpunit.xml \
+    --exclude=.travis.yml --exclude=composer.lock --exclude=.styleci.yml \
+    --exclude=Makefile --exclude=.gitkeep --exclude=test \
+    artisan app build config database vendor public resources routes stubs bootstrap storage composer.json \
+ && xz -T0 -9e /out/app.tar \
+ && mv /out/app.tar.xz /out/opensem-prod.tar.xz
+
+FROM scratch AS export
+COPY --from=pack /out/opensem-prod.tar.xz /

build.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+
+dsc=$(git describe HEAD --tags) || return 1
+DOCKER_BUILDKIT=1 docker build --output type=local,dest=./dist . || return 1
+if [ ! -f ./dist/opensem-prod.tar.xz ]; then
+    echo "Build failed: dist/opensem-prod.tar.xz not found"
+    exit 1
+fi
+mv dist/opensem-prod.tar.xz ./opensem-$dsc.tar.xz &&
+rmdir ./dist
+echo "Build successful: opensem-$dsc.tar.xz"