feat: add multi-stage build with slim prod target#3
Merged
Conversation
Adds a prod target alongside the existing dev image so deployments
(e.g. the FontysVenlo developer platform) can use the same base PHP +
extensions without inheriting devcontainer tooling and the development
php.ini.
Stage layout:
base — shared Apache + PHP 8.2.29 + extensions + ServerName (never built
directly; consumers must pass --target).
prod — base + php.ini-production with the same upload_max_filesize=20M
and post_max_size=80M overrides as dev, so file-upload behaviour
matches. No git/gnupg/zip CLI, no devuser.
dev — base + git/gnupg/zip CLI + devuser + php.ini-development. Stays
last so `docker build .` keeps producing the dev image and no
existing consumer breaks.
CI publishes both:
sebivenlo/prj1-web:<version> (dev, unchanged)
sebivenlo/prj1-web:<version>-prod (new)
Verified locally: both targets carry pdo, pdo_pgsql, gd, exif, zip;
upload limits match; display_errors is On in dev and Off in prod;
dev has git+zip CLI, prod does not.
Clears the Node runtime deprecation warnings emitted by the older majors: actions/checkout @V3 -> @v4 docker/setup-qemu-action @v2 -> @V3 docker/setup-buildx-action @v2 -> @V3 docker/metadata-action @v4 -> @v5 docker/login-action @v2 -> @V3 docker/build-push-action @v4 -> @v6 No input/output schema changes for the way these are used here, so the workflows behave identically aside from running on a newer runtime.
Bonajo
approved these changes
May 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
prodtarget alongside the existing dev image. Motivation: downstream consumers (the new FontysVenlo developer platform CI pipeline, see UOL1.1-Template#8) need an image with the same PHP + extensions as the devcontainer image, but without the devcontainer tooling (git,gnupg,zipCLI,devuser) and withoutphp.ini-development. Today they'd have to either mirror this Dockerfile downstream (drift risk) or accept a bloated prod image withdisplay_errors=On. Multi-stage here keeps a single source of truth.Design choices (please weigh in)
basestage is private — installs Apache + PHP 8.2.29 + all PHP extensions +ServerName localhost. Bothdevandprodextend it, so any code that runs against dev runs against prod.devis last sodocker build .(no--target) keeps producing the dev image — no breaking change for existing consumers.php.ini-production(display_errors=Off, log_errors=On) — the more conservative default for an image shared beyond uol11. If you'd rather keep error visibility in student deployments to aid debugging, it's a one-line flip in theprodstage; happy to switch.upload_max_filesize=20M,post_max_size=80M) are applied in both targets so file-upload behaviour matches between dev and prod regardless of base ini.devuserin prod — Apache runs as defaultwww-data.Tags published
sebivenlo/prj1-web:<version>devsebivenlo/prj1-web:<version>-prodprodflavor: suffix=-prodin CIBoth
build.yml(PR check) andrelease.yml(tag push) now build both targets. Release pushes both multi-arch (amd64+arm64).Test plan
docker build --target prod .succeeds locallydocker build --target dev .succeeds locallyupload_max_filesize=20M,post_max_size=80Mdisplay_errors=Off; dev:display_errors=OngitandzipCLI; prod does notbuild.ymljobs (Build dev / Build prod)<version>and<version>-prod)