dev images (#10)

* docs: update README to clarify the status and architecture support of the Docker image

* feat: add GitHub Actions workflow for building amd64 and arm64 Docker images

* feat: add GitHub Actions workflow for testing amd64 and arm64 Docker builds

* feat: specify platform for source, dependencies, and assets stages in Dockerfile.arm64

* feat: remove pull request trigger from build workflow

* feat: update workflow triggers to ignore all branches except main

* feat: update test-arm64 job to use correct runner for arm64 architecture

* feat: update test-arm64 job to use standard ubuntu-24.04 runner

---------

Co-authored-by: Alex Justesen <[email protected]>

Author: alexjustesen

.github/workflows/build-dev.yml

@@ -0,0 +1,118 @@
+name: Build Dev Images
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-amd64:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=dev-amd64
+
+      - name: Build and push amd64 Docker image
+        id: build-amd64
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            RELEASE_TAG=latest
+          cache-from: type=gha,scope=amd64
+          cache-to: type=gha,mode=max,scope=amd64
+
+      - name: Generate artifact attestation
+        if: github.repository_visibility == 'public' || github.repository_owner_type == 'Organization'
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-amd64.outputs.digest }}
+          push-to-registry: true
+
+  build-arm64:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=dev-arm64
+
+      - name: Build and push arm64 Docker image
+        id: build-arm64
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.arm64
+          platforms: linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            RELEASE_TAG=latest
+          cache-from: type=gha,scope=arm64
+          cache-to: type=gha,mode=max,scope=arm64
+
+      - name: Generate artifact attestation
+        if: github.repository_visibility == 'public' || github.repository_owner_type == 'Organization'
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-arm64.outputs.digest }}
+          push-to-registry: true

.github/workflows/test-build.yml

@@ -0,0 +1,59 @@
+name: Test Docker Builds
+
+on:
+  push:
+    branches-ignore:
+      - main
+  pull_request:
+    branches-ignore:
+      - main
+  workflow_dispatch:
+
+jobs:
+  test-amd64:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Test build amd64 Dockerfile
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          push: false
+          build-args: |
+            RELEASE_TAG=latest
+          cache-from: type=gha,scope=test-amd64
+          cache-to: type=gha,mode=max,scope=test-amd64
+
+  test-arm64:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Test build arm64 Dockerfile
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.arm64
+          platforms: linux/arm64
+          push: false
+          build-args: |
+            RELEASE_TAG=latest
+          cache-from: type=gha,scope=test-arm64
+          cache-to: type=gha,mode=max,scope=test-arm64

Dockerfile

@@ -1,7 +1,7 @@
 #############################
 # Download source code (platform-independent)
 #############################
-FROM --platform=$BUILDPLATFORM alpine:latest AS source
+FROM alpine:latest AS source
 
 ARG RELEASE_TAG="latest"
 
@@ -30,7 +30,7 @@ RUN set -e; \
 #############################
 # Install Composer dependencies (platform-independent)
 #############################
-FROM --platform=$BUILDPLATFORM serversideup/php:8.4-fpm-nginx-alpine-v4.2.1 AS dependencies
+FROM serversideup/php:8.4-fpm-nginx-alpine-v4.2.1 AS dependencies
 
 USER root
 
@@ -56,7 +56,7 @@ USER www-data
 #############################
 # Build assets (platform-independent)
 #############################
-FROM --platform=$BUILDPLATFORM node:24-alpine AS assets
+FROM node:24-alpine AS assets
 
 WORKDIR /app
 
@@ -66,15 +66,14 @@ RUN --mount=type=cache,target=/root/.npm \
     npm ci && npm run build
 
 #############################
-# Base image (platform-specific)
+# Base image (amd64-specific)
 #############################
-FROM serversideup/php:8.4-fpm-nginx-alpine-v4.2.1 AS base
+FROM --platform=linux/amd64 serversideup/php:8.4-fpm-nginx-alpine-v4.2.1 AS base
 
 LABEL org.opencontainers.image.title="speedtest-tracker-docker" \
     org.opencontainers.image.authors="Alex Justesen (@alexjustesen)"
 
-ARG TARGETARCH \
-    LIBRESPEED_CLI_VERSION="1.0.12" \
+ARG LIBRESPEED_CLI_VERSION="1.0.12" \
     OOKLA_CLI_VERSION="1.2.0"
 
 ENV AUTORUN_ENABLED="true" \
@@ -90,18 +89,12 @@ USER root
 RUN apk add --no-cache jq iperf3 iputils \
     && rm -rf /var/cache/apk/*
 
-# Install CLI tools in a single layer
+# Install CLI tools for amd64
 RUN set -e; \
-    # Map TARGETARCH to architecture naming conventions \
-    case "${TARGETARCH}" in \
-        amd64) LIBRESPEED_ARCH="amd64"; OOKLA_ARCH="x86_64" ;; \
-        arm64) LIBRESPEED_ARCH="arm64"; OOKLA_ARCH="aarch64" ;; \
-        *) echo "Unsupported architecture: ${TARGETARCH}"; exit 1 ;; \
-    esac; \
     curl -o /tmp/librespeed-cli.tgz -L \
-        "https://github.com/librespeed/speedtest-cli/releases/download/v${LIBRESPEED_CLI_VERSION}/librespeed-cli_${LIBRESPEED_CLI_VERSION}_linux_${LIBRESPEED_ARCH}.tar.gz" \
+        "https://github.com/librespeed/speedtest-cli/releases/download/v${LIBRESPEED_CLI_VERSION}/librespeed-cli_${LIBRESPEED_CLI_VERSION}_linux_amd64.tar.gz" \
     && curl -o /tmp/speedtest-cli.tgz -L \
-        "https://install.speedtest.net/app/cli/ookla-speedtest-${OOKLA_CLI_VERSION}-linux-${OOKLA_ARCH}.tgz" \
+        "https://install.speedtest.net/app/cli/ookla-speedtest-${OOKLA_CLI_VERSION}-linux-x86_64.tgz" \
     && tar xzf /tmp/librespeed-cli.tgz -C /usr/bin \
     && tar xzf /tmp/speedtest-cli.tgz -C /usr/bin \
     && rm /tmp/librespeed-cli.tgz /tmp/speedtest-cli.tgz

Dockerfile.arm64

@@ -0,0 +1,123 @@
+#############################
+# Download source code (platform-independent)
+#############################
+FROM --platform=$BUILDPLATFORM alpine:latest AS source
+
+ARG RELEASE_TAG="latest"
+
+WORKDIR /src
+
+# Install wget and jq for downloading
+RUN apk add --no-cache wget jq
+
+# Fetch the appropriate release
+RUN set -e; \
+    if [ "${RELEASE_TAG}" = "current" ]; then \
+        wget https://github.com/alexjustesen/speedtest-tracker/archive/refs/heads/main.tar.gz \
+        && tar -xzvf main.tar.gz --strip-components=1 \
+        && rm main.tar.gz; \
+    elif [ "${RELEASE_TAG}" = "latest" ]; then \
+        LATEST_RELEASE=$(wget -q -O - https://api.github.com/repos/alexjustesen/speedtest-tracker/releases/latest | jq -r .tag_name) \
+        && wget https://github.com/alexjustesen/speedtest-tracker/archive/refs/tags/${LATEST_RELEASE}.tar.gz \
+        && tar -xzvf ${LATEST_RELEASE}.tar.gz --strip-components=1 \
+        && rm ${LATEST_RELEASE}.tar.gz; \
+    else \
+        wget https://github.com/alexjustesen/speedtest-tracker/archive/refs/tags/${RELEASE_TAG}.tar.gz \
+        && tar -xzvf ${RELEASE_TAG}.tar.gz --strip-components=1 \
+        && rm ${RELEASE_TAG}.tar.gz; \
+    fi
+
+#############################
+# Install Composer dependencies (platform-independent)
+#############################
+FROM --platform=$BUILDPLATFORM serversideup/php:8.4-fpm-nginx-alpine-v4.2.1 AS dependencies
+
+USER root
+
+# Install the intl extension required by Composer dependencies
+RUN install-php-extensions intl \
+    && rm -rf /tmp/*
+
+WORKDIR /app
+
+COPY --from=source /src/composer.json /src/composer.lock /app/
+
+RUN --mount=type=cache,target=/tmp/cache,uid=0,gid=0 \
+    COMPOSER_CACHE_DIR=/tmp/cache COMPOSER_ALLOW_SUPERUSER=1 composer install --no-interaction --prefer-dist --optimize-autoloader --no-dev --no-scripts
+
+COPY --from=source /src /app
+
+RUN --mount=type=cache,target=/tmp/cache,uid=0,gid=0 \
+    COMPOSER_CACHE_DIR=/tmp/cache COMPOSER_ALLOW_SUPERUSER=1 composer install --no-interaction --prefer-dist --optimize-autoloader --no-dev \
+    && chown -R www-data:www-data /app
+
+USER www-data
+
+#############################
+# Build assets (platform-independent)
+#############################
+FROM --platform=$BUILDPLATFORM node:24-alpine AS assets
+
+WORKDIR /app
+
+COPY --from=dependencies /app /app
+
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci && npm run build
+
+#############################
+# Base image (arm64-specific)
+#############################
+FROM --platform=linux/arm64 serversideup/php:8.4-fpm-nginx-alpine-v4.2.1 AS base
+
+LABEL org.opencontainers.image.title="speedtest-tracker-docker" \
+    org.opencontainers.image.authors="Alex Justesen (@alexjustesen)"
+
+ARG LIBRESPEED_CLI_VERSION="1.0.12" \
+    OOKLA_CLI_VERSION="1.2.0"
+
+ENV AUTORUN_ENABLED="true" \
+    AUTORUN_LARAVEL_MIGRATION="true" \
+    AUTORUN_LARAVEL_MIGRATION_ISOLATION="true" \
+    PHP_OPCACHE_ENABLE="1" \
+    SHOW_WELCOME_MESSAGE="false"
+
+# Switch to root so we can do root things
+USER root
+
+# Install system dependencies and clean up in the same layer
+RUN apk add --no-cache jq iperf3 iputils \
+    && rm -rf /var/cache/apk/*
+
+# Install CLI tools for arm64
+RUN set -e; \
+    curl -o /tmp/librespeed-cli.tgz -L \
+        "https://github.com/librespeed/speedtest-cli/releases/download/v${LIBRESPEED_CLI_VERSION}/librespeed-cli_${LIBRESPEED_CLI_VERSION}_linux_arm64.tar.gz" \
+    && curl -o /tmp/speedtest-cli.tgz -L \
+        "https://install.speedtest.net/app/cli/ookla-speedtest-${OOKLA_CLI_VERSION}-linux-aarch64.tgz" \
+    && tar xzf /tmp/librespeed-cli.tgz -C /usr/bin \
+    && tar xzf /tmp/speedtest-cli.tgz -C /usr/bin \
+    && rm /tmp/librespeed-cli.tgz /tmp/speedtest-cli.tgz
+
+# Install the intl extension with root permissions
+RUN install-php-extensions intl \
+    && rm -rf /tmp/*
+
+# Copy s6 service definitions for Laravel scheduler and queue worker
+COPY --chmod=755 root /
+
+# Drop back to our unprivileged user
+USER www-data
+
+# Set working directory
+WORKDIR /var/www/html
+
+# Copy source code and Composer dependencies from the dependencies stage
+COPY --chown=www-data:www-data --from=dependencies /app /var/www/html
+
+#############################
+# Production image
+#############################
+FROM base AS production
+
+COPY --chown=www-data:www-data --from=assets /app/public/build /var/www/html/public/build

README.md

@@ -1,9 +1,9 @@
 # 🐋 Speedtest Tracker Docker
 
-> [!INFO]
-> **Work in Progress** - This is a custom Docker image build based on [ServerSideUp's Docker PHP](https://serversideup.net/open-source/docker-php/).
+> [!WARNING]
+> These Docker images are under construction, use at your own risk..
 
-This build supports both `amd64` and `arm64`, 32-bit images are not supported.
+This image is based on [ServerSideUp's Docker PHP](https://serversideup.net/open-source/docker-php/) which is the gold standard for containerized PHP applications. These builds supports both `x86-64` and `arm64` architectures, 32-bit images are not and will not be supported.
 
 ### Using