Merge pull request #35 from cybex-gmbh/main

.env.example

@@ -14,11 +14,13 @@ DOCKER_CONTAINER_NAME=transmorpher
 # Transmorpher
 TRANSMORPHER_DEV_MODE=false
 TRANSMORPHER_STORE_DERIVATIVES=true
-TRANSMORPHER_DISK_ORIGINALS=s3Originals
-TRANSMORPHER_DISK_IMAGE_DERIVATIVES=s3ImageDerivatives
-TRANSMORPHER_DISK_VIDEO_DERIVATIVES=s3VideoDerivatives
+TRANSMORPHER_DISK_ORIGINALS=localOriginals
+TRANSMORPHER_DISK_IMAGE_DERIVATIVES=localImageDerivatives
+TRANSMORPHER_DISK_VIDEO_DERIVATIVES=localVideoDerivatives
 TRANSMORPHER_SIGNING_KEYPAIR=
-TRANSMORPHER_OPTIMIZER_TIMEOUT=5
+TRANSMORPHER_OPTIMIZER_TIMEOUT=10
+# More information: https://github.com/cybex-gmbh/transmorpher/tree/release/v0#configuration-options
+VIDEO_TRANSCODING_WORKERS_AMOUNT=1
 
 # AWS
 AWS_ACCESS_KEY_ID=

.github/workflows/docker.yml

@@ -0,0 +1,40 @@
+name: Docker Image CI
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build-push-docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            cybexwebdev/transmorpher
+          flavor: |
+            latest=auto
+          tags: |
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+            type=sha
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          file: ./docker/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/pullpreview.yml

@@ -0,0 +1,40 @@
+name: PullPreview
+on:
+  pull_request:
+    types: [labeled, unlabeled, synchronize, closed, reopened]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      deployments: write # to delete deployments
+      pull-requests: write # to remove labels
+      statuses: write # to create commit status
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate .env file
+        env:
+          SECRETS_APP_KEY: ${{ secrets.APP_KEY }}
+          SECRETS_TRANSMORPHER_SIGNING_KEYPAIR: ${{ secrets.TRANSMORPHER_SIGNING_KEYPAIR }}
+          SECRETS_PULLPREVIEW_TRANSMORPHER_AUTH_TOKEN_HASH: ${{ secrets.PULLPREVIEW_TRANSMORPHER_AUTH_TOKEN_HASH }}
+        run: |
+          cp .env.example .env
+          echo "APP_KEY=$SECRETS_APP_KEY" >> .env
+          echo "TRANSMORPHER_SIGNING_KEYPAIR=$SECRETS_TRANSMORPHER_SIGNING_KEYPAIR" >> .env
+          echo "PULLPREVIEW_TRANSMORPHER_AUTH_TOKEN_HASH=$SECRETS_PULLPREVIEW_TRANSMORPHER_AUTH_TOKEN_HASH" >> .env
+
+      - uses: pullpreview/action@v5
+        with:
+          admins: jheusinger, gael-connan-cybex, holyfabi, lupinitylabs, mszulik
+          cidrs: "0.0.0.0/0"
+          compose_files: docker-compose.pullpreview.yml
+          default_port: 80
+          instance_type: medium
+          ports: 80, 443
+        env:
+          AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
+          AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+          AWS_REGION: "eu-central-1"

README.md

@@ -19,6 +19,34 @@ A media server for images and videos.
 
 ## Installation
 
+### Using docker
+
+See the [Docker Hub repository](https://hub.docker.com/r/cybexwebdev/transmorpher) for images.
+
+To not accidentally upgrade to a new major version, attach the major version you want to use to the image name:
+
+`cybexwebdev/transmorpher:0`
+
+#### Configuration options
+
+There needs to be at least 1 Laravel worker to transcode videos. The following variable specifies how many workers should be running in the container:
+
+```dotenv
+VIDEO_TRANSCODING_WORKERS_AMOUNT=1
+```
+
+> [!CAUTION]
+> Using the database queue connection does neither guarantee FIFO nor prevent duplicate runs. It is recommended to use a queue which can guarantee these aspects, such as AWS SQS
+> FIFO.
+> To prevent duplicate runs with database, use only one worker process.
+
+This environment variable has to be passed to the app container in your docker-compose.yml:
+
+```yaml
+environment:
+    VIDEO_TRANSCODING_WORKERS_AMOUNT: ${VIDEO_TRANSCODING_WORKERS_AMOUNT:-1}
+```
+
 ### Cloning the repository
 
 To clone the repository and get your media server running use:
@@ -57,10 +85,10 @@ To use video transcoding:
 The media server uses 3 separate Laravel disks to store originals, image derivatives and video derivatives. Use the provided `.env` keys to select any of the disks in
 the `filesystems.php` config file.
 
-> **Warning**
+> [!NOTE]
 >
 > 1. The root folder, like images/, of the configured derivatives disks has to always match the prefix provided by the `MediaType` enum.
-> 1. If you change the prefix after initially launching your media server, clients will no longer be able to retrieve their previously uploaded media.
+> 1. If this prefix would be changed after initially launching your media server, clients would no longer be able to retrieve their previously uploaded media.
 
 ### Cloud Setup
 
@@ -163,6 +191,7 @@ by any client.
 Transcoding jobs are dispatched onto the "video-transcoding" queue. You can have these jobs processed on the main server or dedicated workers. For more information check
 the [Laravel Queue Documentation](https://laravel.com/docs/10.x/queues).
 
+> [!NOTE]
 > Since queues are not generally FIFO, it is recommended to use a queue which guarantees FIFO and also prevents
 > duplicate runs.
 > For this, a custom AWS SQS FIFO queue connection is available.
@@ -232,9 +261,9 @@ You can define your queue connection in the `.env` file:
 QUEUE_CONNECTION=database
 ```
 
-> **Warning**
+> [!CAUTION]
 >
-> The database connection does neither guarantee FIFO nor prevents duplicate runs. It is recommended to use a queue which can guarantee these aspects, such as AWS SQS FIFO.
+> The database connection does neither guarantee FIFO nor prevent duplicate runs. It is recommended to use a queue which can guarantee these aspects, such as AWS SQS FIFO.
 > To prevent duplicate runs with database, use only one worker process.
 
 ### Additional options
@@ -389,6 +418,34 @@ You will also have to adjust the configuration value:
 'transcode_class' => App\Classes\YourTranscodeClass::class,
 ```
 
+## Development
+
+### [Pullpreview](https://github.com/pullpreview/action)
+
+When labeling a pull request with the "pullpreview" label, a staging environment is booted. To make this functional, some environment variables have to be stored in GitHub secrets:
+
+- APP_KEY
+- TRANSMORPHER_SIGNING_KEYPAIR
+- PULLPREVIEW_TRANSMORPHER_AUTH_TOKEN_HASH
+- AWS_ACCESS_KEY_ID
+- AWS_SECRET_ACCESS_KEY
+
+#### Auth Token Hash
+
+The environment is seeded with a user with an auth token. To get access, you will have to locally create a token and use this token and its hash.
+
+```bash
+php artisan create:user pullpreview pullpreview@example.com
+```
+
+Take the hash of the token from the `personal_access_tokens` table and save it to GitHub secrets. The command also provides a `TRANSMORPHER_AUTH_TOKEN`, which should be stored
+securely to use in client systems.
+
+#### AWS Credentials
+
+You need credentials of an IAM user that can manage AWS Lightsail. For a recommended configuration take a look at
+the [Pullpreview wiki](https://github.com/pullpreview/action/wiki/Recommended-AWS-Configuration).
+
 ## License
 
 The Transmorpher media server is licensed under the [MIT license](https://opensource.org/licenses/MIT).

composer.json

@@ -9,6 +9,7 @@
         "ext-fileinfo": "*",
         "ext-sodium": "*",
         "aminyazdanpanah/php-ffmpeg-video-streaming": "^1.2",
+        "cybex/laravel-protector": "^2.0",
         "guzzlehttp/guzzle": "^7.2",
         "intervention/image": "^2.7",
         "laravel/framework": "^9.19",