From ed07d166d9c3de6da34ef44e05340925ece75228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:25:01 +0200 Subject: [PATCH 01/15] Added ubuntu 8.2 dockerfile and ci process --- .github/workflows/ci.yml | 14 +-- Dockerfile | 218 +++++++++++++++++++-------------------- 2 files changed, 112 insertions(+), 120 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8f1287..49f4e47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: no-color: "true" output-file: "/dev/stdout" - - name: "Build Alpine" + - name: "Build Ubuntu" run: > ./build_images.sh temporary-build-image @@ -34,15 +34,15 @@ jobs: run: docker run --pull=never --rm -t temporary-build-image-linux-amd64 php -v - name: "PHP_VERSION Env" - run: echo "PHP_VERSION=`docker run --pull=never --rm -t temporary-build-image-linux-amd64 php --version | head -n 1 | cut -f 2 -d ' '`" >> $GITHUB_ENV + run: echo "PHP_VERSION=`docker run --pull=never --rm -t temporary-build-image-linux-amd64 php --version | head -n 1 | cut -f 2 -d ' '`-ubuntu" >> $GITHUB_ENV - name: Tag also with php:${{ env.PHP_VERSION }} run: docker tag temporary-build-image-linux-amd64 php-${{ env.PHP_VERSION }} - - name: "Check Alpine -i" + - name: "Check Ubuntu -i" run: docker run --pull=never --rm -t php-${{ env.PHP_VERSION }} php -i - - name: "Check Alpine -v" + - name: "Check Ubuntu -v" run: docker run --pull=never --rm -t php-${{ env.PHP_VERSION }} php -v - name: "Run Tests" @@ -50,7 +50,7 @@ jobs: env: DOCKER_REGISTRY_IMAGE: "temporary-build-image-linux-amd64" - - name: Run Alpine Trivy vulnerability scanner + - name: Run Ubuntu Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: php-${{ env.PHP_VERSION }} @@ -61,7 +61,7 @@ jobs: severity: 'CRITICAL,HIGH' - if: contains(github.ref, 'refs/heads/release/') - name: Run Alpine Trivy vulnerability scanner and upload to github security tab + name: Run Ubuntu Trivy vulnerability scanner and upload to github security tab uses: aquasecurity/trivy-action@master with: image-ref: php-${{ env.PHP_VERSION }} @@ -69,7 +69,7 @@ jobs: output: 'trivy-results.sarif' - if: contains(github.ref, 'refs/heads/release/') - name: Upload Alpine Trivy scan results to GitHub Security tab + name: Upload Ubuntu Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' diff --git a/Dockerfile b/Dockerfile index 07fb386..5d55d12 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,27 @@ -FROM alpine:3.18.3 +FROM ubuntu:jammy-20230816 ARG PHP_VERSION="8.2.10" -ARG PHP_PACKAGE_BASENAME="php82" -ARG PHP_FPM_BINARY_PATH="/usr/sbin/php-fpm82" -ARG UNIT_VERSION="1.30.0" -ARG APACHE2_VERSION="2.4.57" -ARG GRPC_EXTENSION_VERSION="1.51.1" -ARG GRPC_EXTENSION_REPOSITORY="http://dl-cdn.alpinelinux.org/alpine/edge/testing" -ARG PCOV_EXTENSION_VERSION="1.0.11" -ARG PCOV_EXTENSION_REPOSITORY="http://dl-cdn.alpinelinux.org/alpine/edge/testing" +ARG PHP_PACKAGE_BASENAME="php8.2" +ARG PHP_PACKAGE_BASE_VERSION="8.2" +ARG UNIT_VERSION="1.31.0" +ARG APACHE2_VERSION="2.4.52" ENV PHP_VERSION=$PHP_VERSION ENV PHP_PACKAGE_BASENAME=$PHP_PACKAGE_BASENAME -ENV PHP_FPM_BINARY_PATH=$PHP_FPM_BINARY_PATH ENV UNIT_VERSION=$UNIT_VERSION ENV APACHE2_VERSION=$APACHE2_VERSION -ENV GRPC_EXTENSION_VERSION=$GRPC_EXTENSION_VERSION -ENV GRPC_EXTENSION_REPOSITORY=$GRPC_EXTENSION_REPOSITORY -ENV PCOV_EXTENSION_VERSION=$PCOV_EXTENSION_VERSION -ENV PCOV_EXTENSION_REPOSITORY=$PCOV_EXTENSION_REPOSITORY -RUN apk upgrade -U # 2023/01/05 to fix CVE-2022-3996 +ENV DEBIAN_FRONTEND=noninteractive -RUN apk add --no-cache \ - libc6-compat \ +RUN apt-get update && apt-get install -y software-properties-common && LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && apt-get remove --purge -y software-properties-common && apt-get autoremove -y + +RUN apt-get update && apt-get -y dist-upgrade + +RUN apt-get install -y \ + curl \ git \ git-lfs \ - mysql-client \ - mariadb-connector-c \ + default-mysql-client \ + libmysqlcppconn7v5 \ vim \ rsync \ sshpass \ @@ -38,77 +33,64 @@ RUN apk add --no-cache \ bash \ sed -# Ensure we have www-data added with alpine's default uid/gid: 82 -# (e.g. https://git.alpinelinux.org/aports/tree/main/apache2/apache2.pre-install for reference) -RUN set -eux; \ - adduser -u 82 -D -S -G www-data www-data - -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}~=${PHP_VERSION} ${PHP_PACKAGE_BASENAME}-embed~=${PHP_VERSION} - -ENV PHP_INI_DIR=/etc/${PHP_PACKAGE_BASENAME}/ - -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-bcmath -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-calendar -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-curl -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-ctype -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-gd -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-fileinfo -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-ftp -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-iconv -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-intl -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-ldap -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-mbstring -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-mysqli -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-opcache -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-openssl -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pcntl -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pdo_mysql -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pdo_pgsql -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pdo_sqlite -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pear -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-amqp -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-apcu -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-tokenizer -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-igbinary -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-imagick -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-memcached -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-protobuf -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pgsql -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-phar -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-posix -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-redis -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-simplexml -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-soap -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sockets -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sodium -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sqlite3 -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xdebug -RUN sed -i -e 's/;xdebug.mode/xdebug.mode/g' /etc/${PHP_PACKAGE_BASENAME}/conf.d/50_xdebug.ini -RUN sed -i -e 's/;zend/zend/g' /etc/${PHP_PACKAGE_BASENAME}/conf.d/50_xdebug.ini -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xml -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xmlwriter -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xmlreader -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xsl -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-zip - -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-grpc~=$GRPC_EXTENSION_VERSION --repository $GRPC_EXTENSION_REPOSITORY -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-pcov~=$PCOV_EXTENSION_VERSION --repository $PCOV_EXTENSION_REPOSITORY - -# FIXME: we need this, since php82 is not the _default_php in https://git.alpinelinux.org/aports/tree/community/php82/APKBUILD -WORKDIR /usr/bin -RUN ln -s php82 php \ - && ln -s peardev82 peardev \ - && ln -s pecl82 pecl \ - && ln -s phpize82 phpize \ - && ln -s php-config82 php-config \ - && ln -s phpdbg82 phpdbg \ - && ln -s lsphp82 lsphp \ - && ln -s php-cgi82 php-cgi \ - && ln -s phar.phar82 phar.phar \ - && ln -s phar82 phar - +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}=${PHP_VERSION}-* lib${PHP_PACKAGE_BASENAME}-embed=${PHP_VERSION}-* + +ENV PHP_INI_DIR=/etc/php/${PHP_PACKAGE_BASE_VERSION}/ + +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-bcmath +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-calendar +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-curl +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-ctype +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-gd +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-fileinfo +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-ftp +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-iconv +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-intl +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-ldap +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-mbstring +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-mysqli +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-opcache +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-mysql +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-pgsql +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-sqlite3 +RUN apt-get install -y php-pear +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-amqp +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-apcu +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-tokenizer +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-igbinary +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-imagick +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-memcached +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-protobuf + +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-pgsql +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-phar +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-posix +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-redis +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-simplexml +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-soap +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-sockets +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-sqlite3 +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-xdebug +RUN echo "xdebug.mode=off" >> /etc/php/${PHP_PACKAGE_BASE_VERSION}/mods-available/xdebug.ini +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-xml +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-xmlwriter +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-xmlreader +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-xsl +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-zip +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-grpc + +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-pcov # add php.ini containing environment variables -COPY files/php.ini /etc/${PHP_PACKAGE_BASENAME}/php.ini +COPY files/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini + +RUN rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/cli/php.ini \ + && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/cli/php.ini \ +# && rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php.ini \ +# && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php.ini \ +# && rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/apache2/php.ini \ +# && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/apache2/php.ini \ + && rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/embed/php.ini \ + && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/embed/php.ini # add composer COPY --from=composer:2.5.1 /usr/bin/composer /usr/bin/composer @@ -116,51 +98,61 @@ ENV COMPOSER_HOME=/composer RUN mkdir /composer && chown www-data:www-data /composer # install php-fpm -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-fpm~=${PHP_VERSION} -# the alpine php fpm package, does not deliver php-fpm binary without suffix -RUN ln -s $PHP_FPM_BINARY_PATH /usr/sbin/php-fpm +RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-fpm=${PHP_VERSION}-* # use user www-data -RUN sed -i -e 's/user = nobody/user = www-data/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN sed -i -e 's/user = nobody/user = www-data/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # use group www-data -RUN sed -i -e 's/group = nobody/group = www-data/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN sed -i -e 's/group = nobody/group = www-data/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # listen also externally for the php-fpm process -RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 0.0.0.0:9000/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 0.0.0.0:9000/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # expose the given environment variables to php -RUN sed -i -e 's/;clear_env = no/clear_env = no/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN sed -i -e 's/;clear_env = no/clear_env = no/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # write error_log to /dev/stderr -RUN sed -i -e 's/;error_log.*/error_log=\/dev\/stderr/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.conf +RUN sed -i -e 's/;error_log.*/error_log=\/dev\/stderr/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php-fpm.conf # expose the worker logs to stdout + stderr -RUN sed -i -e 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN sed -i -e 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # avoid decoration like 'TIMESTAMP WARNING: [pool www] child 7 said into stderr "' around each log message -RUN sed -i -e 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN sed -i -e 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # avoid nginx logging when fpm logged something (e.g. "FastCGI sent in stderr") -RUN echo "php_admin_flag[fastcgi.logging] = off" >> /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf +RUN echo "php_admin_flag[fastcgi.logging] = off" >> /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf + +RUN rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php.ini \ + && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php.ini + + # install nginx unit and the php module for nginx unit -RUN apk add --no-cache unit~=$UNIT_VERSION unit-${PHP_PACKAGE_BASENAME}~=$UNIT_VERSION +RUN curl --output /usr/share/keyrings/nginx-keyring.gpg https://unit.nginx.org/keys/nginx-keyring.gpg +RUN echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ jammy unit" > /etc/apt/sources.list.d/unit.list +RUN echo "deb-src [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ jammy unit" >> /etc/apt/sources.list.d/unit.list +RUN apt update && apt-get install -y unit=$UNIT_VERSION-* unit-php=$UNIT_VERSION-* # add default nginx unit json file (listening on port 8080) COPY files/unit/unit-default.json /var/lib/unit/conf.json # chown the folder for control socket file -RUN chown www-data:www-data /run/unit/ +RUN mkdir /run/unit && chown www-data:www-data /run/unit/ # install apache2 and the php module for apache2 -RUN apk add --no-cache apache2~=$APACHE2_VERSION ${PHP_PACKAGE_BASENAME}-apache2~=${PHP_VERSION} +RUN apt-get install -y apache2=$APACHE2_VERSION-* libapache2-mod-${PHP_PACKAGE_BASENAME}=${PHP_VERSION}-* # add default apache2 config file -COPY files/apache2/apache2-default.conf /etc/apache2/conf.d/00_apache2-default.conf -# activate rewrite module -RUN sed -i -e 's/#LoadModule rewrite_module/LoadModule rewrite_module/g' /etc/apache2/httpd.conf +COPY files/apache2/apache2-default.conf /etc/apache2/sites-available/000-default.conf # listen port 8080 -RUN sed -i -e 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf -# use user www-data -RUN sed -i -e 's/User apache/User www-data/g' /etc/apache2/httpd.conf -# use group www-data -RUN sed -i -e 's/Group apache/Group www-data/g' /etc/apache2/httpd.conf +RUN sed -i -e 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf # write ErrorLog to /dev/stderr -RUN sed -i -e 's/ErrorLog logs\/error.log/ErrorLog \/dev\/stderr/g' /etc/apache2/httpd.conf +RUN sed -i -e 's/ErrorLog .*/ErrorLog \/dev\/stderr/g' /etc/apache2/apache2.conf # write CustomLog to /dev/stdout -RUN sed -i -e 's/CustomLog logs\/access.log/CustomLog \/dev\/stdout/g' /etc/apache2/httpd.conf +RUN sed -i -e 's/# a CustomLog.*/CustomLog \/dev\/stdout combined/g' /etc/apache2/apache2.conf +RUN rm /etc/apache2/conf-enabled/other-vhosts-access-log.conf +RUN rm /etc/apache2/conf-available/other-vhosts-access-log.conf # write make it possible to write pid as www-data user to /run/apache2/httpd.pid RUN chown www-data:www-data /run/apache2/ +ENV APACHE_RUN_USER=www-data \ + APACHE_RUN_GROUP=www-data \ + APACHE_PID_FILE=/var/run/apache2/apache2.pid \ + APACHE_RUN_DIR=/var/run/apache2 \ + APACHE_LOCK_DIR=/var/lock/apache2 \ + APACHE_LOG_DIR=/var/log/apache2 +RUN rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/apache2/php.ini \ + && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/apache2/php.ini # the start-cron script RUN mkfifo -m 0666 /var/log/cron.log From 11f9ad5e38bc4107495beb40dc7d4b8243377d2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:31:59 +0200 Subject: [PATCH 02/15] add ci process for ubuntu build --- .github/workflows/ci.yml | 82 +++++++++++++++++++++++++++-- .github/workflows/release-notes.yml | 8 +-- 2 files changed, 83 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49f4e47..69bf938 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,8 +7,8 @@ on: pull_request: jobs: - ci: - name: Build PHP Image + build-amd64: + name: Build PHP Image amd64 runs-on: ubuntu-latest @@ -28,8 +28,82 @@ jobs: - name: "Build Ubuntu" run: > - ./build_images.sh temporary-build-image + ./build_images.sh temporary-build-image linux/amd64 + - name: "Export image" + run: mv dockercache amdcache + - name: 'Upload Artifact' + uses: actions/upload-artifact@v3 + with: + name: amdcache + path: amdcache + retention-days: 1 + + build-arm64: + name: Build PHP Image arm64 + + runs-on: ARM64 + + continue-on-error: false + + steps: + - name: "Checkout code" + uses: actions/checkout@v3 + + - name: Lint Dockerfile + uses: hadolint/hadolint-action@v3.0.0 + with: + dockerfile: "Dockerfile" + format: "tty" + no-color: "true" + output-file: "/dev/stdout" + + - name: "Build Ubuntu" + run: > + ./build_images.sh temporary-build-image linux/arm64/v8 + - name: "Export image" + run: mv dockercache armcache + - name: 'Upload Artifact' + uses: actions/upload-artifact@v3 + with: + name: armcache + path: armcache + retention-days: 1 + + upload: + name: Upload PHP Image + + runs-on: ubuntu-latest + + needs: + - build-arm64 + - build-amd64 + + continue-on-error: false + + steps: + - name: "Checkout code" + uses: actions/checkout@v3 + + - name: Download amd64 + uses: actions/download-artifact@v3 + with: + name: amdcache + path: amdcache + + - name: Download arm64 + uses: actions/download-artifact@v3 + with: + name: armcache + path: armcache + - name: "Create docker cache" + run: > + cp -rf amdcache dockercache + + - name: "Reload build cache for amd64" + run: > + ./build_images.sh temporary-build-image linux/amd64 + - name: "Smoke test with php -v" run: docker run --pull=never --rm -t temporary-build-image-linux-amd64 php -v @@ -73,7 +147,7 @@ jobs: uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' -# + - if: contains(github.ref, 'refs/heads/release/') name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index c9c2901..5e60296 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -3,7 +3,7 @@ name: Main on: push: tags: - - "*.*.*" + - "*.*.*-ubuntu" jobs: create-release-notes: @@ -11,14 +11,16 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 + - name: Export UBUNTU_SUFFIX (if ubuntu is enabled) + run: echo "UBUNTU_SUFFIX=`echo ${{ github.ref_name }} | grep 'ubuntu' > /dev/null && echo '-ubuntu' || echo ''`" >> $GITHUB_ENV - name: "Fetch all existing tags" - run: curl -L -s 'https://registry.hub.docker.com/v2/repositories/endava/php/tags?page_size=9999'|jq -r '."results"[]["name"] | select(test( "^[0-9]+.[0-9]+.[0-9]+$"))' > existing_docker_tags.txt + run: curl -L -s 'https://registry.hub.docker.com/v2/repositories/endava/php/tags?page_size=9999'|jq -r ".\"results\"[][\"name\"] | select(test( \"^[0-9]+.[0-9]+.[0-9]+${UBUNTU_SUFFIX}\$\"))" > existing_docker_tags.txt - name: "Store the current tag" run: echo ${{ github.ref_name }} > current_tag.txt - name: "Export PREVIOUS_PHP_VERSION environment variable" run: echo "PREVIOUS_PHP_VERSION=`cat existing_docker_tags.txt current_tag.txt | sort -n | uniq | grep -Fx -a1 ${{ github.ref_name }} | head -n 1`" >> $GITHUB_ENV - name: "Export the php -i of previous php version ${{ env.PREVIOUS_PHP_VERSION }}" - run: docker run --rm endava/php:${{ env.PREVIOUS_PHP_VERSION }} php -i | sed '/^Environment$/,$d' > previous-php-i.txt + run: docker run --rm ghcr.io/endava/docker-php:${{ env.PREVIOUS_PHP_VERSION }} php -i | sed '/^Environment$/,$d' > previous-php-i.txt - name: Generate Changelog run: docker run --rm -v `pwd`/previous-php-i.txt:/usr/src/app/previous-php-i.txt -v `pwd`/generate-changelog.php:/usr/src/app/generate-changelog.php ghcr.io/endava/docker-php:${{ github.ref_name }} php /usr/src/app/generate-changelog.php ghcr.io/endava/docker-php:${{ github.ref_name }} > RELEASE_NOTES.txt - name: Release From a17cd4ca2b067894c48f6bb79c62bb039049129e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:39:05 +0200 Subject: [PATCH 03/15] Make hadolint less unhappy --- .hadolint.yaml | 5 ++++- Dockerfile | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index c7a01c4..2d19160 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -1,3 +1,6 @@ ignored: -- DL3018 # warning: Pin versions in apk add. Instead of `apk add ` use `apk add =` - DL3059 # info: Multiple consecutive `RUN` instructions. Consider consolidation. +- DL3008 # warning: Pin versions in apt get install. Instead of `apt-get install ` use `apt-get install =` +- DL3009 # info: Delete the apt-get lists after installing something +- DL3015 # info: Avoid additional packages by specifying `--no-install-recommends` + diff --git a/Dockerfile b/Dockerfile index 5d55d12..cc12df1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,11 +12,11 @@ ENV APACHE2_VERSION=$APACHE2_VERSION ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get install -y software-properties-common && LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && apt-get remove --purge -y software-properties-common && apt-get autoremove -y +RUN apt-get update && apt-get install -y software-properties-common --no-install-recommends && LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && apt-get remove --purge -y software-properties-common && apt-get autoremove -y RUN apt-get update && apt-get -y dist-upgrade -RUN apt-get install -y \ +RUN apt-get install -y --no-install-recommends \ curl \ git \ git-lfs \ @@ -125,14 +125,14 @@ RUN rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php.ini \ RUN curl --output /usr/share/keyrings/nginx-keyring.gpg https://unit.nginx.org/keys/nginx-keyring.gpg RUN echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ jammy unit" > /etc/apt/sources.list.d/unit.list RUN echo "deb-src [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ jammy unit" >> /etc/apt/sources.list.d/unit.list -RUN apt update && apt-get install -y unit=$UNIT_VERSION-* unit-php=$UNIT_VERSION-* +RUN apt-get update && apt-get install -y unit=$UNIT_VERSION-* unit-php=$UNIT_VERSION-* --no-install-recommends # add default nginx unit json file (listening on port 8080) COPY files/unit/unit-default.json /var/lib/unit/conf.json # chown the folder for control socket file RUN mkdir /run/unit && chown www-data:www-data /run/unit/ # install apache2 and the php module for apache2 -RUN apt-get install -y apache2=$APACHE2_VERSION-* libapache2-mod-${PHP_PACKAGE_BASENAME}=${PHP_VERSION}-* +RUN apt-get install -y apache2=$APACHE2_VERSION-* libapache2-mod-${PHP_PACKAGE_BASENAME}=${PHP_VERSION}-* --no-install-recommends # add default apache2 config file COPY files/apache2/apache2-default.conf /etc/apache2/sites-available/000-default.conf # listen port 8080 From 9c8a07df3df94880bdc8c1283604f34151a6d552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:40:01 +0200 Subject: [PATCH 04/15] Allow dist-upgrade --- .hadolint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.hadolint.yaml b/.hadolint.yaml index 2d19160..d1ade16 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -3,4 +3,4 @@ ignored: - DL3008 # warning: Pin versions in apt get install. Instead of `apt-get install ` use `apt-get install =` - DL3009 # info: Delete the apt-get lists after installing something - DL3015 # info: Avoid additional packages by specifying `--no-install-recommends` - +- DL3005 # error: Do not use apt-get dist-upgrade From 46e66c8ac94b3a4a98630fe7990bfd3b09f22529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:48:51 +0200 Subject: [PATCH 05/15] Added missing gpg-agent for software properties --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cc12df1..7f7f8ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ ENV APACHE2_VERSION=$APACHE2_VERSION ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get install -y software-properties-common --no-install-recommends && LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && apt-get remove --purge -y software-properties-common && apt-get autoremove -y +RUN apt-get update && apt-get install -y software-properties-common gpg-agent --no-install-recommends && LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && apt-get remove --purge -y software-properties-common && apt-get autoremove -y RUN apt-get update && apt-get -y dist-upgrade From 0422bf636f4d8c8ce63d5f6f52e5bb6b83682fac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:49:19 +0200 Subject: [PATCH 06/15] Disable DEBIAN frontend env after installation --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7f7f8ae..06f1075 100644 --- a/Dockerfile +++ b/Dockerfile @@ -198,6 +198,8 @@ ENV PHP_DATE_TIMEZONE="UTC" \ PHP_XDEBUG_IDEKEY='' \ PHP_EXPOSE_PHP=1 +ENV DEBIAN_FRONTEND= + RUN mkdir -p /usr/src/app RUN chown -R www-data:www-data /usr/src/app WORKDIR /usr/src/app From d32aa87f94805d72ee41f4cbddc3a9d122ee4d3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 18:56:19 +0200 Subject: [PATCH 07/15] Add build file with cache --- build_and_push_multi_arch_images.sh | 17 ++++++++++------- build_images.sh | 19 +++++++++++++++---- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/build_and_push_multi_arch_images.sh b/build_and_push_multi_arch_images.sh index a576ebe..d70e822 100755 --- a/build_and_push_multi_arch_images.sh +++ b/build_and_push_multi_arch_images.sh @@ -10,20 +10,23 @@ then TARGET_PLATFORMS=$2 fi +docker version +docker buildx version + # we have to do it like this, because of https://github.com/docker/buildx/issues/59#issuecomment-1168619521 echo "Build and Push ${DOCKER_IMAGE_NAME}" -docker buildx create --node buildx --name buildx --use -docker buildx build --push --platform $TARGET_PLATFORMS -f Dockerfile -t $DOCKER_IMAGE_NAME . +docker buildx create --node buildx --name buildx --use --driver docker-container +docker buildx build --cache-from=type=local,src=armcache --cache-from=type=local,src=amdcache --progress plain --push --platform $TARGET_PLATFORMS -f Dockerfile -t $DOCKER_IMAGE_NAME . if [ ! -z "$QUAY_DOCKER_IMAGE_NAME" ] then echo "Build and Push ${QUAY_DOCKER_IMAGE_NAME}" - docker buildx build --push --platform $TARGET_PLATFORMS -f Dockerfile -t $QUAY_DOCKER_IMAGE_NAME . + docker buildx build --cache-from=type=local,src=armcache --cache-from=type=local,src=amdcache --progress plain --push --platform $TARGET_PLATFORMS -f Dockerfile -t $QUAY_DOCKER_IMAGE_NAME . fi if [ ! -z "$GHCR_DOCKER_IMAGE_NAME" ] then echo "Build and Push ${GHCR_DOCKER_IMAGE_NAME}" - docker buildx build --push --platform $TARGET_PLATFORMS -f Dockerfile -t $GHCR_DOCKER_IMAGE_NAME . + docker buildx build --cache-from=type=local,src=armcache --cache-from=type=local,src=amdcache --progress plain --push --platform $TARGET_PLATFORMS -f Dockerfile -t $GHCR_DOCKER_IMAGE_NAME . fi for SUFFIX in unit fpm apache2 do @@ -32,16 +35,16 @@ do cat files/$SUFFIX/$SUFFIX.Dockerfile.snippet.txt >> Dockerfile-${SUFFIX} echo "Build and Push ${DOCKER_IMAGE_NAME}-${SUFFIX}" - docker buildx build --push --platform $TARGET_PLATFORMS -f Dockerfile-${SUFFIX} -t $DOCKER_IMAGE_NAME-${SUFFIX} . + docker buildx build --cache-from=type=local,src=armcache --cache-from=type=local,src=amdcache --progress plain --push --platform $TARGET_PLATFORMS -f Dockerfile-${SUFFIX} -t $DOCKER_IMAGE_NAME-${SUFFIX} . if [ ! -z "$QUAY_DOCKER_IMAGE_NAME" ] then echo "Build and Push ${QUAY_DOCKER_IMAGE_NAME}-${SUFFIX}" - docker buildx build --push --platform $TARGET_PLATFORMS -f Dockerfile-${SUFFIX} -t $QUAY_DOCKER_IMAGE_NAME-${SUFFIX} . + docker buildx build --cache-from=type=local,src=armcache --cache-from=type=local,src=amdcache --progress plain --push --platform $TARGET_PLATFORMS -f Dockerfile-${SUFFIX} -t $QUAY_DOCKER_IMAGE_NAME-${SUFFIX} . fi if [ ! -z "$GHCR_DOCKER_IMAGE_NAME" ] then echo "Build and Push ${GHCR_DOCKER_IMAGE_NAME}-${SUFFIX}" - docker buildx build --push --platform $TARGET_PLATFORMS -f Dockerfile-${SUFFIX} -t $GHCR_DOCKER_IMAGE_NAME-${SUFFIX} . + docker buildx build --cache-from=type=local,src=armcache --cache-from=type=local,src=amdcache --progress plain --push --platform $TARGET_PLATFORMS -f Dockerfile-${SUFFIX} -t $GHCR_DOCKER_IMAGE_NAME-${SUFFIX} . fi rm Dockerfile-${SUFFIX} done diff --git a/build_images.sh b/build_images.sh index db70b45..850c653 100755 --- a/build_images.sh +++ b/build_images.sh @@ -3,20 +3,31 @@ set -e DOCKER_IMAGE_NAME=$1 -TARGET_PLATFORMS=linux/arm64/v8,linux/amd64 +TARGET_PLATFORMS=linux/amd64 if [ ! -z "$2" ] then TARGET_PLATFORMS=$2 fi -docker buildx create --node buildx --name buildx --use +docker version +docker buildx version + +docker run --privileged --rm tonistiigi/binfmt --install all + +docker buildx create --node buildx --name buildx --use --driver docker-container +docker buildx prune --force --all || true + +if [ ! -d dockercache ] +then + mkdir dockercache +fi # we have to do it like this, because of https://github.com/docker/buildx/issues/59#issuecomment-1168619521 for TARGET_PLATFORM in `echo $TARGET_PLATFORMS | tr -s ',' ' '` do TARGET_PLATFORM_SUFFIX=`echo $TARGET_PLATFORM | tr -s '/' '-'` - docker buildx build --pull --load --platform $TARGET_PLATFORM -f Dockerfile -t ${DOCKER_IMAGE_NAME}-${TARGET_PLATFORM_SUFFIX} . + docker buildx build --cache-from=type=local,src=dockercache --cache-to=type=local,dest=dockercache --progress plain --pull --load --platform $TARGET_PLATFORM -f Dockerfile -t ${DOCKER_IMAGE_NAME}-${TARGET_PLATFORM_SUFFIX} . for SUFFIX in unit fpm apache2 do @@ -27,4 +38,4 @@ do docker buildx build --pull --load --platform $TARGET_PLATFORM -f Dockerfile-${SUFFIX} -t ${DOCKER_IMAGE_NAME}-${SUFFIX}-${TARGET_PLATFORM_SUFFIX} . rm Dockerfile-${SUFFIX} done -done \ No newline at end of file +done From 862f9d01d293e532789c397c36dc2bb897281d93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 19:06:18 +0200 Subject: [PATCH 08/15] Add wget --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 06f1075..59062a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ RUN apt-get update && apt-get install -y software-properties-common gpg-agent -- RUN apt-get update && apt-get -y dist-upgrade RUN apt-get install -y --no-install-recommends \ + wget \ curl \ git \ git-lfs \ From 1f78d12ed65106ab32ffffae27e2aa39b2e1dc73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 19:07:50 +0200 Subject: [PATCH 09/15] Use apache2 binary instead of httpd on debian --- README.md | 12 +++++------- tests/test_apache2.sh | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index ec1cf82..5bfdf17 100644 --- a/README.md +++ b/README.md @@ -158,21 +158,19 @@ This docker image contains a [files/apache2/apache2-default.conf](files/apache2/ The directive `DocumentRoot` is set to `/usr/src/app/public` to deliver `index.php` from this folder. -The directive `ErrorLog` in `httpd.conf` is set to `/dev/stderr` to ensure that we have the error log as output to the docker container. +The directive `ErrorLog` in `apache2.conf` is set to `/dev/stderr` to ensure that we have the error log as output to the docker container. -The directive `CustomLog` (which includes `TransferLog`) in `httpd.conf` is set to `/dev/stdout` to ensure that we have the access log and normal log as output to the docker container. +The directive `CustomLog` (which includes `TransferLog`) in `apache2.conf` is set to `/dev/stdout` to ensure that we have the access log and normal log as output to the docker container. -The `/etc/apache2/httpd.conf` is adjusted to enable `LoadModule rewrite_module`. +The default `Listen 8080` in `apache2.conf` to ensure that the server is reachable via port 8080. -The default `Listen 8080` in `httpd.conf` to ensure that the server is reachable via port 8080. - -The default user and group in `httpd.conf` is set to `www-data`. +The default user and group in `apache2.conf` is set to `www-data`. The `-apache2` tagged docker image (because it has attached this snippet at [files/apache2/apache2.Dockerfile.snippet.txt](files/apache2/apache2.Dockerfile.snippet.txt) has two settings set: * The `STOPSIGNAL` is set to `WINCH` to allow graceful stop. -* The `CMD` has `httpd -DFOREGROUND` set to run httpd in foreground +* The `CMD` has `apache2 -DFOREGROUND` set to run apache2 in foreground ## fpm diff --git a/tests/test_apache2.sh b/tests/test_apache2.sh index ca5ffda..a4f8a7c 100755 --- a/tests/test_apache2.sh +++ b/tests/test_apache2.sh @@ -8,7 +8,7 @@ docker run --rm -d --entrypoint bash --name $CONTAINER_NAME $DOCKER_REGISTRY_IMA docker exec $CONTAINER_NAME mkdir /usr/src/app/public docker exec $CONTAINER_NAME bash -c "echo ' /usr/src/app/public/index.php" docker exec $CONTAINER_NAME bash -c "echo 'IT WORKS STATIC IN APACHE2' > /usr/src/app/public/static.txt" -docker exec -d $CONTAINER_NAME httpd -DFOREGROUND +docker exec -d $CONTAINER_NAME apache2 -DFOREGROUND docker exec $CONTAINER_NAME bash -c 'wget localhost:8080/index.php -q -O /tmp/response && cat /tmp/response' | grep "IT WORKS IN APACHE2" > /dev/null docker exec $CONTAINER_NAME bash -c 'wget localhost:8080/ -q -O /tmp/response && cat /tmp/response' | grep "IT WORKS IN APACHE2" > /dev/null docker exec $CONTAINER_NAME bash -c 'wget localhost:8080/static.txt -q -O /tmp/response && cat /tmp/response' | grep "IT WORKS STATIC IN APACHE2" > /dev/null From afa4396485fd6d50a3d4438a1564a66f7ef97e37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 19:19:08 +0200 Subject: [PATCH 10/15] Make php fpm reachable directly (without suffix) --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 59062a8..053ec5c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,10 +3,12 @@ FROM ubuntu:jammy-20230816 ARG PHP_VERSION="8.2.10" ARG PHP_PACKAGE_BASENAME="php8.2" ARG PHP_PACKAGE_BASE_VERSION="8.2" +ARG PHP_FPM_BINARY_PATH="/usr/sbin/php-fpm8.2" ARG UNIT_VERSION="1.31.0" ARG APACHE2_VERSION="2.4.52" ENV PHP_VERSION=$PHP_VERSION ENV PHP_PACKAGE_BASENAME=$PHP_PACKAGE_BASENAME +ENV PHP_FPM_BINARY_PATH=$PHP_FPM_BINARY_PATH ENV UNIT_VERSION=$UNIT_VERSION ENV APACHE2_VERSION=$APACHE2_VERSION @@ -100,6 +102,8 @@ RUN mkdir /composer && chown www-data:www-data /composer # install php-fpm RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-fpm=${PHP_VERSION}-* +# the ubuntu php fpm package, does not deliver php-fpm binary without suffix +RUN ln -s $PHP_FPM_BINARY_PATH /usr/sbin/php-fpm # use user www-data RUN sed -i -e 's/user = nobody/user = www-data/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # use group www-data From 2ef6cc324fcc731e17b3c0cfdfbf5daea5f988eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 19:22:18 +0200 Subject: [PATCH 11/15] Use apache2 binary instead of httpd on ubuntu --- files/apache2/apache2.Dockerfile.snippet.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/apache2/apache2.Dockerfile.snippet.txt b/files/apache2/apache2.Dockerfile.snippet.txt index 78ddad4..667aa33 100644 --- a/files/apache2/apache2.Dockerfile.snippet.txt +++ b/files/apache2/apache2.Dockerfile.snippet.txt @@ -1,5 +1,5 @@ # start: source at files/apache2/apache2.Dockerfile.snippet.txt # graceful STOPSIGNAL is SIGWINCH as of https://httpd.apache.org/docs/2.4/en/stopping.html STOPSIGNAL WINCH -CMD ["httpd", "-DFOREGROUND"] -# end : source at files/apache2/apache2.Dockerfile.snippet.txt \ No newline at end of file +CMD ["apache2", "-DFOREGROUND"] +# end : source at files/apache2/apache2.Dockerfile.snippet.txt From 84821cc79c448fd97d73b83759394d318cb73166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 20:50:55 +0200 Subject: [PATCH 12/15] Add ubuntu start cron script and crontab --- Dockerfile | 16 +++++++++------- files/cron/start-cron | 17 +++++++++++++++-- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 053ec5c..3f8e5b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -104,16 +104,12 @@ RUN mkdir /composer && chown www-data:www-data /composer RUN apt-get install -y ${PHP_PACKAGE_BASENAME}-fpm=${PHP_VERSION}-* # the ubuntu php fpm package, does not deliver php-fpm binary without suffix RUN ln -s $PHP_FPM_BINARY_PATH /usr/sbin/php-fpm -# use user www-data -RUN sed -i -e 's/user = nobody/user = www-data/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf -# use group www-data -RUN sed -i -e 's/group = nobody/group = www-data/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # listen also externally for the php-fpm process -RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 0.0.0.0:9000/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf +RUN sed -i -e 's/^listen = .*/listen = 0.0.0.0:9000/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # expose the given environment variables to php RUN sed -i -e 's/;clear_env = no/clear_env = no/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # write error_log to /dev/stderr -RUN sed -i -e 's/;error_log.*/error_log=\/dev\/stderr/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php-fpm.conf +RUN sed -i -e 's/error_log.*/error_log=\/dev\/stderr/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/php-fpm.conf # expose the worker logs to stdout + stderr RUN sed -i -e 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/${PHP_PACKAGE_BASE_VERSION}/fpm/pool.d/www.conf # avoid decoration like 'TIMESTAMP WARNING: [pool www] child 7 said into stderr "' around each log message @@ -159,8 +155,14 @@ ENV APACHE_RUN_USER=www-data \ RUN rm /etc/php/${PHP_PACKAGE_BASE_VERSION}/apache2/php.ini \ && ln -s /etc/php/${PHP_PACKAGE_BASE_VERSION}/php.ini /etc/php/${PHP_PACKAGE_BASE_VERSION}/apache2/php.ini +# crontab +RUN apt-get update && apt-get install --no-install-recommends -y cron \ + && rm -rf /var/lib/apt/lists/* \ + && mkfifo --mode 0666 /var/log/cron.log \ + && sed --regexp-extended --in-place \ + 's/^session\s+required\s+pam_loginuid.so$/session optional pam_loginuid.so/' \ + /etc/pam.d/cron # the start-cron script -RUN mkfifo -m 0666 /var/log/cron.log RUN chown www-data:www-data /var/log/cron.log COPY files/cron/start-cron /usr/sbin/start-cron RUN chmod +x /usr/sbin/start-cron diff --git a/files/cron/start-cron b/files/cron/start-cron index ab0b538..24db0cf 100755 --- a/files/cron/start-cron +++ b/files/cron/start-cron @@ -6,6 +6,9 @@ if [ "${CRON_PATH}" ]; then ln -s "${CRON_PATH}"/* /etc/cron.d/ fi +# remove write permission for (g)roup and (o)ther (required by cron) +chmod -R go-w /etc/cron.d + CRONTAB_USER_OPTIONS="" if [ "${CRONTAB_USER}" ]; then @@ -19,6 +22,16 @@ fi | sed --regexp-extended 's/\\(.)/\1/g' \ | crontab ${CRONTAB_USER_OPTIONS} - +# update default values of PAM environment variables (used by CRON scripts) +env -0 | while read -d $'\0' -r line; do # read STDIN by line + # split LINE by "=" + IFS="=" read var val <<< ${line} + # remove existing definition of environment variable, ignoring exit code + sed --in-place "/^${var}[[:blank:]=]/d" /etc/security/pam_env.conf || true + # append new default value of environment variable + echo "${var} DEFAULT=\"${val}\"" >> /etc/security/pam_env.conf +done + if [ "${CRONTAB_CONTENT}" ]; then echo "CRONTAB_CONTENT provided, setting up crontab" echo "PATH=$PATH @@ -26,10 +39,10 @@ $CRONTAB_CONTENT" | crontab ${CRONTAB_USER_OPTIONS} - fi # start cron -/usr/sbin/crond +service cron start # trap SIGINT and SIGTERM signals and gracefully exit -trap "kill \$!; exit" SIGINT SIGTERM +trap "service cron stop; kill \$!; exit" SIGINT SIGTERM # start "daemon" while true From 341300d29e3eedb46e35f6f9807a2381680615cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 25 Sep 2023 20:58:39 +0200 Subject: [PATCH 13/15] Use newer nginx docker image for fpm test --- tests/fpm/docker-compose.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/fpm/docker-compose.yml b/tests/fpm/docker-compose.yml index 6ded0b4..360960d 100644 --- a/tests/fpm/docker-compose.yml +++ b/tests/fpm/docker-compose.yml @@ -19,8 +19,7 @@ services: volumes: - ./:/usr/src/app/ nginx: - image: nginx:1.11.10 - platform: linux/amd64 + image: nginx:1.25.2-alpine3.18-slim depends_on: - php-fpm ports: From 58fed86056bfcfa3da1518a708a51b66bc178104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Fri, 8 Dec 2023 12:45:51 +0100 Subject: [PATCH 14/15] Shutdown docker after fpm test --- tests/test_fpm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_fpm.sh b/tests/test_fpm.sh index 306f4dd..12fb8b1 100755 --- a/tests/test_fpm.sh +++ b/tests/test_fpm.sh @@ -21,4 +21,4 @@ fi docker compose exec php-fpm bash -c 'wget nginx:8080/phpinfo.php -q -O /tmp/response && cat /tmp/response' | grep "VARIABLE_NECESSARY_FOR_TEST" > /dev/null -#docker-compose down +docker-compose down From db3228cb93eabbc88d18d68c26f0439c1e2aa392 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=BCtze?= Date: Mon, 12 Feb 2024 19:24:38 +0100 Subject: [PATCH 15/15] Update to 8.2.15 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3f8e5b0..7e00905 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM ubuntu:jammy-20230816 +FROM ubuntu:jammy-20240125 -ARG PHP_VERSION="8.2.10" +ARG PHP_VERSION="8.2.15" ARG PHP_PACKAGE_BASENAME="php8.2" ARG PHP_PACKAGE_BASE_VERSION="8.2" ARG PHP_FPM_BINARY_PATH="/usr/sbin/php-fpm8.2"