diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fab524a..128061f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,182 +6,351 @@ on: - 'release/**' pull_request: -jobs: - build-amd64: - name: Build PHP Image amd64 +env: + GITHUB_REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + RELEASE_REF_FILTER: 'refs/heads/release/' + EXCLUDED_PLATFORM: "none" # change to linux/arm64 + # and thos blocks from: + # exclude: + # - platform: none + # to: + # exclude: + # - platform: linux/arm64 +jobs: + lint: runs-on: ubuntu-latest - - continue-on-error: false - + strategy: + fail-fast: false steps: - - name: "Checkout code" - uses: actions/checkout@v3 - - - name: Lint Dockerfile - uses: hadolint/hadolint-action@v3.0.0 - with: - dockerfile: "Dockerfile" - format: "tty" - no-color: "true" - output-file: "/dev/stdout" - - - name: "Build Alpine" - run: > - ./build_images.sh temporary-build-image linux/amd64 - - name: "Export image" - run: mv dockercache amdcache - - name: 'Upload Artifact' - uses: actions/upload-artifact@v3 - with: - name: amdcache - path: amdcache - retention-days: 1 - - build-arm64: - name: Build PHP Image arm64 - + - name: Checkout + uses: actions/checkout@v4 + - name: Lint Dockerfile + uses: hadolint/hadolint-action@v3.0.0 + with: + dockerfile: "Dockerfile" + format: "tty" + no-color: "true" + output-file: "/dev/stdout" + build-base: runs-on: ARM64 - - continue-on-error: false - + needs: + - lint + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + exclude: + - platform: none steps: - - name: "Checkout code" - uses: actions/checkout@v3 - - - name: Lint Dockerfile - uses: hadolint/hadolint-action@v3.0.0 - with: - dockerfile: "Dockerfile" - format: "tty" - no-color: "true" - output-file: "/dev/stdout" - - - name: "Build Alpine" - run: > - ./build_images.sh temporary-build-image linux/arm64/v8 - - name: "Export image" - run: mv dockercache armcache - - name: 'Upload Artifact' - uses: actions/upload-artifact@v3 - with: - name: armcache - path: armcache - retention-days: 1 - - upload: - name: Upload PHP Image - + - + name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + platforms: ${{ matrix.platform }} + tags: temporary-build-image-${{ env.PLATFORM_PAIR }} + target: php-zts-base + cache-to: type=gha,mode=max,scope=${{ env.PLATFORM_PAIR }}-base + outputs: type=docker,dest=/tmp/${{ env.PLATFORM_PAIR }}-base.tar + - name: Load image + run: | + docker load --input /tmp/${{ env.PLATFORM_PAIR }}-base.tar + docker image ls -a + - name: Test + run: | + docker run --platform ${{ matrix.platform }} --rm temporary-build-image-${{ env.PLATFORM_PAIR }} sh -c 'uname -a && php -v' + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ env.PLATFORM_PAIR }}-base.tar + path: /tmp/${{ env.PLATFORM_PAIR }}-base.tar + build-pecl-modules: + runs-on: ARM64 + needs: build-base + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + exclude: + - platform: none + module: + - pecl-builder-amqp + - pecl-builder-apcu + - pecl-builder-igbinary + - pecl-builder-imagick + - pecl-builder-msgpack + - pecl-builder-memcached + - pecl-builder-protobuf + - pecl-builder-redis + - pecl-builder-xdebug + - pecl-builder-grpc + - pecl-builder-pcov + - FRANKENPHPBUILDER + steps: + - + name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + platforms: ${{ matrix.platform }} + tags: temporary-build-image-${{ env.PLATFORM_PAIR }} + target: ${{ matrix.module }} + cache-from: type=gha,scope=${{ env.PLATFORM_PAIR }}-base + cache-to: type=gha,mode=max,scope=${{ env.PLATFORM_PAIR }}-${{ matrix.module }} + outputs: type=docker,dest=/tmp/${{ env.PLATFORM_PAIR }}-${{ matrix.module }}.tar + - name: Load image + run: | + docker load --input /tmp/${{ env.PLATFORM_PAIR }}-${{ matrix.module }}.tar + docker image ls -a + - name: Test + run: | + docker run --platform ${{ matrix.platform }} --rm temporary-build-image-${{ env.PLATFORM_PAIR }} sh -c 'uname -a && php -v' + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ env.PLATFORM_PAIR }}-${{ matrix.module }}.tar + path: /tmp/${{ env.PLATFORM_PAIR }}-${{ matrix.module }}.tar + build-all: runs-on: ubuntu-latest - - needs: - - build-arm64 - - build-amd64 - - continue-on-error: false - + needs: build-pecl-modules + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + exclude: + - platform: none steps: - - name: "Checkout code" - uses: actions/checkout@v3 - - - name: Download amd64 - uses: actions/download-artifact@v3 + - + name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - if: contains(github.ref, env.RELEASE_REF_FILTER) + name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - if: contains(github.ref, env.RELEASE_REF_FILTER) + name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GITHUB_REGISTRY }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + platforms: ${{ matrix.platform }} + tags: temporary-build-image-${{ env.PLATFORM_PAIR }} + cache-from: | + type=gha,scope=${{ env.PLATFORM_PAIR }}-base + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-amqp + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-apcu + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-igbinary + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-imagick + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-msgpack + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-memcached + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-protobuf + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-redis + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-xdebug + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-grpc + type=gha,scope=${{ env.PLATFORM_PAIR }}-pecl-builder-pcov + type=gha,scope=${{ env.PLATFORM_PAIR }}-FRANKENPHPBUILDER + cache-to: type=gha,mode=max,scope=${{ env.PLATFORM_PAIR }} + outputs: type=docker,dest=/tmp/${{ env.PLATFORM_PAIR }}.tar + - name: Load image + run: | + docker load --input /tmp/${{ env.PLATFORM_PAIR }}.tar + docker image ls -a + - name: Test + run: | + docker run --platform ${{ matrix.platform }} --rm temporary-build-image-${{ env.PLATFORM_PAIR }} sh -c 'uname -a && php -v' + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ env.PLATFORM_PAIR }}.tar + path: /tmp/${{ env.PLATFORM_PAIR }}.tar + test: + runs-on: ubuntu-latest + needs: build-all + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + exclude: + - platform: none + steps: + - + name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Download ${{ matrix.platform }} artifact + uses: actions/download-artifact@v4 + with: + name: ${{ env.PLATFORM_PAIR }}.tar + path: /tmp + - name: Load image + run: | + docker load --input /tmp/${{ env.PLATFORM_PAIR }}.tar + docker image ls -a + - name: Test + run: | + docker run --platform ${{ matrix.platform }} --rm temporary-build-image-${{ env.PLATFORM_PAIR }} sh -c 'uname -a && php -v' + use: + runs-on: ubuntu-latest + needs: build-all + strategy: + fail-fast: false + matrix: + suffix: + - unsuffixed + - fpm + - apache2 + - unit + - frankenphp + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Download amd64 artifact + uses: actions/download-artifact@v4 with: - name: amdcache - path: amdcache - - - name: Download arm64 - uses: actions/download-artifact@v3 + name: linux-amd64.tar + path: /tmp + - name: Download arm64 artifact + if: env.EXCLUDED_PLATFORM != 'linux/arm64' + uses: actions/download-artifact@v4 with: - name: armcache - path: armcache - - - name: "Create docker cache" - run: > - cp -rf amdcache dockercache - - - name: "Reload build cache for amd64" - run: > - ./build_images.sh temporary-build-image linux/amd64 - - - name: "Smoke test with php -v" - run: docker run --pull=never --rm -t temporary-build-image-linux-amd64 php -v - - - name: "PHP_VERSION Env" + name: linux-arm64.tar + path: /tmp + - name: Load arm64 image + if: env.EXCLUDED_PLATFORM != 'linux/arm64' + run: | + docker load --input /tmp/linux-arm64.tar + docker image ls -a + - name: Load amd64 image + run: | + docker load --input /tmp/linux-amd64.tar + docker image ls -a + - name: Test amd64 + run: | + docker run --platform linux/amd64 --rm temporary-build-image-linux-amd64 sh -c 'uname -a && php -v' + - name: Test arm64 + if: env.EXCLUDED_PLATFORM != 'linux/arm64' + run: | + docker run --platform linux/arm64 --rm temporary-build-image-linux-arm64 sh -c 'uname -a && php -v' + - name: "PHP_VERSION Env" run: echo "PHP_VERSION=`docker run --pull=never --rm -t temporary-build-image-linux-amd64 php --version | head -n 1 | cut -f 2 -d ' '``docker run --pull=never --rm -t temporary-build-image-linux-amd64 php --version | grep 'ZTS' >/dev/null && echo '-zts' || echo ''`" >> $GITHUB_ENV - - - name: Tag also with php:${{ env.PHP_VERSION }} - run: docker tag temporary-build-image-linux-amd64 php-${{ env.PHP_VERSION }} - - - name: "Check Alpine -i" - run: docker run --pull=never --rm -t php-${{ env.PHP_VERSION }} php -i - - - name: "Check Alpine -v" - run: docker run --pull=never --rm -t php-${{ env.PHP_VERSION }} php -v - - - name: "Run Tests" - run: tests/run_tests.sh - env: - DOCKER_REGISTRY_IMAGE: "temporary-build-image-linux-amd64" - - - name: Run Alpine Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + - name: Log into registry ${{ env.GITHUB_REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 with: - image-ref: php-${{ env.PHP_VERSION }} - format: 'table' - exit-code: '0' # we don't break the build if vulnerabilities are included! - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - - - if: contains(github.ref, 'refs/heads/release/') - name: Run Alpine Trivy vulnerability scanner and upload to github security tab - uses: aquasecurity/trivy-action@master + registry: ${{ env.GITHUB_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract Dockerfile metadata + id: metaUnsuffixed + uses: docker/metadata-action@v5.5.1 with: - image-ref: php-${{ env.PHP_VERSION }} - format: 'sarif' - output: 'trivy-results.sarif' - - - if: contains(github.ref, 'refs/heads/release/') - name: Upload Alpine Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + tags: | + type=raw,value=${{ env.PHP_VERSION }} + images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Set platforms + id: set-platforms + run: | + if [ "${{ env.EXCLUDED_PLATFORM }}" = "linux/arm64" ]; then + echo "PLATFORMS=linux/amd64" >> $GITHUB_ENV + else + echo "PLATFORMS=linux/amd64,linux/arm64" >> $GITHUB_ENV + fi + - if: contains(matrix.suffix, 'unsuffixed') + name: Build and push Docker image + uses: docker/build-push-action@v5.3.0 with: - sarif_file: 'trivy-results.sarif' -# - - if: contains(github.ref, 'refs/heads/release/') - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots - uses: aquasecurity/trivy-action@master + context: . + platforms: ${{ env.PLATFORMS }} + provenance: false + cache-from: | + type=gha,scope=unsuffixed + type=gha,scope=linux-amd64 + type=gha,scope=linux-arm64 + cache-to: type=gha,mode=max,scope=unsuffixed + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.metaUnsuffixed.outputs.tags }} + labels: ${{ steps.metaUnsuffixed.outputs.labels }} + - if: ${{ !contains(matrix.suffix, 'unsuffixed') }} + name: Create Dockerfile-${{ matrix.suffix }} + run: | + cp Dockerfile Dockerfile-${{ matrix.suffix }} + cat files/${{ matrix.suffix }}/${{ matrix.suffix }}.Dockerfile.snippet.txt >> Dockerfile-${{ matrix.suffix }} + - if: ${{ !contains(matrix.suffix, 'unsuffixed') }} + name: Extract Dockerfile-${{ matrix.suffix }} metadata + id: meta + uses: docker/metadata-action@v5.5.1 with: - format: 'github' - output: 'dependency-results.sbom.json' - image-ref: 'temporary-build-image-linux-amd64' - github-pat: ${{ secrets.PAT }} - - if: contains(github.ref, 'refs/heads/release/') - name: Login to DockerHub - uses: docker/login-action@v2 + tags: | + type=raw,value=${{ env.PHP_VERSION }}-${{ matrix.suffix }} + images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }} + - if: ${{ !contains(matrix.suffix, 'unsuffixed') }} + name: Build and push Dockerfile-${{ matrix.suffix }} + uses: docker/build-push-action@v5.3.0 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + context: . + file: Dockerfile-${{ matrix.suffix }} + platforms: ${{ env.PLATFORMS }} + provenance: false + cache-from: | + type=gha,scope=unsuffixed + type=gha,scope=linux-amd64 + type=gha,scope=linux-arm64 + cache-to: type=gha,mode=max,scope=${{ matrix.suffix }} + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - - if: contains(github.ref, 'refs/heads/release/') - name: Login to Quay.io - uses: docker/login-action@v2 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} - - if: contains(github.ref, 'refs/heads/release/') - name: Login to ghcr.io - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - if: contains(github.ref, 'refs/heads/release/') - name: "Build and Push Multi Arch PHP" - env: - GHCR_DOCKER_IMAGE_NAME: ghcr.io/endava/docker-php:${{ env.PHP_VERSION }} - QUAY_DOCKER_IMAGE_NAME: quay.io/endava/php:${{ env.PHP_VERSION }} - run: ./build_and_push_multi_arch_images.sh endava/php:${{ env.PHP_VERSION }} diff --git a/Dockerfile b/Dockerfile index 4374a21..8c22fc6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,12 @@ -FROM alpine:3.19.1 as PHPZTSBUILDER +FROM alpine:3.21.0 AS alpine-distro +FROM alpine-distro AS php-zts-builder RUN apk add --no-cache libc6-compat RUN apk add --no-cache alpine-sdk RUN apk add --no-cache git git-lfs bash vim vimdiff curl +RUN apk upgrade -U # 2024/01/14 to fix CVEs + RUN adduser -h /workspace -s /bin/bash -S -D -u 501 -G dialout alpiner RUN addgroup alpiner abuild @@ -17,23 +20,28 @@ USER root RUN cp /workspace/.abuild/*.rsa.pub /etc/apk/keys/ USER alpiner -RUN git clone -b 3.19-stable --single-branch --depth=1 https://gitlab.alpinelinux.org/alpine/aports -WORKDIR /workspace/aports/community/php83 -RUN cp -rf /workspace/aports/community/php83 /workspace/aports/community/phpzts83 -WORKDIR /workspace/aports/community/phpzts83 -RUN sed -i -e 's/pkgname=php83/pkgname=phpzts83/' APKBUILD +RUN git clone -b 3.21-stable --single-branch --depth=1 https://gitlab.alpinelinux.org/alpine/aports + +WORKDIR /workspace/aports/community/php84 +RUN cp -rf /workspace/aports/community/php84 /workspace/aports/community/phpzts84 +WORKDIR /workspace/aports/community/phpzts84 +RUN sed -i -e 's/pkgname=php84/pkgname=phpzts84/' APKBUILD # hadolint ignore=SC2016 -RUN sed -i -e 's/\$pkgname-fpm.initd/php83-fpm.initd/' APKBUILD +RUN sed -i -e 's/\$pkgname-fpm.initd/php84-fpm.initd/' APKBUILD # hadolint ignore=SC2016 -RUN sed -i -e 's/\$pkgname-fpm.logrotate/php83-fpm.logrotate/' APKBUILD +RUN sed -i -e 's/\$pkgname-fpm.logrotate/php84-fpm.logrotate/' APKBUILD # hadolint ignore=SC2016 -RUN sed -i -e 's/\$pkgname-module.conf/php83-module.conf/' APKBUILD +RUN sed -i -e 's/\$pkgname-module.conf/php84-module.conf/' APKBUILD # hadolint ignore=SC2016 -RUN sed -i -e 's/\$pkgname-fpm-version-suffix.patch/php83-fpm-version-suffix.patch/' APKBUILD +RUN sed -i -e 's/\$pkgname-fpm-version-suffix.patch/php84-fpm-version-suffix.patch/' APKBUILD # hadolint ignore=SC2016 -RUN sed -i -e 's/php\$_suffix-module.conf/php83-module.conf/' APKBUILD +RUN sed -i -e 's/php\$_suffix-module.conf/php84-module.conf/' APKBUILD RUN sed -i -e 's/--host/--enable-zts --enable-zend-max-execution-timers --enable-zend-timer --disable-zend-signals --host/' APKBUILD +RUN sed -i -e 's/--with-openssl-argon2//' APKBUILD +#RUN sed -i -e 's/--with-password-argon2//' APKBUILD +RUN sed -i -e 's/--with-libxml/--with-expat/' APKBUILD +RUN sed -i -e 's/_default_php="yes"/_default_php="no"/g' APKBUILD RUN echo "" >> disabled-tests.list RUN echo "ext/posix/tests/bug75696.phpt" >> disabled-tests.list RUN echo "ext/posix/tests/posix_getgrgid.phpt" >> disabled-tests.list @@ -43,11 +51,10 @@ RUN echo "ext/posix/tests/posix_getpwnam_basic_01.phpt" >> disabled-tests.list RUN echo "ext/posix/tests/posix_getpwuid_basic.phpt" >> disabled-tests.list RUN echo "sapi/cli/tests/bug61546.phpt" >> disabled-tests.list RUN echo "sapi/fpm/tests/socket-uds-numeric-ugid-nonroot.phpt" >> disabled-tests.list -RUN echo "ext/imap/tests/imap_mutf7_to_utf8.phpt" >> disabled-tests.list -RUN echo "ext/imap/tests/imap_utf8_to_mutf7_basic.phpt" >> disabled-tests.list RUN echo "ext/curl/tests/curl_basic_009.phpt" >> disabled-tests.list RUN echo "ext/curl/tests/curl_basic_024.phpt" >> disabled-tests.list RUN echo "ext/standard/tests/file/bug52820.phpt" >> disabled-tests.list +RUN echo "ext/xml/tests/XML_OPTION_PARSE_HUGE.phpt" >> disabled-tests.list USER root RUN apk update @@ -56,28 +63,26 @@ RUN arch RUN uname -m RUN abuild -A RUN abuild checksum && abuild -r -WORKDIR /workspace/aports/community/unit -# make phpver3 to be phpzts83 -RUN sed -i -e 's/_phpver3=83/_phpver3=zts83/' APKBUILD -# make unit-php83 find the lphpzts83.so +WORKDIR /workspace/aports/community/unit-php84 +# make phpver3 to be phpzts84 +RUN sed -i -e 's/_phpver=84/_phpver=zts84/' APKBUILD +# make unit-php84 find the lphpzts84.so # hadolint ignore=SC2016 -RUN sed -i -e 's/.\/configure php --module=php\$_phpver3/sed -i -e "s\/lphp\/lphpzts\/g" auto\/modules\/php \&\& .\/configure php --module=php\$_phpver3/g' APKBUILD +RUN sed -i -e 's/.\/configure php --module=php\$_phpver/sed -i -e "s\/lphp\/lphpzts\/g" auto\/modules\/php \&\& .\/configure php --module=php\$_phpver/g' APKBUILD RUN sed -i -e 's/_allow_fail=no/_allow_fail=yes/g' APKBUILD RUN abuild checksum && abuild -r -FROM alpine:3.19.1 +FROM alpine-distro AS php-zts-base -ARG PHP_VERSION="8.3.3" -ARG PHP_PACKAGE_BASENAME="phpzts83" -ARG PHP_FPM_BINARY_PATH="/usr/sbin/php-fpmzts83" -ARG UNIT_VERSION="1.32.1" -ARG APACHE2_VERSION="2.4.59" +ARG PHP_VERSION="8.4.2" +ARG PHP_PACKAGE_BASENAME="phpzts84" +ARG PHP_PACKAGE_INCLUDE="/usr/include/php84" +ARG PHP_FPM_BINARY_PATH="/usr/sbin/php-fpmzts84" ENV PHP_VERSION=$PHP_VERSION ENV PHP_PACKAGE_BASENAME=$PHP_PACKAGE_BASENAME +ENV PHP_PACKAGE_INCLUDE=$PHP_PACKAGE_INCLUDE ENV PHP_FPM_BINARY_PATH=$PHP_FPM_BINARY_PATH -ENV UNIT_VERSION=$UNIT_VERSION -ENV APACHE2_VERSION=$APACHE2_VERSION RUN apk upgrade -U # 2023/01/05 to fix CVE-2022-3996 @@ -103,7 +108,7 @@ RUN apk add --no-cache \ RUN set -eux; \ adduser -u 82 -D -S -G www-data www-data -COPY --from=PHPZTSBUILDER /workspace/packages/community /opt/custom-packages +COPY --from=php-zts-builder /workspace/packages/community /opt/custom-packages # hadolint ignore=DL3003,SC2035,SC2046 RUN apk add --no-cache abuild && \ abuild-keygen -a -n && \ @@ -142,116 +147,217 @@ RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pear RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-tokenizer RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-session +# FIXME: we need this, since phpzts84 is not the _default_php in https://git.alpinelinux.org/aports/tree/community/php84/APKBUILD +WORKDIR /usr/bin +RUN ln -s phpzts84 php \ + && ln -s peardevzts84 peardev \ + && ln -s peclzts84 pecl \ + && ln -s phpizezts84 phpize \ + && ln -s php-configzts84 php-config \ + && ln -s phpdbgzts84 phpdbg \ + && ln -s lsphpzts84 lsphp \ + && ln -s php-cgizts84 php-cgi \ + && ln -s phar.pharzts84 phar.phar \ + && ln -s pharzts84 phar + +FROM php-zts-base AS PECL-BUILDER-AMQP + # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-amqp RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers rabbitmq-c-dev ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install amqp \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install amqp \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/amqp.so \ && echo "extension=amqp" > /etc/$PHP_PACKAGE_BASENAME/conf.d/40_amqp.ini \ && apk del --no-network .build-deps \ && apk add --no-cache rabbitmq-c +FROM php-zts-base AS PECL-BUILDER-APCU + # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-apcu RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install apcu \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install apcu \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/apcu.so \ && echo "extension=apcu" > /etc/$PHP_PACKAGE_BASENAME/conf.d/apcu.ini \ && apk del --no-network .build-deps +FROM php-zts-base AS PECL-BUILDER-IGBINARY + # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-igbinary RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install igbinary \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install igbinary \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so \ && echo "extension=igbinary" > /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini \ && apk del --no-network .build-deps -# FIXME: # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-imagick +FROM php-zts-base AS PECL-BUILDER-IMAGICK + +# FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-imagick +# FIXME: we do this because of https://github.com/Imagick/imagick/issues/643 RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers imagemagick imagemagick-dev imagemagick-libs ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install imagick \ + && wget --quiet --no-verbose https://github.com/Imagick/imagick/archive/7088edc353f53c4bc644573a79cdcd67a726ae16.tar.gz -O /tmp/imagick.tar.gz \ + && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ + && phpizezts84 \ + && ./configure \ + && MAKEFLAGS="-j $(nproc)" make \ + && MAKEFLAGS="-j $(nproc)" make install \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/imagick.so \ - && echo "extension=imagick" > /etc/$PHP_PACKAGE_BASENAME/conf.d/00_imagick.ini \ + && echo "extension=imagick.so" > /etc/$PHP_PACKAGE_BASENAME/conf.d/00_imagick.ini \ + && rm -rf /tmp/imagick.tar.gz \ && apk del --no-network .build-deps \ && apk add --no-cache imagemagick imagemagick-libs libgomp + +FROM php-zts-base AS PECL-BUILDER-MSGPACK # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-msgpack RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install msgpack \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install msgpack \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/msgpack.so \ && echo "extension=msgpack" > /etc/$PHP_PACKAGE_BASENAME/conf.d/10_msgpack.ini \ && apk del --no-network .build-deps +FROM php-zts-base AS PECL-BUILDER-MEMCACHED + +COPY --from=PECL-BUILDER-IGBINARY /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so +COPY --from=PECL-BUILDER-IGBINARY /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini +COPY --from=PECL-BUILDER-IGBINARY $PHP_PACKAGE_INCLUDE/ext/igbinary $PHP_PACKAGE_INCLUDE/ext/igbinary +COPY --from=PECL-BUILDER-MSGPACK /usr/lib/$PHP_PACKAGE_BASENAME/modules/msgpack.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/msgpack.so +COPY --from=PECL-BUILDER-MSGPACK /etc/$PHP_PACKAGE_BASENAME/conf.d/10_msgpack.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/10_msgpack.ini +COPY --from=PECL-BUILDER-MSGPACK $PHP_PACKAGE_INCLUDE/ext/msgpack $PHP_PACKAGE_INCLUDE/ext/msgpack # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-memcached RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers zlib-dev libmemcached-dev cyrus-sasl-dev libevent-dev ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install -D 'enable-memcached-igbinary="yes" enable-memcached-session="yes" enable-memcached-json="yes" enable-memcached-protocol="yes" enable-memcached-msgpack="yes"' memcached \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install -D 'enable-memcached-igbinary="yes" enable-memcached-session="yes" enable-memcached-json="yes" enable-memcached-protocol="yes" enable-memcached-msgpack="yes"' memcached \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/memcached.so \ && echo "extension=memcached" > /etc/$PHP_PACKAGE_BASENAME/conf.d/20_memcached.ini \ && apk del --no-network .build-deps \ && apk add --no-cache libmemcached-libs libevent +FROM php-zts-base AS PECL-BUILDER-PROTOBUF + # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-protobuf RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install protobuf \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install protobuf \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/protobuf.so \ && echo "extension=protobuf" > /etc/$PHP_PACKAGE_BASENAME/conf.d/protobuf.ini \ && apk del --no-network .build-deps -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pgsql -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-phar -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-posix +FROM php-zts-base AS PECL-BUILDER-REDIS +COPY --from=PECL-BUILDER-IGBINARY /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so +COPY --from=PECL-BUILDER-IGBINARY /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini +COPY --from=PECL-BUILDER-IGBINARY $PHP_PACKAGE_INCLUDE/ext/igbinary $PHP_PACKAGE_INCLUDE/ext/igbinary # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-redis RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers lz4-dev zstd-dev ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install -D 'enable-redis-igbinary="yes" enable-redis-lz4="yes" with-liblz4="yes" enable-redis-lzf="yes" enable-redis-zstd="yes"' redis \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install -D 'enable-redis-igbinary="yes" enable-redis-lz4="yes" with-liblz4="yes" enable-redis-lzf="yes" enable-redis-zstd="yes"' redis \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/redis.so \ && echo "extension=redis" > /etc/$PHP_PACKAGE_BASENAME/conf.d/20_redis.ini \ && apk del --no-network .build-deps -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-simplexml -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-soap -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sockets -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sodium -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sqlite3 +FROM php-zts-base AS PECL-BUILDER-XDEBUG # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xdebug RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install xdebug \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install xdebug \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/xdebug.so \ && echo ";zend_extension=xdebug.so" > /etc/$PHP_PACKAGE_BASENAME/conf.d/50_xdebug.ini \ && echo ";xdebug.mode=off" >> /etc/$PHP_PACKAGE_BASENAME/conf.d/50_xdebug.ini \ + && sed -i -e 's/;zend/zend/g' /etc/${PHP_PACKAGE_BASENAME}/conf.d/50_xdebug.ini \ && apk del --no-network .build-deps -RUN sed -i -e 's/;zend/zend/g' /etc/${PHP_PACKAGE_BASENAME}/conf.d/50_xdebug.ini -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xml -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xmlwriter -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xmlreader -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xsl -RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-zip +FROM php-zts-base AS PECL-BUILDER-GRPC # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-grpc~=$GRPC_EXTENSION_VERSION --repository $GRPC_EXTENSION_REPOSITORY RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install grpc \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install grpc \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/grpc.so \ && echo "extension=grpc" > /etc/$PHP_PACKAGE_BASENAME/conf.d/grpc.ini \ && apk del --no-network .build-deps +FROM php-zts-base AS PECL-BUILDER-PCOV + # FIXME: RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pecl-pcov~=$PCOV_EXTENSION_VERSION --repository $PCOV_EXTENSION_REPOSITORY RUN apk add --no-cache binutils build-base openssl-dev autoconf pcre2-dev automake libtool linux-headers ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && MAKEFLAGS="-j $(nproc)" peclzts83 install pcov \ + && MAKEFLAGS="-j $(nproc)" peclzts84 install pcov \ && strip --strip-all /usr/lib/$PHP_PACKAGE_BASENAME/modules/pcov.so \ && echo "extension=pcov" > /etc/$PHP_PACKAGE_BASENAME/conf.d/pcov.ini \ && apk del --no-network .build-deps -# FIXME: we need this, since php83 is not the _default_php in https://git.alpinelinux.org/aports/tree/community/php83/APKBUILD -WORKDIR /usr/bin -RUN ln -s phpzts83 php \ - && ln -s peardevzts83 peardev \ - && ln -s peclzts83 pecl \ - && ln -s phpizezts83 phpize \ - && ln -s php-configzts83 php-config \ - && ln -s phpdbgzts83 phpdbg \ - && ln -s lsphpzts83 lsphp \ - && ln -s php-cgizts83 php-cgi \ - && ln -s phar.pharzts83 phar.phar \ - && ln -s pharzts83 phar +FROM php-zts-base AS FRANKENPHPBUILDER + +# install caddy with frankenphp +# hadolint ignore=SC2016,SC2086,DL3003 +RUN apk add --no-cache go~=1.22 --virtual .go-build-deps \ + && apk add --no-cache libxml2-dev sqlite-dev brotli-dev build-base openssl-dev ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ + && cd /opt \ + && git clone https://github.com/dunglas/frankenphp.git --recursive --branch v1.2.5 --single-branch \ + && cd /opt/frankenphp/caddy/frankenphp \ + # make frankenphp to be happy about lphpzts84.so and not require us to have a lphp.so + && sed -i -e "s/lphp/l${PHP_PACKAGE_BASENAME}/g" ../../frankenphp.go \ + && export PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 `php-config --includes`" \ + && export PHP_CPPFLAGS="$PHP_CFLAGS" \ + && export PHP_LDFLAGS="-Wl,-O1 -pie `php-config --ldflags`" \ + && export CGO_LDFLAGS="$PHP_LDFLAGS" CGO_CFLAGS=$PHP_CFLAGS CGO_CPPFLAGS=$PHP_CPPFLAGS \ + && go build \ + && rm -rf /root/.cache /root/go \ + && mv /opt/frankenphp/caddy/frankenphp/frankenphp /usr/sbin/frankenphp \ + && rm -rf /opt/frankenphp \ + && apk del --no-network .build-deps .go-build-deps + +FROM php-zts-base + +COPY --from=PECL-BUILDER-AMQP /usr/lib/$PHP_PACKAGE_BASENAME/modules/amqp.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/amqp.so +COPY --from=PECL-BUILDER-AMQP /etc/$PHP_PACKAGE_BASENAME/conf.d/40_amqp.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/40_amqp.ini +RUN apk add --no-cache rabbitmq-c + +COPY --from=PECL-BUILDER-APCU /usr/lib/$PHP_PACKAGE_BASENAME/modules/apcu.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/apcu.so +COPY --from=PECL-BUILDER-APCU /etc/$PHP_PACKAGE_BASENAME/conf.d/apcu.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/apcu.ini +COPY --from=PECL-BUILDER-APCU $PHP_PACKAGE_INCLUDE/ext/apcu $PHP_PACKAGE_INCLUDE/ext/apcu + +COPY --from=PECL-BUILDER-IGBINARY /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/igbinary.so +COPY --from=PECL-BUILDER-IGBINARY /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/10_igbinary.ini +COPY --from=PECL-BUILDER-IGBINARY $PHP_PACKAGE_INCLUDE/ext/igbinary $PHP_PACKAGE_INCLUDE/ext/igbinary + +COPY --from=PECL-BUILDER-IMAGICK /usr/lib/$PHP_PACKAGE_BASENAME/modules/imagick.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/imagick.so +COPY --from=PECL-BUILDER-IMAGICK /etc/$PHP_PACKAGE_BASENAME/conf.d/00_imagick.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/00_imagick.ini +RUN apk add --no-cache imagemagick imagemagick-libs libgomp + +COPY --from=PECL-BUILDER-MSGPACK /usr/lib/$PHP_PACKAGE_BASENAME/modules/msgpack.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/msgpack.so +COPY --from=PECL-BUILDER-MSGPACK /etc/$PHP_PACKAGE_BASENAME/conf.d/10_msgpack.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/10_msgpack.ini +COPY --from=PECL-BUILDER-MSGPACK $PHP_PACKAGE_INCLUDE/ext/msgpack $PHP_PACKAGE_INCLUDE/ext/msgpack + +COPY --from=PECL-BUILDER-MEMCACHED /usr/lib/$PHP_PACKAGE_BASENAME/modules/memcached.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/memcached.so +COPY --from=PECL-BUILDER-MEMCACHED /etc/$PHP_PACKAGE_BASENAME/conf.d/20_memcached.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/20_memcached.ini +RUN apk add --no-cache libmemcached-libs libevent + +COPY --from=PECL-BUILDER-PROTOBUF /usr/lib/$PHP_PACKAGE_BASENAME/modules/protobuf.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/protobuf.so +COPY --from=PECL-BUILDER-PROTOBUF /etc/$PHP_PACKAGE_BASENAME/conf.d/protobuf.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/protobuf.ini + + +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-pgsql +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-phar +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-posix + +COPY --from=PECL-BUILDER-REDIS /usr/lib/$PHP_PACKAGE_BASENAME/modules/redis.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/redis.so +COPY --from=PECL-BUILDER-REDIS /etc/$PHP_PACKAGE_BASENAME/conf.d/20_redis.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/20_redis.ini + +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-simplexml +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-soap +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sockets +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sodium +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-sqlite3 + +COPY --from=PECL-BUILDER-XDEBUG /usr/lib/$PHP_PACKAGE_BASENAME/modules/xdebug.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/xdebug.so +COPY --from=PECL-BUILDER-XDEBUG /etc/$PHP_PACKAGE_BASENAME/conf.d/50_xdebug.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/50_xdebug.ini + +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xml +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xmlwriter +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xmlreader +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-xsl +RUN apk add --no-cache ${PHP_PACKAGE_BASENAME}-zip + +COPY --from=PECL-BUILDER-GRPC /usr/lib/$PHP_PACKAGE_BASENAME/modules/grpc.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/grpc.so +COPY --from=PECL-BUILDER-GRPC /etc/$PHP_PACKAGE_BASENAME/conf.d/grpc.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/grpc.ini + +COPY --from=PECL-BUILDER-PCOV /usr/lib/$PHP_PACKAGE_BASENAME/modules/pcov.so /usr/lib/$PHP_PACKAGE_BASENAME/modules/pcov.so +COPY --from=PECL-BUILDER-PCOV /etc/$PHP_PACKAGE_BASENAME/conf.d/pcov.ini /etc/$PHP_PACKAGE_BASENAME/conf.d/pcov.ini # add php.ini containing environment variables COPY files/php.ini /etc/${PHP_PACKAGE_BASENAME}/php.ini @@ -283,18 +389,20 @@ RUN sed -i -e 's/;decorate_workers_output = no/decorate_workers_output = no/g' / RUN echo "php_admin_flag[fastcgi.logging] = off" >> /etc/${PHP_PACKAGE_BASENAME}/php-fpm.d/www.conf # install nginx unit and the php module for nginx unit -RUN apk add --no-cache unit~=$UNIT_VERSION unit-${PHP_PACKAGE_BASENAME}~=$UNIT_VERSION +RUN apk add --no-cache unit unit-${PHP_PACKAGE_BASENAME} # add default nginx unit json file (listening on port 8080) COPY files/unit/unit-default.json /var/lib/unit/conf.json +# create folder for socket (necessary since alpine 3.20) +RUN mkdir /run/unit/ # chown the folder for control socket file RUN chown www-data:www-data /run/unit/ # install apache2 and the php module for apache2 -RUN apk add --no-cache apache2~=$APACHE2_VERSION ${PHP_PACKAGE_BASENAME}-apache2~=${PHP_VERSION} +RUN apk add --no-cache apache2 ${PHP_PACKAGE_BASENAME}-apache2~=${PHP_VERSION} # add default apache2 config file COPY files/apache2/apache2-default.conf /etc/apache2/conf.d/00_apache2-default.conf -# fix that the mod_php83.so is not properly renamed in the conf -RUN sed -i -e 's/mod_php83/mod_phpzts83/g' /etc/apache2/conf.d/php83-module.conf +# fix that the mod_php84.so is not properly renamed in the conf +RUN sed -i -e 's/mod_php84/mod_phpzts84/g' /etc/apache2/conf.d/php84-module.conf # activate rewrite module RUN sed -i -e 's/#LoadModule rewrite_module/LoadModule rewrite_module/g' /etc/apache2/httpd.conf # listen port 8080 @@ -316,24 +424,7 @@ RUN chown www-data:www-data /var/log/cron.log COPY files/cron/start-cron /usr/sbin/start-cron RUN chmod +x /usr/sbin/start-cron -# install caddy with frankenphp -# hadolint ignore=SC2016,SC2086,DL3003 -RUN apk add --no-cache go~=1.21 --virtual .go-build-deps \ - && apk add --no-cache libxml2-dev sqlite-dev brotli-dev build-base openssl-dev ${PHP_PACKAGE_BASENAME}-dev~=${PHP_VERSION} --virtual .build-deps \ - && cd /opt \ - && git clone https://github.com/dunglas/frankenphp.git --recursive --branch v1.1.0 --single-branch \ - && cd /opt/frankenphp/caddy/frankenphp \ - # make frankenphp to be happy about lphpzts83.so and not require us to have a lphp.so - && sed -i -e "s/lphp/l${PHP_PACKAGE_BASENAME}/g" ../../frankenphp.go \ - && export PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 `php-config --includes`" \ - && export PHP_CPPFLAGS="$PHP_CFLAGS" \ - && export PHP_LDFLAGS="-Wl,-O1 -pie `php-config --ldflags`" \ - && export CGO_LDFLAGS="$PHP_LDFLAGS" CGO_CFLAGS=$PHP_CFLAGS CGO_CPPFLAGS=$PHP_CPPFLAGS \ - && go build \ - && rm -rf /root/.cache /root/go \ - && mv /opt/frankenphp/caddy/frankenphp/frankenphp /usr/sbin/frankenphp \ - && rm -rf /opt/frankenphp \ - && apk del --no-network .build-deps .go-build-deps +COPY --from=FRANKENPHPBUILDER /usr/sbin/frankenphp /usr/sbin/frankenphp COPY files/frankenphp/Caddyfile /etc/Caddyfile # FIXME: start with /usr/sbin/frankenphp run --config /etc/Caddyfile @@ -343,7 +434,6 @@ RUN apk add --no-cache nss-tools CMD ["php", "-a"] - ENV PHP_DATE_TIMEZONE="UTC" \ PHP_ALLOW_URL_FOPEN="On" \ PHP_LOG_ERRORS_MAX_LEN=1024 \