Merge pull request #78 from WyriHaximusNet/add-debian-based-images

Add Debian based images

Author: WyriHaximus

.github/workflows/ci.yml

@@ -23,6 +23,18 @@ jobs:
       - id: supported-alpine-versions
         name: Generate Alpine
         uses: wyrihaximus/github-action-supported-alpine-linux-versions@v1
+  supported-debian-versions:
+    name: Supported Debian versions
+    runs-on: ubuntu-latest
+    container:
+      image: wyrihaximusnet/php:7.4-nts-alpine3.12-root
+    outputs:
+      debian: ${{ steps.supported-debian-versions.outputs.versions }}
+    steps:
+      - uses: actions/checkout@v1
+      - id: supported-debian-versions
+        name: Generate Debian
+        uses: wyrihaximus/github-action-supported-debian-linux-versions@v1
   supported-php-versions:
     name: Supported PHP versions
     runs-on: ubuntu-latest
@@ -62,6 +74,7 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - supported-alpine-versions
+      - supported-debian-versions
       - supported-php-versions
     outputs:
       image: ${{ steps.image-matrix.outputs.image }}
@@ -78,6 +91,7 @@ jobs:
           php utils/all-images.php
         env:
           ALPINE: ${{ needs.supported-alpine-versions.outputs.alpine }}
+          DEBIAN: ${{ needs.supported-debian-versions.outputs.debian }}
           PHP: ${{ needs.supported-php-versions.outputs.php }}
   lint:
     name: Linting Dockerfile-${{ matrix.type }}
@@ -141,18 +155,24 @@ jobs:
         image: ${{ fromJson(needs.image-matrix.outputs.image) }}
     steps:
       - uses: actions/checkout@v2
+        if: contains(matrix.image, 'alpine')
       - name: Install clair-scanner
+        if: contains(matrix.image, 'alpine')
         run: |
           sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
           sudo chmod +x /usr/local/bin/clair-scanner
       - name: Download Images
+        if: contains(matrix.image, 'alpine')
         uses: actions/download-artifact@v2
         with:
           name: docker-image-${{ matrix.image }}
           path: ./docker-image
       - run: docker load --input ./docker-image/image.tar
+        if: contains(matrix.image, 'alpine')
       - run: mkdir -p "./clair/${DOCKER_IMAGE}"
+        if: contains(matrix.image, 'alpine')
       - run: make ci-scan-vulnerability
+        if: contains(matrix.image, 'alpine')
   test:
     name: Testing "${{ matrix.image }}"
     needs:

.hadolint.yaml

@@ -9,4 +9,9 @@ ignored:
   - DL3013 # So we can install the latest docker-compose
   - SC2126
   - DL4006
-  - DL3003
+  - DL3003
+  - DL3005
+  - DL3008
+  - DL3009
+  - DL3014
+  - DL3015

Dockerfile-nts Dockerfile-nts-alpineDockerfile-nts renamed to Dockerfile-nts-alpine

@@ -83,7 +83,7 @@ FROM nts-root AS nts-dev-root
 RUN touch /.you-are-in-a-wyrihaximus.net-php-docker-image-dev
 
 # Install docker help scripts
-COPY src/php/utils/docker/ /usr/local/bin/
+COPY src/php/utils/docker/alpine/ /usr/local/bin/
 
 RUN apk add --no-cache \
         make \

Dockerfile-nts-debian

@@ -0,0 +1,130 @@
+# syntax=docker/dockerfile:experimental
+FROM php:7.4-cli-buster AS build-uv
+RUN apt-get update && \
+    yes | apt-get install $PHPIZE_DEPS git libuv1-dev && \
+    git clone https://github.com/bwoebi/php-uv uv
+WORKDIR /uv
+RUN git fetch \
+    && git pull \
+    && phpize \
+    && ./configure \
+    && make install \
+    && EXTENSION_DIR=`php-config --extension-dir 2>/dev/null` && \
+    cp "$EXTENSION_DIR/uv.so" /uv.so
+RUN sha256sum /uv.so
+
+FROM php:7.4-cli-buster AS nts-root
+
+# Build-time metadata as defined at http://label-schema.org
+ARG BUILD_DATE
+ARG VCS_REF
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="wyrihaximusnet/php" \
+      org.label-schema.description="Opinionated ReactPHP optimised PHP Docker images" \
+      org.label-schema.url="https://github.com/wyrihaximusnet/docker-php" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vcs-url="https://github.com/wyrihaximusnet/docker-php" \
+      org.label-schema.vendor="WyriHaximus.net" \
+      org.label-schema.schema-version="1.0"
+
+RUN set -x \
+    && addgroup --gid 1000 app \
+    && adduser --uid 1000 --gid 1000 --disabled-password app \
+    && touch /.you-are-in-a-wyrihaximus.net-php-docker-image
+
+COPY --from=build-uv /uv.so /uv.so
+
+# Patch CVE-2018-14618 (curl), CVE-2018-16842 (libxml2), CVE-2019-1543 (openssl)
+RUN apt-get update && \
+    yes | apt-get upgrade curl libxml2 openssl
+
+# Install docker help scripts
+COPY src/php/utils/docker/debian/ /usr/local/bin/
+
+COPY src/php/conf/ /usr/local/etc/php/conf.d/
+COPY src/php/cli/conf/*.ini /usr/local/etc/php/conf.d/
+
+RUN EXTENSION_DIR=`php-config --extension-dir 2>/dev/null` && \
+	mv /*.so "$EXTENSION_DIR/" && \
+	apt-get update && \
+	yes | apt-get upgrade && \
+    yes | apt-get install \
+        libfreetype6-dev \
+        libjpeg62-turbo-dev \
+        libpng-dev \
+        libgmp-dev \
+        zlib1g-dev \
+        libpq-dev \
+        libzip-dev \
+        libuv1-dev \
+        make \
+        git \
+        openssh-client \
+        bash \
+        coreutils \
+        procps \
+        libvips-dev \
+        git \
+        wget \
+        gdb \
+        $PHPIZE_DEPS \
+    && (docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ || docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/) \
+    && docker-php-ext-install -j$(nproc) gd pcntl pgsql pdo pdo_pgsql bcmath zip gmp iconv \
+    && pecl install vips \
+    && docker-php-ext-enable uv \
+    && docker-php-ext-enable vips \
+    && wget -O - https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /bin/wait-for \
+    && yes | apt-get purge wget $PHPIZE_DEPS \
+    && chmod +x /bin/wait-for \
+    && rm -rf /var/cache/apk/* \
+    && rm -rf /tmp/*
+
+# Install shush
+COPY src/php/utils/install-shush /usr/local/bin/
+RUN install-shush && rm -rf /usr/local/bin/install-shush
+
+STOPSIGNAL SIGTERM
+
+ENTRYPOINT ["/usr/local/bin/shush", "exec", "docker-php-entrypoint"]
+
+## nts-DEV STAGE ##
+FROM nts-root AS nts-dev-root
+
+RUN touch /.you-are-in-a-wyrihaximus.net-php-docker-image-dev
+
+# Install docker help scripts
+COPY src/php/utils/docker/ /usr/local/bin/
+
+RUN apt-get update \
+    && yes | apt-get install \
+        make \
+        git \
+        openssh-client \
+        bash \
+        strace \
+# Install Xdebug and development specific configuration
+    && docker-php-dev-mode xdebug \
+    && docker-php-dev-mode config \
+# Forcefully clear API cache
+    && rm -rf /var/cache/apk/*
+
+# Install composer
+COPY src/php/utils/install-composer /usr/local/bin/
+RUN apt-get update \
+    && yes | apt-get install wget \
+    && install-composer \
+    && yes | apt-get purge wget \
+    && rm -rf /usr/local/bin/install-composer
+
+# Change entrypoint back to the default because we don't need shush in development
+ENTRYPOINT ["docker-php-entrypoint"]
+
+## nts-DEV stage ##
+FROM nts-dev-root AS nts-dev
+
+USER app
+
+## nts stage ##
+FROM nts-root AS nts
+
+USER app

Dockerfile-zts Dockerfile-zts-alpineDockerfile-zts renamed to Dockerfile-zts-alpine

@@ -34,7 +34,7 @@ COPY --from=build-uv /uv.so /uv.so
 RUN apk upgrade --no-cache curl libxml2 openssl
 
 # Install docker help scripts
-COPY src/php/utils/docker/ /usr/local/bin/
+COPY src/php/utils/docker/alpine/ /usr/local/bin/
 
 COPY src/php/conf/ /usr/local/etc/php/conf.d/
 COPY src/php/cli/conf/*.ini /usr/local/etc/php/conf.d/
@@ -90,7 +90,7 @@ FROM zts-root AS zts-dev-root
 RUN touch /.you-are-in-a-wyrihaximus.net-php-docker-image-dev
 
 # Install docker help scripts
-COPY src/php/utils/docker/ /usr/local/bin/
+COPY src/php/utils/docker/alpine/ /usr/local/bin/
 
 RUN apk add --no-cache \
         make \

Dockerfile-zts-debian

@@ -0,0 +1,146 @@
+# syntax=docker/dockerfile:experimental
+FROM php:7.4-zts-buster AS build-parallel
+RUN apt-get update && \
+    yes | apt-get install $PHPIZE_DEPS git
+RUN git clone https://github.com/krakjoe/parallel
+WORKDIR /parallel
+RUN git fetch \
+    && git pull \
+    && phpize \
+    && ./configure \
+    && make install \
+    && EXTENSION_DIR=`php-config --extension-dir 2>/dev/null` && \
+    cp "$EXTENSION_DIR/parallel.so" /parallel.so
+RUN sha256sum /parallel.so
+
+FROM php:7.4-zts-buster AS build-uv
+RUN apt-get update && \
+    yes | apt-get install $PHPIZE_DEPS git libuv1-dev && \
+    git clone https://github.com/bwoebi/php-uv uv
+WORKDIR /uv
+RUN git fetch \
+    && git pull \
+    && phpize \
+    && ./configure \
+    && make install \
+    && EXTENSION_DIR=`php-config --extension-dir 2>/dev/null` && \
+    cp "$EXTENSION_DIR/uv.so" /uv.so
+RUN sha256sum /uv.so
+
+FROM php:7.4-zts-buster AS zts-root
+
+# Build-time metadata as defined at http://label-schema.org
+ARG BUILD_DATE
+ARG VCS_REF
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="wyrihaximusnet/php" \
+      org.label-schema.description="Opinionated ReactPHP optimised PHP Docker images" \
+      org.label-schema.url="https://github.com/wyrihaximusnet/docker-php" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vcs-url="https://github.com/wyrihaximusnet/docker-php" \
+      org.label-schema.vendor="WyriHaximus.net" \
+      org.label-schema.schema-version="1.0"
+
+RUN set -x \
+    && addgroup --gid 1000 app \
+    && adduser --uid 1000 --gid 1000 --disabled-password app \
+    && touch /.you-are-in-a-wyrihaximus.net-php-docker-image
+
+COPY --from=build-parallel /parallel.so /parallel.so
+COPY --from=build-uv /uv.so /uv.so
+
+# Patch CVE-2018-14618 (curl), CVE-2018-16842 (libxml2), CVE-2019-1543 (openssl)
+RUN apt-get update && \
+    yes | apt-get upgrade curl libxml2 openssl
+
+# Install docker help scripts
+COPY src/php/utils/docker/debian/ /usr/local/bin/
+
+COPY src/php/conf/ /usr/local/etc/php/conf.d/
+COPY src/php/cli/conf/*.ini /usr/local/etc/php/conf.d/
+
+RUN EXTENSION_DIR=`php-config --extension-dir 2>/dev/null` && \
+	mv /*.so "$EXTENSION_DIR/" && \
+	apt-get update && \
+	yes | apt-get upgrade && \
+    yes | apt-get install \
+        libfreetype6-dev \
+        libjpeg62-turbo-dev \
+        libpng-dev \
+        libgmp-dev \
+        zlib1g-dev \
+        libpq-dev \
+        libzip-dev \
+        libuv1-dev \
+        make \
+        git \
+        openssh-client \
+        bash \
+        coreutils \
+        procps \
+        libvips-dev \
+        git \
+        wget \
+        gdb \
+        $PHPIZE_DEPS \
+    && (docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ || docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/) \
+    && docker-php-ext-install -j$(nproc) gd pcntl pgsql pdo pdo_pgsql bcmath zip gmp iconv \
+    && pecl install vips \
+    && docker-php-ext-enable parallel \
+    && docker-php-ext-enable uv \
+    && docker-php-ext-enable vips \
+    && wget -O - https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /bin/wait-for \
+    && yes | apt-get purge wget $PHPIZE_DEPS \
+    && chmod +x /bin/wait-for \
+    && rm -rf /var/cache/apk/* \
+    && rm -rf /tmp/*
+
+# Install shush
+COPY src/php/utils/install-shush /usr/local/bin/
+RUN install-shush && rm -rf /usr/local/bin/install-shush
+
+STOPSIGNAL SIGTERM
+
+ENTRYPOINT ["/usr/local/bin/shush", "exec", "docker-php-entrypoint"]
+
+## ZTS-DEV STAGE ##
+FROM zts-root AS zts-dev-root
+
+RUN touch /.you-are-in-a-wyrihaximus.net-php-docker-image-dev
+
+# Install docker help scripts
+COPY src/php/utils/docker/ /usr/local/bin/
+
+RUN apt-get update \
+    && yes | apt-get install \
+        make \
+        git \
+        openssh-client \
+        bash \
+        strace \
+# Install Xdebug and development specific configuration
+    && docker-php-dev-mode xdebug \
+    && docker-php-dev-mode config \
+# Forcefully clear API cache
+    && rm -rf /var/cache/apk/*
+
+# Install composer
+COPY src/php/utils/install-composer /usr/local/bin/
+RUN apt-get update \
+    && yes | apt-get install wget \
+    && install-composer \
+    && yes | apt-get purge wget \
+    && rm -rf /usr/local/bin/install-composer
+
+# Change entrypoint back to the default because we don't need shush in development
+ENTRYPOINT ["docker-php-entrypoint"]
+
+## ZTS-DEV stage ##
+FROM zts-dev-root AS zts-dev
+
+USER app
+
+## ZTS stage ##
+FROM zts-root AS zts
+
+USER app

Makefile

@@ -23,7 +23,7 @@ ci-docker-login:
 	docker login $$DOCKER_REGISTRY --username $$DOCKER_USER --password $$DOCKER_PASSWORD
 
 lint:
-	docker run -v ${current_dir}:/project:ro --workdir=/project --rm -it hadolint/hadolint:latest-debian hadolint /project/Dockerfile-nts /project/Dockerfile-zts
+	docker run -v ${current_dir}:/project:ro --workdir=/project --rm -it hadolint/hadolint:latest-debian hadolint /project/Dockerfile-*
 
 build-all:
 	PHP=$(shell docker run --rm wyrihaximusgithubactions/supported-php-versions:v1 | php -r 'echo explode("::set-output name=versions::", stream_get_contents(STDIN))[1];') \