Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/actions/docker/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ runs:
vcs_ref=$(git rev-parse --short HEAD)
image_name=$(cd $(dirname ${{ inputs.dockerfile }}) && echo "${PWD##*/}")
tags=bdossantos/${image_name}:latest,bdossantos/${image_name}:${version},bdossantos/${image_name}:${version}-${vcs_ref},bdossantos/${image_name}:${version%.*}
if [[ -f "$(dirname ${{ inputs.dockerfile }})/.rootless" ]]; then
tags=${tags},bdossantos/${image_name}:latest-rootless,bdossantos/${image_name}:${version}-rootless,bdossantos/${image_name}:${version%.*}-rootless
fi
cache_image=bdossantos/${image_name}:buildcache
echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "cache_image=${cache_image}" >> $GITHUB_OUTPUT
Expand Down
Empty file added dockerfiles/php-lol/.rootless
Empty file.
8 changes: 5 additions & 3 deletions dockerfiles/php-lol/Dockerfile.8.1
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ RUN set -eux \
&& curl -L -o /usr/local/bin/pickle https://github.com/FriendsOfPHP/pickle/releases/latest/download/pickle.phar \
&& chmod +x /usr/local/bin/pickle \
&& mkdir -p /var/lib/php/session \
&& chown -R www-data.www-data /var/lib/php/session \
&& chown -R 65534:65534 /var/lib/php/session \
&& pickle install amqp@2.2.0 \
&& pickle install --no-interaction apcu@5.1.28 \
&& pickle install igbinary@3.2.16 \
Expand Down Expand Up @@ -181,7 +181,7 @@ RUN set -eux \
&& make \
&& make install \
&& mkdir -p /var/cache/nginx \
&& chown -R www-data.www-data /var/cache/nginx \
&& chown -R 65534:65534 /var/cache/nginx \
&& chsh -s /usr/sbin/nologin www-data \
&& apt-get purge -y $BUILD_DEPENDENCIES \
&& docker-php-source delete \
Expand Down Expand Up @@ -247,7 +247,9 @@ LABEL org.label-schema.build-date="$BUILD_DATE" \

WORKDIR /usr/src/app

EXPOSE 80/tcp 443/tcp
EXPOSE 8080/tcp

USER 65534:65534

ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
8 changes: 5 additions & 3 deletions dockerfiles/php-lol/Dockerfile.8.2
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ RUN set -eux \
&& curl -L -o /usr/local/bin/pickle https://github.com/FriendsOfPHP/pickle/releases/latest/download/pickle.phar \
&& chmod +x /usr/local/bin/pickle \
&& mkdir -p /var/lib/php/session \
&& chown -R www-data.www-data /var/lib/php/session \
&& chown -R 65534:65534 /var/lib/php/session \
&& pickle install amqp@2.2.0 \
&& pickle install --no-interaction apcu@5.1.28 \
&& pickle install igbinary@3.2.16 \
Expand Down Expand Up @@ -181,7 +181,7 @@ RUN set -eux \
&& make \
&& make install \
&& mkdir -p /var/cache/nginx \
&& chown -R www-data.www-data /var/cache/nginx \
&& chown -R 65534:65534 /var/cache/nginx \
&& chsh -s /usr/sbin/nologin www-data \
&& apt-get purge -y $BUILD_DEPENDENCIES \
&& docker-php-source delete \
Expand Down Expand Up @@ -247,7 +247,9 @@ LABEL org.label-schema.build-date="$BUILD_DATE" \

WORKDIR /usr/src/app

EXPOSE 80/tcp 443/tcp
EXPOSE 8080/tcp

USER 65534:65534

ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
8 changes: 5 additions & 3 deletions dockerfiles/php-lol/Dockerfile.8.3
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ RUN set -eux \
&& curl -L -o /usr/local/bin/pickle https://github.com/FriendsOfPHP/pickle/releases/latest/download/pickle.phar \
&& chmod +x /usr/local/bin/pickle \
&& mkdir -p /var/lib/php/session \
&& chown -R www-data.www-data /var/lib/php/session \
&& chown -R 65534:65534 /var/lib/php/session \
&& pickle install amqp@2.2.0 \
&& pickle install --no-interaction apcu@5.1.28 \
&& pickle install igbinary@3.2.16 \
Expand Down Expand Up @@ -181,7 +181,7 @@ RUN set -eux \
&& make \
&& make install \
&& mkdir -p /var/cache/nginx \
&& chown -R www-data.www-data /var/cache/nginx \
&& chown -R 65534:65534 /var/cache/nginx \
&& chsh -s /usr/sbin/nologin www-data \
&& apt-get purge -y $BUILD_DEPENDENCIES \
&& docker-php-source delete \
Expand Down Expand Up @@ -247,7 +247,9 @@ LABEL org.label-schema.build-date="$BUILD_DATE" \

WORKDIR /usr/src/app

EXPOSE 80/tcp 443/tcp
EXPOSE 8080/tcp

USER 65534:65534

ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
8 changes: 5 additions & 3 deletions dockerfiles/php-lol/Dockerfile.8.4
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ RUN set -eux \
&& curl -L -o /usr/local/bin/pickle https://github.com/FriendsOfPHP/pickle/releases/latest/download/pickle.phar \
&& chmod +x /usr/local/bin/pickle \
&& mkdir -p /var/lib/php/session \
&& chown -R www-data.www-data /var/lib/php/session \
&& chown -R 65534:65534 /var/lib/php/session \
&& pickle install amqp@2.2.0 \
&& pickle install --no-interaction apcu@5.1.28 \
&& pickle install igbinary@3.2.16 \
Expand Down Expand Up @@ -179,7 +179,7 @@ RUN set -eux \
&& make \
&& make install \
&& mkdir -p /var/cache/nginx \
&& chown -R www-data.www-data /var/cache/nginx \
&& chown -R 65534:65534 /var/cache/nginx \
&& chsh -s /usr/sbin/nologin www-data \
&& apt-get purge -y $BUILD_DEPENDENCIES \
&& docker-php-source delete \
Expand Down Expand Up @@ -245,7 +245,9 @@ LABEL org.label-schema.build-date="$BUILD_DATE" \

WORKDIR /usr/src/app

EXPOSE 80/tcp 443/tcp
EXPOSE 8080/tcp

USER 65534:65534

ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
2 changes: 0 additions & 2 deletions dockerfiles/php-lol/app.conf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ command = /usr/local/sbin/php-fpm -F -y /usr/local/etc/php-fpm.conf
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
redirect_stderr = true
user = root
autostart = true
autorestart = true
priority = 5
Expand All @@ -13,7 +12,6 @@ command = /usr/sbin/nginx -g "daemon off;"
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
redirect_stderr = true
user = root
autostart = true
autorestart = true
priority = 10
6 changes: 3 additions & 3 deletions dockerfiles/php-lol/nginx.conf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
user www-data www-data;
# Run as non-root (no user directive needed)

pid /dev/shm/nginx.pid;

Expand Down Expand Up @@ -76,8 +76,8 @@ http {
open_file_cache_errors on;

server {
listen [::]:80 default_server;
listen 80 default_server;
listen [::]:8080 default_server;
listen 8080 default_server;

# PHP fpm status
location ~ ^/(php-fpm-status|php-fpm-ping)$ {
Expand Down
1 change: 0 additions & 1 deletion dockerfiles/php-lol/supervisord.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ logfile_maxbytes = 0
loglevel = error
nodaemon = true
pidfile = /dev/shm/supervisord.pid
user = root

[supervisorctl]
serverurl=unix:///dev/shm/supervisord.sock
Expand Down
2 changes: 2 additions & 0 deletions dockerfiles/php-lol/zzz-php-fpm-tuning.conf
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ log_level = warning
pid = /dev/shm/php-fpm.pid

[www]
user = nobody
group = nogroup
access.log = /dev/null
catch_workers_output = yes
clear_env = no
Expand Down
8 changes: 4 additions & 4 deletions tests/php-lol.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ commandTests:
command: 'sha256sum'
args: ['/usr/local/etc/php-fpm.d/zzz-php-fpm-tuning.conf']
expectedOutput:
- 'e3772ca736903a1a4c27a715adae6c2ef35059119b527cefb30bac50af94ffef'
- '0d66730a9658f8c8553e73878b214a5c96084248a406660f593299f8dc8940ab'

- name: 'php hardening config checksum'
command: 'sha256sum'
Expand All @@ -124,7 +124,7 @@ commandTests:
command: 'sha256sum'
args: ['/etc/nginx/nginx.conf']
expectedOutput:
- '0c21ca2a7522fee98b6d5a0f28e0f6b1840d3df4d23b0b182b5c45c9d8b5ff8f'
- 'bc8b1c9ca19a7e588b19bf9677c29b25a9112a103bc7be786756a2f05cde76d2'

- name: 'nginx mime.types checksum'
command: 'sha256sum'
Expand All @@ -136,13 +136,13 @@ commandTests:
command: 'sha256sum'
args: ['/etc/supervisor/supervisord.conf']
expectedOutput:
- 'cbf3f7370b1fd9f24360c20cc9e909f3298635d456fa76d97f531af0136a390c'
- '7c1b6af616372d69f9beb279834b4b9bab0deb31ed454a21193b563817bf9304'

- name: 'supervisor app.conf checksum'
command: 'sha256sum'
args: ['/etc/supervisor/conf.d/app.conf']
expectedOutput:
- 'bbdd21d87a9b30770de6b434673caf6594eb67bc4ff5c124f8c0ccb453c62d6b'
- 'ffaca82839725c81b62f59a5da6fc941f2643eee5e649654725e01c80b28b1b4'

- name: 'php-fpm config test'
command: '/usr/local/sbin/php-fpm'
Expand Down