Skip to content

Commit

Permalink
feat: chialab/php-compat images
Browse files Browse the repository at this point in the history
  • Loading branch information
le0m committed Dec 23, 2024
1 parent 565e057 commit 236f8a7
Show file tree
Hide file tree
Showing 9 changed files with 1,148 additions and 3 deletions.
93 changes: 93 additions & 0 deletions .github/workflows/compat.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: Build, test and publish compatibility images

on:
schedule:
# chosen by fair dice roll
- cron: '42 18 * * 3'
push:
branches:
- main
pull_request:
types: [opened, synchronize]

jobs:
test:
name: Build and test images
runs-on: ubuntu-latest
if: ${{ !contains(github.event.commits[0].message, '[skip ci]') && !contains(github.event.commits[0].message, '[ci skip]') }}
strategy:
matrix:
version: [ '5.6' ]
flavor: [ '', '-apache', '-fpm' ]
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Build image for testing
uses: docker/build-push-action@v5
with:
cache-from: type=registry,ref=chialab/php-compat:${{ matrix.version }}${{ matrix.flavor }}
cache-to: type=inline
context: ./compat
file: ${{ format('compat/{0}.{1}{2}', 'Dockerfile', matrix.version, matrix.flavor) }}
tags: localhost:5000/chialab/php-compat:${{ matrix.version }}${{ matrix.flavor }}
push: true

- name: Test image
env:
REGISTRY: localhost:5000/
VERSION: ${{ matrix.version }}${{ matrix.flavor }}
run: 'docker pull localhost:5000/chialab/php-compat:${{ matrix.version }}${{ matrix.flavor }} && make -C compat test'

publish:
name: Build and publish multi-architecture images
runs-on: ubuntu-latest
needs: test
if: ${{ github.event_name != 'pull_request' && !contains(github.event.commits[0].message, '[skip ci]') && !contains(github.event.commits[0].message, '[ci skip]') }}
strategy:
matrix:
version: [ '5.6' ]
flavor: [ '', '-apache', '-fpm' ]
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up QEMU
run: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host

- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build image and push to registry
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
cache-from: type=registry,ref=chialab/php-compat:${{ matrix.version }}${{ matrix.flavor }}
cache-to: type=inline
context: ./compat
file: ${{ format('compat/{0}.{1}{2}', 'Dockerfile', matrix.version, matrix.flavor) }}
tags: |
chialab/php-compat:${{ matrix.version }}${{ matrix.flavor }}
ghcr.io/chialab/php-compat:${{ matrix.version }}${{ matrix.flavor }}
push: true
260 changes: 260 additions & 0 deletions compat/Dockerfile.5.6
Original file line number Diff line number Diff line change
@@ -0,0 +1,260 @@
#
# This is taken from the official PHP image's Dockerfile (https://github.com/docker-library/php/tree/783878384a8f3953ed571e5a34ba0fe546726c85)
# and slightly fixed to work in this day and age.
#

FROM debian:stretch-slim

LABEL maintainer="[email protected]"

# Fix Debian 9 (Stretch) source list, because it has been moved to archive, and update packages.
RUN sed -i -e 's/deb.debian.org/archive.debian.org/g' \
-e 's/security.debian.org/archive.debian.org/g' \
-e '/stretch-updates/d' /etc/apt/sources.list \
&& apt-get update && apt-get upgrade -y

# prevent Debian's PHP packages from being installed
# https://github.com/docker-library/php/pull/542
RUN set -eux; \
{ \
echo 'Package: php*'; \
echo 'Pin: release *'; \
echo 'Pin-Priority: -1'; \
} > /etc/apt/preferences.d/no-debian-php

# dependencies required for running "phpize"
# (see persistent deps below)
ENV PHPIZE_DEPS \
autoconf \
dpkg-dev \
file \
g++ \
gcc \
libc-dev \
make \
pkg-config \
re2c

# persistent / runtime deps
RUN apt-get update && apt-get install -y \
$PHPIZE_DEPS \
ca-certificates \
curl \
xz-utils \
--no-install-recommends && rm -r /var/lib/apt/lists/*

ENV PHP_INI_DIR /usr/local/etc/php
RUN mkdir -p $PHP_INI_DIR/conf.d

##<autogenerated>##
##</autogenerated>##

# Apply stack smash protection to functions using local buffers and alloca()
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
# Enable optimization (-O2)
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated)
# https://github.com/docker-library/php/issues/272
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"

ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3

ENV PHP_VERSION 5.6.40
ENV PHP_URL="https://secure.php.net/get/php-5.6.40.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.40.tar.xz.asc/from/this/mirror"
ENV PHP_SHA256="1369a51eee3995d7fbd1c5342e5cc917760e276d561595b6052b21ace2656d1c" PHP_MD5=""

RUN set -xe; \
\
fetchDeps=' \
wget \
'; \
if ! command -v gpg > /dev/null; then \
fetchDeps="$fetchDeps \
dirmngr \
gnupg \
"; \
fi; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /usr/src; \
cd /usr/src; \
\
wget -O php.tar.xz "$PHP_URL"; \
\
if [ -n "$PHP_SHA256" ]; then \
echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
fi; \
if [ -n "$PHP_MD5" ]; then \
echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
fi; \
\
if [ -n "$PHP_ASC_URL" ]; then \
wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
export GNUPGHOME="$(mktemp -d)"; \
for key in $GPG_KEYS; do \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
done; \
gpg --batch --verify php.tar.xz.asc php.tar.xz; \
command -v gpgconf > /dev/null && gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
fi; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps

COPY --from=php:5.6 /usr/local/bin/docker-php-source /usr/local/bin/

RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libedit-dev \
libsqlite3-dev \
libssl1.0-dev \
libxml2-dev \
zlib1g-dev \
libmariadb2 libmariadbclient-dev-compat \
${PHP_EXTRA_BUILD_DEPS:-} \
; \
rm -rf /var/lib/apt/lists/*; \
\
export \
CFLAGS="$PHP_CFLAGS" \
CPPFLAGS="$PHP_CPPFLAGS" \
LDFLAGS="$PHP_LDFLAGS" \
; \
docker-php-source extract; \
cd /usr/src/php; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
# https://bugs.php.net/bug.php?id=74125
if [ ! -d /usr/include/curl ]; then \
ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \
fi; \
./configure \
--build="$gnuArch" \
--with-config-file-path="$PHP_INI_DIR" \
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
\
# make sure invalid --configure-flags are fatal errors intead of just warnings
--enable-option-checking=fatal \
\
# https://github.com/docker-library/php/issues/439
--with-mhash \
\
# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236)
--enable-ftp \
# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
--enable-mbstring \
# Use MariaDB's libmysqlclient library instead of mysqlnd to be able to communicate with MySQL 8+, which uses new locales of the utf8mb4 family that are unknown to old mysqlnd
--disable-mysqlnd \
--with-mysql="/usr" \
--with-mysqli="/usr/bin/mysql_config" \
--with-pdo-mysql="/usr" \
\
--with-curl \
--with-libedit \
--with-openssl \
--with-zlib \
\
# bundled pcre does not support JIT on s390x
# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT
$(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \
--with-libdir="lib/$debMultiarch" \
\
${PHP_EXTRA_CONFIGURE_ARGS:-} \
; \
make -j "$(nproc)"; \
make install; \
find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \
make clean; \
\
# https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable)
cp -v php.ini-* "$PHP_INI_DIR/"; \
\
cd /; \
docker-php-source delete; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
\
php --version; \
\
# https://github.com/docker-library/php/issues/443
pecl update-channels; \
rm -rf /tmp/pear ~/.pearrc

COPY --from=php:5.6 /usr/local/bin/docker-php-ext-* /usr/local/bin/docker-php-entrypoint /usr/local/bin/

ENTRYPOINT ["docker-php-entrypoint"]
##<autogenerated>##
CMD ["php", "-a"]
##</autogenerated>##

# Download script to install PHP extensions and dependencies
ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/

RUN chmod +x /usr/local/bin/install-php-extensions

RUN DEBIAN_FRONTEND=noninteractive apt-get update -q \
&& DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
curl \
git \
zip unzip \
# iconv, mbstring and pdo_sqlite are omitted as they are already installed
&& PHP_EXTENSIONS=" \
amqp \
bcmath \
bz2 \
calendar \
event \
exif \
gd \
gettext \
imagick \
intl \
ldap \
mcrypt \
memcached \
mysql \
mysqli \
opcache \
pdo_mysql \
pdo_pgsql \
pgsql \
redis \
soap \
sockets \
xsl \
zip \
" \
&& install-php-extensions $PHP_EXTENSIONS

# Install Composer.
ENV PATH=$PATH:/root/composer/vendor/bin \
COMPOSER_ALLOW_SUPERUSER=1 \
COMPOSER_HOME=/root/composer
RUN cd /opt \
# Download installer and check for its integrity.
&& curl -sSL https://getcomposer.org/installer > composer-setup.php \
&& curl -sSL https://composer.github.io/installer.sha384sum > composer-setup.sha384sum \
&& sha384sum --check composer-setup.sha384sum \
# Install Composer 2.
&& php composer-setup.php --install-dir=/usr/local/bin --filename=composer --2 \
# Remove installer files.
&& rm /opt/composer-setup.php /opt/composer-setup.sha384sum
Loading

0 comments on commit 236f8a7

Please sign in to comment.