170 lines
5.3 KiB
Docker
170 lines
5.3 KiB
Docker
ARG COMPOSER_VERSION
|
|
ARG TARGET_PHP_VERSION
|
|
FROM composer:${COMPOSER_VERSION} as composer
|
|
FROM php:${TARGET_PHP_VERSION}-fpm as base
|
|
|
|
# make build args available as ENV variables to downstream images
|
|
# so that we don't have to pass the same build args again
|
|
ARG APP_USER_ID
|
|
ARG APP_GROUP_ID
|
|
ARG APP_USER_NAME
|
|
ARG APP_GROUP_NAME
|
|
ARG APP_CODE_PATH
|
|
|
|
ARG ENV
|
|
ENV APP_USER_ID=${APP_USER_ID}
|
|
ENV APP_GROUP_ID=${APP_GROUP_ID}
|
|
ENV APP_USER_NAME=${APP_USER_NAME}
|
|
ENV APP_GROUP_NAME=${APP_GROUP_NAME}
|
|
ENV APP_CODE_PATH=${APP_CODE_PATH}
|
|
ENV TARGET_PHP_VERSION=${TARGET_PHP_VERSION}
|
|
|
|
ENV ENV=${ENV}
|
|
|
|
RUN addgroup -gid $APP_GROUP_ID $APP_GROUP_NAME && \
|
|
adduser --disabled-password --uid $APP_USER_ID --shell /bin/bash --ingroup $APP_GROUP_NAME $APP_USER_NAME && \
|
|
mkdir -p $APP_CODE_PATH && \
|
|
chown $APP_USER_NAME: $APP_CODE_PATH
|
|
|
|
ADD https://gitsecret.jfrog.io/artifactory/api/security/keypair/public/repositories/git-secret-apk /etc/apk/keys/git-secret-apk.rsa.pub
|
|
|
|
RUN apt update && \
|
|
apt install -y \
|
|
bash \
|
|
git \
|
|
git-secret \
|
|
gawk \
|
|
gnupg \
|
|
make \
|
|
strace \
|
|
sudo \
|
|
vim \
|
|
nano
|
|
|
|
|
|
# Install intl
|
|
RUN apt-get update && apt-get install -y \
|
|
libicu-dev \
|
|
libssl-dev \
|
|
libcurl4-openssl-dev \
|
|
libfreetype6-dev \
|
|
libjpeg62-turbo-dev \
|
|
libpng-dev \
|
|
libxml2-dev \
|
|
libmagickwand-dev \
|
|
git \
|
|
zlib1g-dev \
|
|
unzip \
|
|
libzip-dev \
|
|
mupdf-tools \
|
|
imagemagick \
|
|
libmcrypt-dev
|
|
|
|
# Install fileinfo
|
|
RUN docker-php-ext-install -j$(nproc) fileinfo
|
|
# Install intl
|
|
RUN docker-php-ext-install -j$(nproc) ftp
|
|
# Install ftp
|
|
RUN docker-php-ext-install -j$(nproc) intl
|
|
# Install mongodb
|
|
RUN pecl install mongodb \
|
|
&& docker-php-ext-enable mongodb
|
|
# Install mcrypt
|
|
RUN pecl install mcrypt \
|
|
&& docker-php-ext-enable mcrypt
|
|
# Install curl
|
|
RUN docker-php-ext-install -j$(nproc) curl
|
|
# Install Zip
|
|
RUN docker-php-ext-install zip
|
|
# Install gd
|
|
RUN docker-php-ext-configure gd --with-freetype --with-jpeg \
|
|
&& docker-php-ext-install -j$(nproc) gd
|
|
# Install soap
|
|
RUN docker-php-ext-install -j$(nproc) soap
|
|
# Install imagick
|
|
RUN pecl install imagick \
|
|
&& docker-php-ext-enable imagick
|
|
# Install mysql
|
|
RUN docker-php-ext-install -j$(nproc) pdo_mysql
|
|
# Install opcache
|
|
RUN docker-php-ext-install -j$(nproc) opcache
|
|
RUN apt-get update && apt-get install -y \
|
|
libc-client-dev libkrb5-dev libldap2-dev && \
|
|
rm -r /var/lib/apt/lists/*
|
|
|
|
# Install ldap
|
|
RUN docker-php-ext-install -j$(nproc) ldap
|
|
|
|
RUN docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
|
|
docker-php-ext-install -j$(nproc) imap
|
|
|
|
COPY ./.docker/images/php/base/pdf/php_pdflib.so /pdflib.so
|
|
|
|
# make bash default shell
|
|
RUN sed -e 's;/bin/ash$;/bin/bash;g' -i /etc/passwd
|
|
|
|
COPY ./.docker/images/php/base/conf.d/zz-app.ini $PHP_INI_DIR/conf.d/zz-app.ini
|
|
COPY ./.docker/images/php/base/conf.d/zz-app-${ENV}.ini $PHP_INI_DIR/conf.d/zz-ppp-${ENV}.ini
|
|
|
|
COPY ./.docker/images/php/base/.bashrc /home/${APP_USER_NAME}/.bashrc
|
|
COPY ./.docker/images/php/base/.bashrc /root/.bashrc
|
|
|
|
COPY --from=composer /usr/bin/composer /usr/local/bin/composer
|
|
|
|
RUN git config --system --add safe.directory "$APP_CODE_PATH"
|
|
|
|
WORKDIR $APP_CODE_PATH
|
|
|
|
FROM base as codebase
|
|
|
|
# By only copying the composer files required to run composer install
|
|
# the layer will be cached and only invalidated when the composer dependencies are changed
|
|
COPY ./src/new/composer.json /dependencies/new/
|
|
COPY ./src/new/composer.lock /dependencies/new/
|
|
|
|
# use a cache mount to cache the composer dependencies
|
|
# this is essentially a cache that lives in Docker BuildKit (i.e. has nothing to do with the host system)
|
|
RUN --mount=type=cache,target=/tmp/.composer \
|
|
cd /dependencies/new && \
|
|
if [ "$ENV" == "prod" ] ; \
|
|
then \
|
|
# on production, we don't want test dependencies
|
|
COMPOSER_HOME=/tmp/.composer composer install --no-scripts --no-plugins --no-progress -o --no-dev; \
|
|
else \
|
|
COMPOSER_HOME=/tmp/.composer composer install --no-scripts --no-plugins --no-progress -o; \
|
|
fi
|
|
|
|
# copy the full codebase
|
|
COPY ./src/ /codebase
|
|
|
|
# move the dependencies
|
|
RUN mv /dependencies/new/vendor /codebase/new/vendor
|
|
|
|
# remove files we don't require in the image to keep the image size small
|
|
RUN cd /codebase && \
|
|
rm -rf .docker/ .build/ .infrastructure/ && \
|
|
if [ "$ENV" == "prod" ] ; \
|
|
then \
|
|
# on production, we don't want tests
|
|
rm -rf tests/; \
|
|
fi
|
|
|
|
FROM base as prod
|
|
|
|
COPY --from=codebase --chown=$APP_USER_NAME:$APP_GROUP_NAME /codebase $APP_CODE_PATH
|
|
|
|
FROM base as ci
|
|
|
|
COPY --from=codebase --chown=$APP_USER_NAME:$APP_GROUP_NAME /codebase $APP_CODE_PATH
|
|
|
|
FROM base as local
|
|
|
|
COPY --from=codebase --chown=$APP_USER_NAME:$APP_GROUP_NAME /codebase $APP_CODE_PATH
|
|
# add app user to sudoers
|
|
# see https://ostechnix.com/add-delete-and-grant-sudo-privileges-to-users-in-alpine-linux/ for adding sudo
|
|
# see https://askubuntu.com/a/340669 for not requiring a sudo pw
|
|
RUN echo "root ALL=(ALL) NOPASSWD: ALL " | tee -a "/etc/sudoers.d/users" && \
|
|
echo "${APP_USER_NAME} ALL=(ALL) NOPASSWD: ALL " | tee -a "/etc/sudoers.d/users"
|
|
|
|
RUN pecl install xdebug
|