Add Dockerfile for phpfpm base image with version

and file copies

Signed-off-by: Mario Vejlupek <[email protected]>

Author: devopsmariocom

.github/workflows/build.yml

@@ -0,0 +1,47 @@
+# NOTES:
+# 1. Create PAT with `read:packages` and `write:packages` see https://docs.github.com/en/free-pro-team@latest/packages/guides/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry
+# 2. Create CR_PAT variable under Settings / Secrets
+
+name: BUILD
+
+on:
+  push:
+    # Publish `v1.2.3` tags as releases.
+    tags:
+    - v*
+
+env:
+  FETCHER_IMAGE_VERSION: ""
+  BASE_IMAGE_VERSION: ""
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run build
+        run: |
+          IMAGE_NAME=ghcr.io/$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' )
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          docker build . \
+           --build-arg FETCHER_IMAGE_VERSION=${FETCHER_IMAGE_VERSION} \
+           --build-arg BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION} \
+           --file Dockerfile --tag $IMAGE_NAME:$VERSION
+
+      - name: Log into GitHub Container Registry
+        run: echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Push image to GitHub Container Registry
+        run: |
+          IMAGE_NAME=ghcr.io/$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' )
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          echo IMAGE_NAME=$IMAGE_NAME
+          echo VERSION=$VERSION
+          docker push $IMAGE_NAME:$VERSION
+          # Push latest as well for caching purposes
+          docker tag $IMAGE_NAME:$VERSION $IMAGE_NAME:latest
+          docker push $IMAGE_NAME:latest

.github/workflows/test.yml

@@ -0,0 +1,31 @@
+# TODO:
+# 1. Create PAT with `read:packages` and `write:packages` see https://docs.github.com/en/free-pro-team@latest/packages/guides/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry
+# 2. Create CR_PAT variable under Settings / Secrets
+
+name: TEST
+
+on:
+  push:
+    branches:
+    - main
+
+env:
+  FETCHER_IMAGE_VERSION: ""
+  BASE_IMAGE_VERSION: ""
+  
+  # NOTE: DO NOT CHANGE THIS THIS IS TMP IMAGE NAME
+  IMAGE_NAME: image
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run tests
+        run: |
+          docker build . \
+           --build-arg FETCHER_IMAGE_VERSION=${FETCHER_IMAGE_VERSION} \
+           --build-arg BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION} \
+           --file Dockerfile --tag $IMAGE_NAME

Dockerfile

@@ -0,0 +1,81 @@
+# https://hub.docker.com/_/php/tags?page=1&name=fpm-bullseye
+FROM php:8.1.22-fpm-bullseye
+
+LABEL org.opencontainers.image.source https://github.com/Container-Driven-Development/PHPfpm-Base
+LABEL org.opencontainers.image.description "Base image for PHPfpm server"
+
+WORKDIR /srv
+ENV NETTE_ENV "prod"
+ARG APP_VERSION
+ENV APP_VERSION $APP_VERSION
+ARG PHP_ENV=production
+ENV TZ "Europe/Prague"
+
+RUN curl -o /usr/local/bin/composer https://getcomposer.org/download/2.6.5/composer.phar && \
+    chmod +x /usr/local/bin/composer
+
+RUN apt-get update && apt-get install -y \
+  libfcgi-bin \
+  screen \
+  unzip \
+  mc \
+  telnet \
+  htop \
+  default-mysql-client \
+  iputils-ping \
+  dnsutils \
+  locales \
+  sendmail \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN echo -e "export LC_ALL=cs_CZ.UTF-8\nexport LANG=cs_CZ.UTF-8\nexport LANGUAGE=cs_CZ.UTF-8" >> /root/.bashrc
+RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    sed -i -e 's/# cs_CZ.UTF-8 UTF-8/cs_CZ.UTF-8 UTF-8/' /etc/locale.gen && \
+    echo 'LANG="cs_CZ.UTF-8"'>/etc/default/locale && \
+    dpkg-reconfigure --frontend=noninteractive locales && \
+    update-locale LANG=cs_CZ.UTF-8
+
+RUN set -xe && echo "pm.status_path = /status" >> /usr/local/etc/php-fpm.d/zz-docker.conf
+COPY php-fpm-healthcheck.sh /usr/local/bin/
+
+RUN mv "$PHP_INI_DIR/php.ini-${PHP_ENV}" "$PHP_INI_DIR/php.ini"
+COPY app.ini $PHP_INI_DIR/conf.d/app.ini
+
+# https://hub.docker.com/r/mlocati/php-extension-installer/tags
+COPY --from=mlocati/php-extension-installer:1.5.37 /usr/bin/install-php-extensions /usr/local/bin/
+
+# See https://github.com/mlocati/docker-php-extension-installer
+# Always use exact version to avoid mystery issues on lib upgrade
+# Run this for getting installed extension version
+#   php -r 'foreach (get_loaded_extensions() as $extension) echo "$extension: " . phpversion($extension) . "\n";'
+RUN install-php-extensions pdo-8.1.10 pdo_mysql-8.1.10 intl-8.1.10 redis-5.3.7 mysqli-8.1.10 opcache-8.1.10 gd-2.1.0 ssh2-1.3.1
+
+RUN mkdir -p /srv/var/log && \
+      mkdir -p /srv/var/tmp/cache && \
+      chmod -R 777 /srv/var && \
+      chown -R www-data:www-data /srv/var && \
+      mkdir -p /srv/.xml && \
+      chmod -R 777 /srv/.xml && \
+      chown -R www-data:www-data /srv/.xml && \
+      mkdir -p /srv/log && \
+      chmod -R 777 /srv/log && \
+      chown -R www-data:www-data /srv/log && \
+      mkdir -p /srv/sitemap && \
+      chmod -R 777 /srv/sitemap && \
+      chown -R www-data:www-data /srv/sitemap
+
+
+
+# Example see https://github.com/Container-Driven-Development/PHPfpm-Base
+# FROM ghcr.io/container-driven-development/phpfpm-base:vX.X
+
+# ARG APP_VERSION
+# ENV APP_VERSION $APP_VERSION
+
+# COPY --from=BUILDER /app/vendor /srv/vendor
+# COPY --from=BUILDER-NODE /app/var/tmp/manifest.json /srv/var/tmp/manifest.json
+# COPY ./www /srv/www
+# COPY ./config /srv/config
+# COPY ./app /srv/app
+# COPY ./bin /srv/bin
+# COPY ./migrations /srv/migrations

README.md

@@ -1,2 +1,18 @@
 # PHPfpm-Base
+
 Base phpfpm image
+
+```Dockerfile
+FROM ghcr.io/container-driven-development/phpfpm-base:vX.X
+
+ARG APP_VERSION
+ENV APP_VERSION $APP_VERSION
+
+COPY --from=BUILDER /app/vendor /srv/vendor
+COPY --from=BUILDER-NODE /app/var/tmp/manifest.json /srv/var/tmp/manifest.json
+COPY ./www /srv/www
+COPY ./config /srv/config
+COPY ./app /srv/app
+COPY ./bin /srv/bin
+COPY ./migrations /srv/migrations
+```

app.ini

@@ -0,0 +1,6 @@
+; App specific configuration
+session.gc_maxlifetime = 28800
+variables_order = "EGPCS"
+upload_max_filesize = 512M
+post_max_size = 512M
+memory_limit = -1

php-fpm-healthcheck.sh

@@ -0,0 +1,139 @@
+#!/bin/sh
+# vim: set filetype=sh :
+
+# Author: <Renato Mefi [email protected]> https://github.com/renatomefi
+# The original code lives in https://github.com/renatomefi/php-fpm-healthcheck
+#
+# A POSIX compliant shell script to healthcheck PHP fpm status, can be used only for pinging the status page
+# or check for specific metrics
+#
+# i.e.: ./php-fpm-healthcheck --verbose --active-processes=6
+# The script will fail in case the 'active processes' is bigger than 6.
+#
+# You can combine multiple options as well, the first one to fail will fail the healthcheck
+# i.e.: ./php-fpm-healthcheck --listen-queue-len=10 --active-processes=6
+#
+# Ping mode (exit 0 if php-fpm returned data): ./php-fpm-healthcheck
+#
+# Ping mode with data (outputs php-fpm status text): ./php-fpm-healthcheck -v
+#
+# Exit status codes:
+# 2,9,111 - Couldn't connect to PHP fpm, is it running?
+# 8 - Couldn't reach PHP fpm status page, have you configured it with `pm.status_path = /status`?
+# 1 - A healthcheck condition has failed
+# 3 - Invalid option given
+# 4 - One or more required softwares are missing
+#
+# Available options:
+# -v|--verbose
+#
+# Metric options, fails in case the CURRENT VALUE is bigger than the GIVEN VALUE
+# --accepted-conn=n
+# --listen-queue=n
+# --max-listen-queue=n
+# --idle-processes=n
+# --active-processes=n
+# --total-processes=n
+# --max-active-processes=n
+# --max-children-reached=n
+# --slow-requests=n
+#
+
+set -eu
+
+OPTIND=1 # Reset getopt in case it has been used previously in the shell
+
+# Required software
+FCGI_CMD_PATH=$(command -v cgi-fcgi) || { >&2 echo "Make sure fcgi is installed (i.e. apk add --no-cache fcgi). Aborting."; exit 4; }
+command -v sed 1> /dev/null || { >&2 echo "Make sure sed is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; }
+command -v tail 1> /dev/null || { >&2 echo "Make sure tail is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; }
+command -v grep 1> /dev/null || { >&2 echo "Make sure grep is installed (i.e. apk add --no-cache grep). Aborting."; exit 4; }
+
+# Get status from fastcgi connection
+# $1 - cgi-fcgi connect argument
+get_fpm_status() {
+    if test "$VERBOSE" = 1; then printf "Trying to connect to php-fpm via: %s%s\\n" "$1" "$SCRIPT_NAME"; fi;
+
+    # Since I cannot use pipefail I'll just split these in two commands
+    FPM_STATUS=$(env -i REQUEST_METHOD="$REQUEST_METHOD" SCRIPT_NAME="$SCRIPT_NAME" SCRIPT_FILENAME="$SCRIPT_FILENAME" "$FCGI_CMD_PATH" -bind -connect "$1" 2> /dev/null)
+    FPM_STATUS=$(echo "$FPM_STATUS" | tail -n +5)
+
+    if test "$VERBOSE" = 1; then printf "php-fpm status output:\\n%s\\n" "$FPM_STATUS"; fi;
+
+    if test "$FPM_STATUS" = "File not found."; then
+        >&2 printf "php-fpm status page non reachable\\n";
+        exit 8;
+    fi;
+}
+
+# $1 - fpm option
+# $2 - expected value threshold
+check_fpm_health_by() {
+    OPTION=$(echo "$1" | sed 's/--//g; s/-/ /g;')
+    VALUE_EXPECTED="$2";
+    VALUE_ACTUAL=$(echo "$FPM_STATUS" | grep "^$OPTION:" | cut -d: -f2 | sed 's/ //g')
+
+    if test "$VERBOSE" = 1; then printf "'%s' value '%s' and expected is less than '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED"; fi;
+
+    if test "$VALUE_ACTUAL" -gt "$VALUE_EXPECTED"; then
+        >&2 printf "'%s' value '%s' is greater than expected '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED";
+        exit 1;
+    fi;
+}
+
+PARAM_AMOUNT=0
+
+# $1 - fpm option
+# $2 - expected value threshold
+check_later() {
+    # The POSIX sh way to check if it's an integer, also the output is supressed since it's polution
+    if ! test "$2" -eq "$2" 2> /dev/null; then
+        >&2 printf "'%s' option value must be an integer, '%s' given\\n" "$1" "$2"; exit 3;
+    fi
+
+    PARAM_AMOUNT=$(( PARAM_AMOUNT + 1 ))
+
+    eval "PARAM_TO_CHECK$PARAM_AMOUNT=$1"
+    eval "VALUE_TO_CHECK$PARAM_AMOUNT=$2"
+}
+
+# From the PARAM_TO_CHECK/VALUE_TO_CHECK magic variables, do all the checks
+check_fpm_health() {
+    j=1
+    while [ $j -le $PARAM_AMOUNT ]; do
+        eval "CURRENT_PARAM=\$PARAM_TO_CHECK$j"
+        eval "CURRENT_VALUE=\$VALUE_TO_CHECK$j"
+        check_fpm_health_by "$CURRENT_PARAM" "$CURRENT_VALUE"
+        j=$(( j + 1 ))
+    done
+}
+
+if ! GETOPT=$(getopt -o v --long verbose,accepted-conn:,listen-queue:,max-listen-queue:,listen-queue-len:,idle-processes:,active-processes:,total-processes:,max-active-processes:,max-children-reached:,slow-requests: -n 'php-fpm-healthcheck' -- "$@"); then
+    >&2 echo "Invalid options, terminating." ; exit 3
+fi;
+
+eval set -- "$GETOPT"
+
+# FastCGI variables
+FCGI_CONNECT_DEFAULT="localhost:9000"
+FCGI_STATUS_PATH_DEFAULT="/status"
+
+export REQUEST_METHOD="GET"
+export SCRIPT_NAME="${FCGI_STATUS_PATH:-$FCGI_STATUS_PATH_DEFAULT}"
+export SCRIPT_FILENAME="${FCGI_STATUS_PATH:-$FCGI_STATUS_PATH_DEFAULT}"
+FCGI_CONNECT="${FCGI_CONNECT:-$FCGI_CONNECT_DEFAULT}"
+
+VERBOSE=0
+
+while test "$1"; do
+    case "$1" in
+        -v|--verbose ) VERBOSE=1; shift ;;
+        --) shift ; break ;;
+        * ) check_later "$1" "$2"; shift 2 ;;
+    esac
+done
+
+FPM_STATUS=false
+
+get_fpm_status "$FCGI_CONNECT"
+check_fpm_health