From 7fbf9afa756d47565d4aa6c6fc4a34a8f7beb2f6 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Tue, 14 Dec 2021 23:05:23 -0500 Subject: [PATCH 01/16] Dockerfile: upgrade base to 9.0 --- .travis.yml | 7 +- Dockerfile-7.0 | 160 ----------------- Dockerfile-7.1 | 162 ------------------ Dockerfile-7.2 | 160 ----------------- Dockerfile-7.4 | 2 +- ...erfile-7.3-alpine => Dockerfile-7.4-alpine | 11 +- Dockerfile-8.0 | 2 +- Dockerfile-7.3 => Dockerfile-8.1 | 94 +++++----- container/root/tests/php-fpm/7.0.goss.yaml | 17 -- container/root/tests/php-fpm/7.1.goss.yaml | 17 -- container/root/tests/php-fpm/7.2.goss.yaml | 17 -- ...-alpine.goss.yaml => 7.4-alpine.goss.yaml} | 4 +- .../php-fpm/{7.3.goss.yaml => 8.1.goss.yaml} | 6 +- 13 files changed, 55 insertions(+), 604 deletions(-) delete mode 100644 Dockerfile-7.0 delete mode 100644 Dockerfile-7.1 delete mode 100644 Dockerfile-7.2 rename Dockerfile-7.3-alpine => Dockerfile-7.4-alpine (97%) rename Dockerfile-7.3 => Dockerfile-8.1 (72%) delete mode 100644 container/root/tests/php-fpm/7.0.goss.yaml delete mode 100644 container/root/tests/php-fpm/7.1.goss.yaml delete mode 100644 container/root/tests/php-fpm/7.2.goss.yaml rename container/root/tests/php-fpm/{7.3-alpine.goss.yaml => 7.4-alpine.goss.yaml} (89%) rename container/root/tests/php-fpm/{7.3.goss.yaml => 8.1.goss.yaml} (93%) diff --git a/.travis.yml b/.travis.yml index d5d2422..3085780 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,13 +1,10 @@ sudo: required env: - - PHP_VARIANT=7.0 - - PHP_VARIANT=7.1 - - PHP_VARIANT=7.2 - - PHP_VARIANT=7.3 - - PHP_VARIANT=7.3-alpine + - PHP_VARIANT=7.4-alpine - PHP_VARIANT=7.4 - PHP_VARIANT=8.0 + - PHP_VARIANT=8.1 services: - docker diff --git a/Dockerfile-7.0 b/Dockerfile-7.0 deleted file mode 100644 index 31f9845..0000000 --- a/Dockerfile-7.0 +++ /dev/null @@ -1,160 +0,0 @@ -FROM behance/docker-nginx:8.10 -LABEL maintainers="Behance Team " - -# Set TERM to suppress warning messages. -ENV CONF_PHPFPM=/etc/php/7.0/fpm/php-fpm.conf \ - CONF_PHPMODS=/etc/php/7.0/mods-available \ - CONF_FPMPOOL=/etc/php/7.0/fpm/pool.d/www.conf \ - CONF_FPMOVERRIDES=/etc/php/7.0/fpm/conf.d/overrides.user.ini \ - APP_ROOT=/app \ - SERVER_WORKER_CONNECTIONS=3072 \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_CLIENT_HEADER_BUFFER_SIZE=1k \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_LARGE_CLIENT_HEADER_BUFFERS="4 256k" \ - PHP_FPM_MAX_CHILDREN=4096 \ - PHP_FPM_START_SERVERS=20 \ - PHP_FPM_MAX_REQUESTS=1024 \ - PHP_FPM_MIN_SPARE_SERVERS=5 \ - PHP_FPM_MAX_SPARE_SERVERS=128 \ - PHP_FPM_MEMORY_LIMIT=256M \ - PHP_FPM_MAX_EXECUTION_TIME=60 \ - PHP_FPM_UPLOAD_MAX_FILESIZE=1M \ - PHP_OPCACHE_MEMORY_CONSUMPTION=128 \ - PHP_OPCACHE_INTERNED_STRINGS_BUFFER=16 \ - PHP_OPCACHE_MAX_WASTED_PERCENTAGE=5 \ - PHP_OPCACHE_ENABLE_CLI=1 \ - PHP_ENGINE_VERSION=20151012 \ - CFG_APP_DEBUG=1 - -# - Update security packages, only -RUN /bin/bash -e /security_updates.sh && \ - apt-get install -yqq --no-install-recommends \ - gpg-agent \ - git \ - curl \ - wget \ - software-properties-common \ - locales \ - && \ - locale-gen en_US.UTF-8 && export LANG=en_US.UTF-8 && \ - add-apt-repository ppa:ondrej/php -y && \ - echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list && \ - wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - && \ - # Prevent newrelic install from prompting for input \ - echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections && \ - echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections && \ - # Perform cleanup \ - apt-get remove --purge -yq \ - patch \ - software-properties-common \ - locales \ - wget \ - && \ - /bin/bash /clean.sh - -# Add PHP and support packages -COPY container/root/usr/local/bin/pecl-install /usr/local/bin -RUN apt-get update -q && \ - # Ensure PHP 5.5 + 5.6 + 7.1 don't accidentally get added by PPA - apt-mark hold \ - manpages \ - manpages-dev \ - apache2 \ - apache2-bin \ - libapache2-mod-php7.0 \ - php5.6-cli \ - php5.6-common \ - php5.6-json \ - php7.1-cli \ - php7.1-common \ - php7.1-json \ - php7.2-cli \ - php7.2-common \ - php7.2-json \ - php7.3-cli \ - php7.3-common \ - php7.3-json \ - php7.4-cli \ - php7.4-common \ - php7.4-json \ - && \ - apt-get -yqq install \ - php7.0 \ - php7.0-apcu \ - php7.0-bcmath \ - php7.0-bz2 \ - php7.0-curl \ - php7.0-fpm \ - php7.0-gd \ - php7.0-intl \ - php7.0-json \ - php7.0-mbstring \ - php7.0-mcrypt \ - php7.0-memcache \ - php7.0-pgsql \ - php7.0-xdebug \ - php7.0-xml \ - php7.0-yaml \ - php7.0-zip \ - newrelic-php5 \ - newrelic-php5-common \ - newrelic-daemon \ - # Order of operations issue is preventing this from being installed in alphabetical order - php7.0-mysql \ - # below required to compile non-packaged extensions - php7.0-dev \ - pkg-config \ - libmemcached-dev \ - pkg-config \ - zlib1g-dev \ - && \ - pecl-install \ - igbinary \ - memcached \ - msgpack \ - redis \ - && \ - apt-get remove --purge -yq \ - php7.0-dev \ - pkg-config \ - build-essential \ - cpp \ - cpp-7 \ - gcc \ - && \ - /bin/bash /clean.sh \ - && \ - phpenmod memcached && \ - phpenmod igbinary && \ - phpenmod msgpack && \ - phpdismod pdo_pgsql && \ - phpdismod pgsql && \ - phpdismod redis && \ - phpdismod yaml && \ - phpdismod xdebug && \ - # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder - cd /usr/lib/php && \ - ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ - # Remove unused agents for other PHP versions - cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ - cd / && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ - /bin/bash /clean.sh - -# Overlay the root filesystem from this repo -COPY ./container/root / - -# - Hack: share startup scripts between variant versions by symlinking -RUN ln -s /usr/sbin/php-fpm7.0 /usr/sbin/php-fpm && \ - # Override default ini values for both CLI + FPM - phpenmod overrides && \ - # Enable NewRelic via Ubuntu symlinks, but disable via extension command in file. Allows cross-variant startup scripts to function. - phpenmod newrelic && \ - # Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants - /bin/bash -e /prep-php.sh - -RUN goss -g /tests/php-fpm/7.0.goss.yaml validate && \ - /aufs_hack.sh - diff --git a/Dockerfile-7.1 b/Dockerfile-7.1 deleted file mode 100644 index 957d5f1..0000000 --- a/Dockerfile-7.1 +++ /dev/null @@ -1,162 +0,0 @@ -FROM behance/docker-nginx:8.10 -LABEL maintainers="Behance Team " - -# Set TERM to suppress warning messages. -ENV CONF_PHPFPM=/etc/php/7.1/fpm/php-fpm.conf \ - CONF_PHPMODS=/etc/php/7.1/mods-available \ - CONF_FPMPOOL=/etc/php/7.1/fpm/pool.d/www.conf \ - CONF_FPMOVERRIDES=/etc/php/7.1/fpm/conf.d/overrides.user.ini \ - APP_ROOT=/app \ - SERVER_WORKER_CONNECTIONS=3072 \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_CLIENT_HEADER_BUFFER_SIZE=1k \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_LARGE_CLIENT_HEADER_BUFFERS="4 256k" \ - PHP_FPM_MAX_CHILDREN=4096 \ - PHP_FPM_START_SERVERS=20 \ - PHP_FPM_MAX_REQUESTS=1024 \ - PHP_FPM_MIN_SPARE_SERVERS=5 \ - PHP_FPM_MAX_SPARE_SERVERS=128 \ - PHP_FPM_MEMORY_LIMIT=256M \ - PHP_FPM_MAX_EXECUTION_TIME=60 \ - PHP_FPM_UPLOAD_MAX_FILESIZE=1M \ - PHP_OPCACHE_MEMORY_CONSUMPTION=128 \ - PHP_OPCACHE_INTERNED_STRINGS_BUFFER=16 \ - PHP_OPCACHE_MAX_WASTED_PERCENTAGE=5 \ - PHP_OPCACHE_ENABLE_CLI=1 \ - PHP_ENGINE_VERSION=20160303 \ - CFG_APP_DEBUG=1 - -# - Update security packages, only -RUN /bin/bash -e /security_updates.sh && \ - apt-get install -yqq --no-install-recommends \ - gpg-agent \ - git \ - curl \ - wget \ - software-properties-common \ - locales \ - && \ - locale-gen en_US.UTF-8 && export LANG=en_US.UTF-8 && \ - add-apt-repository ppa:ondrej/php -y && \ - echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list && \ - wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - && \ - # Prevent newrelic install from prompting for input \ - echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections && \ - echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections && \ - # Perform cleanup \ - apt-get remove --purge -yq \ - patch \ - software-properties-common \ - locales \ - wget \ - && \ - /bin/bash /clean.sh - -# Add PHP and support packages -COPY container/root/usr/local/bin/pecl-install /usr/local/bin -RUN apt-get update -q && \ - # Ensure PHP 5.5 + 5.6 + 7.0 don't accidentally get added by PPA - apt-mark hold \ - manpages \ - manpages-dev \ - apache2 \ - apache2-bin \ - libapache2-mod-php7.1 \ - php5.6-cli \ - php5.6-common \ - php5.6-json \ - php7.0-cli \ - php7.0-common \ - php7.0-json \ - php7.2-cli \ - php7.2-common \ - php7.2-json \ - php7.3-cli \ - php7.3-common \ - php7.3-json \ - php7.4-cli \ - php7.4-common \ - php7.4-json \ - && \ - apt-get -yqq install \ - php7.1 \ - php7.1-apcu \ - php7.1-bcmath \ - php7.1-bz2 \ - php7.1-curl \ - php7.1-fpm \ - php7.1-gd \ - php7.1-intl \ - php7.1-json \ - php7.1-mbstring \ - php7.1-memcache \ - php7.1-mcrypt \ - php7.1-mysql \ - php7.1-pgsql \ - php7.1-xdebug \ - php7.1-xml \ - php7.1-yaml \ - php7.1-zip \ - php-xdebug \ - newrelic-php5 \ - newrelic-php5-common \ - newrelic-daemon \ - # below required to compile non-packaged extensions - php7.1-dev \ - pkg-config \ - libmemcached-dev \ - pkg-config \ - zlib1g-dev \ - && \ - pecl-install \ - igbinary \ - memcached \ - msgpack \ - redis \ - && \ - apt-get remove --purge -yq \ - php7.1-dev \ - pkg-config \ - build-essential \ - cpp \ - cpp-7 \ - gcc \ - && \ - /bin/bash /clean.sh \ - && \ - phpenmod memcached && \ - phpenmod igbinary && \ - phpenmod msgpack && \ - phpdismod pdo_pgsql && \ - phpdismod pgsql && \ - phpdismod redis && \ - phpdismod yaml && \ - phpdismod xdebug && \ - # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder - cd /usr/lib/php && \ - ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ - # Remove unused agents for other PHP versions - cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ - cd / && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ - /bin/bash /clean.sh - -# Overlay the root filesystem from this repo -COPY ./container/root / - -# - Make additional hacks to migrate files/config from 7.0 --> 7.1 folder -RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ - cp /etc/php/7.0/fpm/conf.d/overrides.user.ini $CONF_FPMOVERRIDES && \ - # Hack: share startup scripts between variant versions by symlinking \ - ln -s /usr/sbin/php-fpm7.1 /usr/sbin/php-fpm && \ - # Override default ini values for both CLI + FPM \ - phpenmod overrides && \ - # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. - phpenmod newrelic && \ - # - Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants - /bin/bash -e /prep-php.sh - -RUN goss -g /tests/php-fpm/7.1.goss.yaml validate && \ - /aufs_hack.sh diff --git a/Dockerfile-7.2 b/Dockerfile-7.2 deleted file mode 100644 index 2a3e522..0000000 --- a/Dockerfile-7.2 +++ /dev/null @@ -1,160 +0,0 @@ -FROM behance/docker-nginx:8.10 -LABEL maintainers="Behance Team " - -# Set TERM to suppress warning messages. -ENV CONF_PHPFPM=/etc/php/7.2/fpm/php-fpm.conf \ - CONF_PHPMODS=/etc/php/7.2/mods-available \ - CONF_FPMPOOL=/etc/php/7.2/fpm/pool.d/www.conf \ - CONF_FPMOVERRIDES=/etc/php/7.2/fpm/conf.d/overrides.user.ini \ - APP_ROOT=/app \ - SERVER_WORKER_CONNECTIONS=3072 \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_CLIENT_HEADER_BUFFER_SIZE=1k \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_LARGE_CLIENT_HEADER_BUFFERS="4 256k" \ - PHP_FPM_MAX_CHILDREN=4096 \ - PHP_FPM_START_SERVERS=20 \ - PHP_FPM_MAX_REQUESTS=1024 \ - PHP_FPM_MIN_SPARE_SERVERS=5 \ - PHP_FPM_MAX_SPARE_SERVERS=128 \ - PHP_FPM_MEMORY_LIMIT=256M \ - PHP_FPM_MAX_EXECUTION_TIME=60 \ - PHP_FPM_UPLOAD_MAX_FILESIZE=1M \ - PHP_OPCACHE_MEMORY_CONSUMPTION=128 \ - PHP_OPCACHE_INTERNED_STRINGS_BUFFER=16 \ - PHP_OPCACHE_MAX_WASTED_PERCENTAGE=5 \ - PHP_OPCACHE_ENABLE_CLI=1 \ - PHP_ENGINE_VERSION=20170718 \ - CFG_APP_DEBUG=1 - -# - Update security packages, only -RUN /bin/bash -e /security_updates.sh && \ - apt-get install -yqq --no-install-recommends \ - gpg-agent \ - git \ - curl \ - wget \ - software-properties-common \ - locales \ - && \ - locale-gen en_US.UTF-8 && export LANG=en_US.UTF-8 && \ - add-apt-repository ppa:ondrej/php -y && \ - echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list && \ - wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - && \ - # Prevent newrelic install from prompting for input \ - echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections && \ - echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections && \ - # Perform cleanup \ - apt-get remove --purge -yq \ - patch \ - software-properties-common \ - locales \ - wget \ - && \ - /bin/bash /clean.sh - -# Add PHP and support packages -COPY container/root/usr/local/bin/pecl-install /usr/local/bin -RUN apt-get update -q && \ - # Ensure PHP 5.5 + 5.6 + 7.1 don't accidentally get added by PPA - apt-mark hold \ - manpages \ - manpages-dev \ - apache2 \ - apache2-bin \ - libapache2-mod-php7.2 \ - php5.6-cli \ - php5.6-common \ - php5.6-json \ - php7.0-cli \ - php7.0-common \ - php7.0-json \ - php7.1-cli \ - php7.1-common \ - php7.1-json \ - php7.3-cli \ - php7.3-common \ - php7.3-json \ - php7.4-cli \ - php7.4-common \ - php7.4-json \ - && \ - apt-get -yqq install \ - php7.2 \ - php7.2-apcu \ - php7.2-bcmath \ - php7.2-bz2 \ - php7.2-curl \ - php7.2-fpm \ - php7.2-gd \ - php7.2-intl \ - php7.2-json \ - php7.2-mbstring \ - php7.2-memcache \ - php7.2-mysql \ - php7.2-pgsql \ - php7.2-xdebug \ - php7.2-xml \ - php7.2-yaml \ - php7.2-zip \ - newrelic-php5 \ - newrelic-php5-common \ - newrelic-daemon \ - # below required to compile non-packaged extensions - php7.2-dev \ - pkg-config \ - libmemcached-dev \ - pkg-config \ - zlib1g-dev \ - && \ - pecl-install \ - igbinary \ - memcached \ - msgpack \ - redis \ - && \ - apt-get remove --purge -yq \ - php7.2-dev \ - pkg-config \ - build-essential \ - cpp \ - cpp-7 \ - gcc \ - && \ - /bin/bash /clean.sh \ - && \ - phpenmod memcached && \ - phpenmod igbinary && \ - phpenmod msgpack && \ - phpdismod pdo_pgsql && \ - phpdismod pgsql && \ - phpdismod redis && \ - phpdismod yaml && \ - phpdismod xdebug && \ - # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder - cd /usr/lib/php && \ - ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ - # Remove unused agents for other PHP versions - cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ - cd / && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ - /bin/bash /clean.sh - -# Overlay the root filesystem from this repo -COPY ./container/root / - -# - Make additional hacks to migrate files/config from 7.0 --> 7.2 folder -RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ - cp /etc/php/7.0/fpm/conf.d/overrides.user.ini $CONF_FPMOVERRIDES && \ - # Hack: share startup scripts between variant versions by symlinking \ - ln -s /usr/sbin/php-fpm7.2 /usr/sbin/php-fpm && \ - # Override default ini values for both CLI + FPM \ - phpenmod overrides && \ - # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. - phpenmod newrelic && \ - # - Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants - /bin/bash -e /prep-php.sh - -RUN goss -g /tests/php-fpm/7.2.goss.yaml validate && \ - /aufs_hack.sh diff --git a/Dockerfile-7.4 b/Dockerfile-7.4 index a3444f8..aee066d 100644 --- a/Dockerfile-7.4 +++ b/Dockerfile-7.4 @@ -1,4 +1,4 @@ -FROM behance/docker-nginx:8.10 +FROM behance/docker-nginx:9.0 LABEL maintainers="Behance Team " # Set TERM to suppress warning messages. diff --git a/Dockerfile-7.3-alpine b/Dockerfile-7.4-alpine similarity index 97% rename from Dockerfile-7.3-alpine rename to Dockerfile-7.4-alpine index 6a277f7..422851f 100644 --- a/Dockerfile-7.3-alpine +++ b/Dockerfile-7.4-alpine @@ -1,4 +1,4 @@ -FROM behance/docker-nginx:8.10-alpine +FROM behance/docker-nginx:9.0-alpine LABEL maintainers="Behance Team " # Set TERM to suppress warning messages. @@ -78,10 +78,11 @@ RUN apk update && \ php7-xmlwriter \ php7-xsl \ php7-zip \ - php7-zlib \ - && \ + php7-zlib + +RUN \ # Disable xdebug by default \ - sed -i 's/zend_extension\s\?=/;zend_extension =/' $CONF_PHPMODS/xdebug.ini && \ + sed -i 's/zend_extension\s\?=/;zend_extension =/' $CONF_PHPMODS/50_xdebug.ini && \ # Disable postgres by default \ sed -i 's/extension/;extension/' $CONF_PHPMODS/01_pdo_pgsql.ini && \ sed -i 's/extension/;extension/' $CONF_PHPMODS/00_pgsql.ini && \ @@ -144,5 +145,5 @@ RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ ln -s /usr/sbin/php-fpm7 /usr/sbin/php-fpm && \ /bin/bash -e prep-php.sh -RUN goss -g /tests/php-fpm/7.3-alpine.goss.yaml validate && \ +RUN goss -g /tests/php-fpm/7.4-alpine.goss.yaml validate && \ /aufs_hack.sh diff --git a/Dockerfile-8.0 b/Dockerfile-8.0 index 0cb3c5b..e803ed7 100644 --- a/Dockerfile-8.0 +++ b/Dockerfile-8.0 @@ -1,4 +1,4 @@ -FROM behance/docker-nginx:8.9 +FROM behance/docker-nginx:9.0 LABEL maintainers="Behance Team " # Set TERM to suppress warning messages. diff --git a/Dockerfile-7.3 b/Dockerfile-8.1 similarity index 72% rename from Dockerfile-7.3 rename to Dockerfile-8.1 index f5ed32a..00a491b 100644 --- a/Dockerfile-7.3 +++ b/Dockerfile-8.1 @@ -1,11 +1,11 @@ -FROM behance/docker-nginx:8.10 +FROM behance/docker-nginx:9.0 LABEL maintainers="Behance Team " # Set TERM to suppress warning messages. -ENV CONF_PHPFPM=/etc/php/7.3/fpm/php-fpm.conf \ - CONF_PHPMODS=/etc/php/7.3/mods-available \ - CONF_FPMPOOL=/etc/php/7.3/fpm/pool.d/www.conf \ - CONF_FPMOVERRIDES=/etc/php/7.3/fpm/conf.d/overrides.user.ini \ +ENV CONF_PHPFPM=/etc/php/8.1/fpm/php-fpm.conf \ + CONF_PHPMODS=/etc/php/8.1/mods-available \ + CONF_FPMPOOL=/etc/php/8.1/fpm/pool.d/www.conf \ + CONF_FPMOVERRIDES=/etc/php/8.1/fpm/conf.d/overrides.user.ini \ APP_ROOT=/app \ SERVER_WORKER_CONNECTIONS=3072 \ SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ @@ -24,7 +24,7 @@ ENV CONF_PHPFPM=/etc/php/7.3/fpm/php-fpm.conf \ PHP_OPCACHE_INTERNED_STRINGS_BUFFER=16 \ PHP_OPCACHE_MAX_WASTED_PERCENTAGE=5 \ PHP_OPCACHE_ENABLE_CLI=1 \ - PHP_ENGINE_VERSION=20180731 \ + PHP_ENGINE_VERSION=20200930 \ CFG_APP_DEBUG=1 # - Update security packages, only @@ -56,13 +56,13 @@ RUN /bin/bash -e /security_updates.sh && \ # Add PHP and support packages COPY container/root/usr/local/bin/pecl-install /usr/local/bin RUN apt-get update -q && \ - # Ensure PHP 5.5 + 5.6 + 7.1 don't accidentally get added by PPA + # Ensure old versions of PHP don't accidentally get added by PPA maintainers apt-mark hold \ manpages \ manpages-dev \ apache2 \ apache2-bin \ - libapache2-mod-php7.3 \ + libapache2-mod-php7.4 \ php5.6-cli \ php5.6-common \ php5.6-json \ @@ -75,51 +75,35 @@ RUN apt-get update -q && \ php7.2-cli \ php7.2-common \ php7.2-json \ + php7.3-cli \ + php7.3-common \ + php7.3-json \ php7.4-cli \ php7.4-common \ - php7.4-json \ - && \ - apt-get -yqq install \ - php7.3 \ - php7.3-apcu \ - php7.3-bcmath \ - php7.3-bz2 \ - php7.3-curl \ - php7.3-fpm \ - php7.3-gd \ - php7.3-intl \ - php7.3-json \ - php7.3-mbstring \ - php7.3-memcache \ - php7.3-mysql \ - php7.3-pgsql \ - php7.3-xdebug \ - php7.3-xml \ - php7.3-yaml \ - php7.3-zip \ + php7.4-json + +RUN apt-get -yqq install \ + php8.1 \ + php8.1-apcu \ + php8.1-bcmath \ + php8.1-bz2 \ + php8.1-curl \ + php8.1-fpm \ + php8.1-gd \ + php8.1-intl \ + php8.1-mbstring \ + php8.1-memcache \ + php8.1-memcached \ + php8.1-mysql \ + php8.1-pgsql \ + php8.1-redis \ + php8.1-xdebug \ + php8.1-xml \ + php8.1-yaml \ + php8.1-zip \ newrelic-php5 \ newrelic-php5-common \ newrelic-daemon \ - # below required to compile non-packaged extensions - php7.3-dev \ - pkg-config \ - libmemcached-dev \ - pkg-config \ - zlib1g-dev \ - && \ - pecl-install \ - igbinary \ - memcached \ - msgpack \ - redis \ - && \ - apt-get remove --purge -yq \ - php7.3-dev \ - pkg-config \ - build-essential \ - cpp \ - cpp-7 \ - gcc \ && \ /bin/bash /clean.sh \ && \ @@ -134,6 +118,8 @@ RUN apt-get update -q && \ # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder cd /usr/lib/php && \ ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ + rm -rf /usr/lib/php/7.4 && \ + rm -rf /usr/lib/php/8.0 && \ # Remove unused agents for other PHP versions cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ cd / && \ @@ -144,22 +130,22 @@ RUN apt-get update -q && \ # Overlay the root filesystem from this repo COPY ./container/root / -# - Make additional hacks to migrate files/config from 7.0 --> 7.3 folder +# - Make additional hacks to migrate files/config from 7.0 --> 8.1 folder RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ cp /etc/php/7.0/fpm/conf.d/overrides.user.ini $CONF_FPMOVERRIDES && \ # Hack: share startup scripts between variant versions by symlinking \ - ln -s /usr/sbin/php-fpm7.3 /usr/sbin/php-fpm && \ + ln -s /usr/sbin/php-fpm8.1 /usr/sbin/php-fpm && \ # Override default ini values for both CLI + FPM \ phpenmod overrides && \ # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. phpenmod newrelic && \ # Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants /bin/bash -e /prep-php.sh && \ - # Add new 7.3+ conf + # New 7.3+ specific configuration sed -i "s/;decorate_workers_output.*/decorate_workers_output = no/" $CONF_FPMPOOL # HACK: workaround for https://github.com/aelsabbahy/goss/issues/392 -# Run the child and parent test configs separately -RUN goss -g /tests/php-fpm/base.goss.yaml validate && \ - goss -g /tests/php-fpm/7.3.goss.yaml validate && \ +# Run the child and parent test configs separately instead of leveraging inheritance +RUN goss -g /tests/php-fpm/8.1.goss.yaml validate && \ + goss -g /tests/php-fpm/base.goss.yaml validate && \ /aufs_hack.sh diff --git a/container/root/tests/php-fpm/7.0.goss.yaml b/container/root/tests/php-fpm/7.0.goss.yaml deleted file mode 100644 index 0a83643..0000000 --- a/container/root/tests/php-fpm/7.0.goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -gossfile: - base.goss.yaml: {} - -command: - # IMPORTANT: confirm the major/minor version of PHP itself - php -r 'echo PHP_MAJOR_VERSION;': - exit-status: 0 - stdout: [7] - php -r 'echo PHP_MINOR_VERSION;': - exit-status: 0 - stdout: [0] - php-fpm7.0 -v: - exit-status: 0 - stdout: [PHP 7.0] - # Not common to all variants, test in supported children - php -m | grep -i memcache: - exit-status: 0 diff --git a/container/root/tests/php-fpm/7.1.goss.yaml b/container/root/tests/php-fpm/7.1.goss.yaml deleted file mode 100644 index 24fe5e1..0000000 --- a/container/root/tests/php-fpm/7.1.goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -gossfile: - base.goss.yaml: {} - -command: - # IMPORTANT: confirm the major/minor version of PHP itself - php -r 'echo PHP_MAJOR_VERSION;': - exit-status: 0 - stdout: [7] - php -r 'echo PHP_MINOR_VERSION;': - exit-status: 0 - stdout: [1] - php-fpm7.1 -v: - exit-status: 0 - stdout: [PHP 7.1] - # Not common to all variants, test in supported children - php -m | grep -i memcache: - exit-status: 0 diff --git a/container/root/tests/php-fpm/7.2.goss.yaml b/container/root/tests/php-fpm/7.2.goss.yaml deleted file mode 100644 index c04eb8f..0000000 --- a/container/root/tests/php-fpm/7.2.goss.yaml +++ /dev/null @@ -1,17 +0,0 @@ -gossfile: - base.goss.yaml: {} - -command: - # IMPORTANT: confirm the major/minor version of PHP itself - php -r 'echo PHP_MAJOR_VERSION;': - exit-status: 0 - stdout: [7] - php -r 'echo PHP_MINOR_VERSION;': - exit-status: 0 - stdout: [2] - php-fpm7.2 -v: - exit-status: 0 - stdout: [PHP 7.2] - # Not common to all variants, test in supported children - php -m | grep -i memcache: - exit-status: 0 diff --git a/container/root/tests/php-fpm/7.3-alpine.goss.yaml b/container/root/tests/php-fpm/7.4-alpine.goss.yaml similarity index 89% rename from container/root/tests/php-fpm/7.3-alpine.goss.yaml rename to container/root/tests/php-fpm/7.4-alpine.goss.yaml index b143750..3b83916 100644 --- a/container/root/tests/php-fpm/7.3-alpine.goss.yaml +++ b/container/root/tests/php-fpm/7.4-alpine.goss.yaml @@ -8,10 +8,10 @@ command: stdout: [7] php -r 'echo PHP_MINOR_VERSION;': exit-status: 0 - stdout: [3] + stdout: [4] php-fpm7 -m: exit-status: 0 stderr: ['!/./'] php-fpm7 -v: exit-status: 0 - stdout: [PHP 7.3] + stdout: [PHP 7.4] diff --git a/container/root/tests/php-fpm/7.3.goss.yaml b/container/root/tests/php-fpm/8.1.goss.yaml similarity index 93% rename from container/root/tests/php-fpm/7.3.goss.yaml rename to container/root/tests/php-fpm/8.1.goss.yaml index 1dcfd64..c820cda 100644 --- a/container/root/tests/php-fpm/7.3.goss.yaml +++ b/container/root/tests/php-fpm/8.1.goss.yaml @@ -10,13 +10,13 @@ command: # IMPORTANT: confirm the major/minor version of PHP itself php -r 'echo PHP_MAJOR_VERSION;': exit-status: 0 - stdout: [7] + stdout: [8] php -r 'echo PHP_MINOR_VERSION;': exit-status: 0 - stdout: [3] + stdout: [1] php-fpm -v: exit-status: 0 - stdout: [PHP 7.3] + stdout: [PHP 8.1] # Not common to all variants, test in supported children php -m | grep -i memcache: exit-status: 0 From 86c515ac141ef819f3a7232c57a6391e4a30c91a Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Tue, 14 Dec 2021 23:48:33 -0500 Subject: [PATCH 02/16] Github Actions: added CI and Publish jobs --- .github/workflows/ci.yml | 102 ++++++++++++++++++++++++++++++++++ .github/workflows/publish.yml | 69 +++++++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..e8e8006 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,102 @@ +name: ci + +on: + pull_request: + branches: [ master ] + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + props: + - Dockerfile: Dockerfile-7.4 + - Dockerfile: Dockerfile-7.4-alpine + - Dockerfile: Dockerfile-8.0 + - Dockerfile: Dockerfile-8.1 + platform: + - linux/amd64 + - linux/arm64 + env: + TEST_MATCH: Welcome to nginx! + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Detect host configuration + run: | + # NOTE: Docker host configuration determines the networking target for integration testing + v=$(mount | grep "/run/docker.sock") + TARGET_HOST= + + if [ -n "$v" ]; then + echo "Injected docker socket detected" + TARGET_HOST="host.docker.internal" + elif [ -S /var/run/docker.sock ]; then + TARGET_HOST="localhost" + else + echo "No Docker socket detected, fail" + exit 1 + fi + echo "TARGET_HOST=${TARGET_HOST}" >> $GITHUB_ENV + - + # Build and execute in multiple configurations: vanilla, with env overrides, with TLS enabled + name: Build and test + run: | + # NOTE: docker qemu and buildx setup actions create a black hole for build cache layers, avoid unless pushing externally + # Setup multi-arch platforms, noop if already installed for builder + docker run --privileged --rm tonistiigi/binfmt --install arm64,amd64 + + TARGET_PLATFORM=${{ matrix.platform }} + TARGET_DOCKERFILE=${{ matrix.props.Dockerfile }} + + # Since containers may or may not be against the same docker engine, create a matrix-unique tag name for outputs + TAG_NAME="docker-php-${TARGET_DOCKERFILE}-${TARGET_PLATFORM}" + # Formats as lowercase + TAG_NAME=$(echo $TAG_NAME | tr '[:upper:]' '[:lower:]') + # Removes slashes + TAG_NAME=$(echo $TAG_NAME | sed 's/\///') + + echo $TAG_NAME + + docker buildx build --platform $TARGET_PLATFORM --iidfile $TAG_NAME -t $TAG_NAME -f $TARGET_DOCKERFILE . + + # NOTE: multi-arch builds may not be accessible by docker tag, instead target by ID + BUILD_SHA=$(cat ./$TAG_NAME) + + # Remove sha256: from tag identifier + BUILD_SHA=$(echo $BUILD_SHA | sed 's/sha256\://') + + # Generate self-signed certificates + mkdir -p certs + openssl genrsa -out ./certs/ca.key 2048 + openssl req -new -key ./certs/ca.key -out ./certs/ca.csr -subj '/CN=localhost' + openssl x509 -req -days 365 -in ./certs/ca.csr -signkey ./certs/ca.key -out ./certs/ca.crt + + # Run various configurations of containers + CONTAINER_VANILLA=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d $BUILD_SHA) + CONTAINER_ENV_FILE=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d --env-file ./.test.env $BUILD_SHA) + CONTAINER_HTTPS=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d -e SERVER_ENABLE_HTTPS=true -v $(pwd)/certs:/etc/nginx/certs:ro $BUILD_SHA) + + # Retrieve dynamically-allocated host port + VANILLA_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_VANILLA) + ENV_FILE_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_ENV_FILE) + HTTPS_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_HTTPS) + + # Wait for containers to boot (in background) + sleep 5 + + TARGET_HOST=${{ env.TARGET_HOST }} + echo "HOSTING ${TARGET_HOST}" + + # Check for nginx test page response + curl ${TARGET_HOST}:${VANILLA_PORT} | grep "${{ env.TEST_MATCH }}" + curl ${TARGET_HOST}:${ENV_FILE_PORT} | grep "${{ env.TEST_MATCH }}" + curl -k https://${TARGET_HOST}:${HTTPS_PORT} | grep "${{ env.TEST_MATCH }}" + + # Cleanup + docker kill $CONTAINER_VANILLA + docker kill $CONTAINER_ENV_FILE + docker kill $CONTAINER_HTTPS + docker rmi $BUILD_SHA diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..e02781c --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,69 @@ +name: publish + +on: + push: + tags: + - '*' + +jobs: + publish: + runs-on: ubuntu-latest + env: + IMAGE_BASE: behance/docker-php + strategy: + matrix: + props: + # Variant distributions all have semantic versions + PHP version + suffix (ex. 3.2.1-alpine) + - Dockerfile: Dockerfile-7.4 + suffix: 7.4 + - Dockerfile: Dockerfile-7.4-alpine + suffix: 7.4-alpine + - Dockerfile: Dockerfile-8.0 + suffix: 8.0 + - Dockerfile: Dockerfile-8.1 + suffix: 8.1 + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Add tag suffix + if: matrix.props.suffix + run: | + echo TAG_SUFFIX="-${{ matrix.props.suffix }}" >> $GITHUB_ENV + - + name: Docker meta + id: meta + if: github.event_name != 'pull_request' + uses: docker/metadata-action@v3 + with: + images: ${{ env.IMAGE_BASE }} + tags: | + type=semver,pattern={{major}}.{{minor}}.{{patch}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + flavor: | + latest=auto + suffix=${{ env.TAG_SUFFIX }} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build + push + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64,linux/arm64 + file: ${{ matrix.props.Dockerfile }} + tags: ${{ steps.meta.outputs.tags }} + push: ${{ github.event_name != 'pull_request' }} From 8d98ecabfe342e548cec7f85469a0fc73704f52f Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Wed, 15 Dec 2021 15:52:37 -0500 Subject: [PATCH 03/16] Tests: decorate output available everywhere --- container/root/tests/php-fpm/7.4.goss.yaml | 7 ------- container/root/tests/php-fpm/8.0.goss.yaml | 7 ------- container/root/tests/php-fpm/8.1.goss.yaml | 7 ------- container/root/tests/php-fpm/base.goss.yaml | 1 + 4 files changed, 1 insertion(+), 21 deletions(-) diff --git a/container/root/tests/php-fpm/7.4.goss.yaml b/container/root/tests/php-fpm/7.4.goss.yaml index ee83d05..b8969df 100644 --- a/container/root/tests/php-fpm/7.4.goss.yaml +++ b/container/root/tests/php-fpm/7.4.goss.yaml @@ -20,10 +20,3 @@ command: # Not common to all variants, test in supported children php -m | grep -i memcache: exit-status: 0 - -# Using workaround commands until https://github.com/aelsabbahy/goss/issues/392 is solved -file: - {{ .Env.CONF_FPMPOOL }}: - exists: true - contains: - - '/^decorate_workers_output = no/' diff --git a/container/root/tests/php-fpm/8.0.goss.yaml b/container/root/tests/php-fpm/8.0.goss.yaml index 79b904f..786d49f 100644 --- a/container/root/tests/php-fpm/8.0.goss.yaml +++ b/container/root/tests/php-fpm/8.0.goss.yaml @@ -20,10 +20,3 @@ command: # Not common to all variants, test in supported children php -m | grep -i memcache: exit-status: 0 - -# Using workaround commands until https://github.com/aelsabbahy/goss/issues/392 is solved -file: - {{ .Env.CONF_FPMPOOL }}: - exists: true - contains: - - '/^decorate_workers_output = no/' diff --git a/container/root/tests/php-fpm/8.1.goss.yaml b/container/root/tests/php-fpm/8.1.goss.yaml index c820cda..673aea9 100644 --- a/container/root/tests/php-fpm/8.1.goss.yaml +++ b/container/root/tests/php-fpm/8.1.goss.yaml @@ -20,10 +20,3 @@ command: # Not common to all variants, test in supported children php -m | grep -i memcache: exit-status: 0 - -# Using workaround commands until https://github.com/aelsabbahy/goss/issues/392 is solved -file: - {{ .Env.CONF_FPMPOOL }}: - exists: true - contains: - - '/^decorate_workers_output = no/' diff --git a/container/root/tests/php-fpm/base.goss.yaml b/container/root/tests/php-fpm/base.goss.yaml index 023c61d..817e1c9 100644 --- a/container/root/tests/php-fpm/base.goss.yaml +++ b/container/root/tests/php-fpm/base.goss.yaml @@ -179,6 +179,7 @@ file: - '/^request_terminate_timeout = \${PHP_FPM_MAX_EXECUTION_TIME}/' - '/^rlimit_files = 40000/' - '/^rlimit_core = unlimited/' + - '/^decorate_workers_output = no/' {{ .Env.CONF_PHPMODS }}/newrelic.ini: exists: true contains: From 711c65f24184f1be71911d3c628445a7d87eec46 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Wed, 15 Dec 2021 22:43:11 -0500 Subject: [PATCH 04/16] Dockerfile: moved scripts, added NR script Cleanup, space optimization --- Dockerfile-7.4 | 107 +++++++---------- Dockerfile-7.4-alpine | 67 +++++------ Dockerfile-8.0 | 110 +++++++----------- scripts/install-newrelic-alpine.sh | 49 ++++++++ scripts/install-newrelic-ubuntu.sh | 47 ++++++++ .../pecl-install => scripts/pecl-install.sh | 0 {container/root => scripts}/prep-php.sh | 3 + 7 files changed, 213 insertions(+), 170 deletions(-) create mode 100644 scripts/install-newrelic-alpine.sh create mode 100644 scripts/install-newrelic-ubuntu.sh rename container/root/usr/local/bin/pecl-install => scripts/pecl-install.sh (100%) rename {container/root => scripts}/prep-php.sh (96%) diff --git a/Dockerfile-7.4 b/Dockerfile-7.4 index aee066d..3e4e099 100644 --- a/Dockerfile-7.4 +++ b/Dockerfile-7.4 @@ -27,7 +27,14 @@ ENV CONF_PHPFPM=/etc/php/7.4/fpm/php-fpm.conf \ PHP_ENGINE_VERSION=20190902 \ CFG_APP_DEBUG=1 -# - Update security packages, only +COPY ./scripts/ /scripts/ + +# - Update security packages +# - Add PHP and support packages +# - Install NewRelic +# - Compile extensions +# - Enable/disable default extensions +# - Cleanup RUN /bin/bash -e /security_updates.sh && \ apt-get install -yqq --no-install-recommends \ gpg-agent \ @@ -39,45 +46,14 @@ RUN /bin/bash -e /security_updates.sh && \ && \ locale-gen en_US.UTF-8 && export LANG=en_US.UTF-8 && \ add-apt-repository ppa:ondrej/php -y && \ - echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list && \ - wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - && \ - # Prevent newrelic install from prompting for input \ - echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections && \ - echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections && \ - # Perform cleanup \ - apt-get remove --purge -yq \ - patch \ - software-properties-common \ - locales \ - wget \ - && \ - /bin/bash /clean.sh - -# Add PHP and support packages -COPY container/root/usr/local/bin/pecl-install /usr/local/bin -RUN apt-get update -q && \ + apt-get update -q && \ # Ensure old versions of PHP don't accidentally get added by PPA maintainers apt-mark hold \ - manpages \ - manpages-dev \ - apache2 \ - apache2-bin \ - libapache2-mod-php7.4 \ - php5.6-cli \ - php5.6-common \ - php5.6-json \ - php7.0-cli \ - php7.0-common \ - php7.0-json \ - php7.1-cli \ - php7.1-common \ - php7.1-json \ - php7.2-cli \ - php7.2-common \ - php7.2-json \ - php7.3-cli \ - php7.3-common \ - php7.3-json \ + apache2 \ + apache2-bin \ + libapache2-mod-php7.4 \ + manpages \ + manpages-dev \ && \ apt-get -yqq install \ php7.4 \ @@ -97,52 +73,52 @@ RUN apt-get update -q && \ php7.4-xml \ php7.4-yaml \ php7.4-zip \ - newrelic-php5 \ - newrelic-php5-common \ - newrelic-daemon \ # below required to compile non-packaged extensions php7.4-dev \ pkg-config \ libmemcached-dev \ - pkg-config \ zlib1g-dev \ && \ - pecl-install \ + /bin/bash -e /scripts/install-newrelic-ubuntu.sh && \ + /scripts/pecl-install.sh \ igbinary \ memcached \ msgpack \ redis \ && \ + phpenmod \ + memcached \ + igbinary \ + msgpack \ + && \ + phpdismod \ + pdo_pgsql \ + pgsql \ + redis \ + yaml \ + xdebug \ + && \ + curl -sS https://getcomposer.org/installer | php && \ + mv composer.phar /usr/local/bin/composer && \ apt-get remove --purge -yq \ - php7.4-dev \ - pkg-config \ build-essential \ cpp \ cpp-7 \ gcc \ + locales \ + patch \ + php7.4-dev \ + pkg-config \ + software-properties-common \ + wget \ && \ /bin/bash /clean.sh \ - && \ - phpenmod memcached && \ - phpenmod igbinary && \ - phpenmod msgpack && \ - phpdismod pdo_pgsql && \ - phpdismod pgsql && \ - phpdismod redis && \ - phpdismod yaml && \ - phpdismod xdebug && \ - # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder + # Remove extra extensions installed via packages for other versions of PHP, leaving only the active engine folder cd /usr/lib/php && \ ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ - rm -rf /usr/lib/php/7.3 && \ - # Remove unused agents for other PHP versions - cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ - cd / && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ - /bin/bash /clean.sh + cd / -# Overlay the root filesystem from this repo +# # Overlay the root filesystem from this repo COPY ./container/root / # - Make additional hacks to migrate files/config from 7.0 --> 7.4 folder @@ -155,9 +131,8 @@ RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. phpenmod newrelic && \ # Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants - /bin/bash -e /prep-php.sh && \ - # New 7.3+ specific configuration - sed -i "s/;decorate_workers_output.*/decorate_workers_output = no/" $CONF_FPMPOOL + /bin/bash -e /scripts/prep-php.sh + # HACK: workaround for https://github.com/aelsabbahy/goss/issues/392 # Run the child and parent test configs separately instead of leveraging inheritance diff --git a/Dockerfile-7.4-alpine b/Dockerfile-7.4-alpine index 422851f..6989b18 100644 --- a/Dockerfile-7.4-alpine +++ b/Dockerfile-7.4-alpine @@ -27,6 +27,14 @@ ENV CONF_PHPFPM=/etc/php7/php-fpm.conf \ PHP_ENGINE_VERSION=20180731 \ CFG_APP_DEBUG=1 +COPY ./scripts /scripts + +# - Update packages +# - Add PHP and support packages +# - Install NewRelic +# - Compile extensions +# - Enable/disable default extensions +# - Cleanup RUN apk update && \ apk add --no-cache \ git \ @@ -78,43 +86,12 @@ RUN apk update && \ php7-xmlwriter \ php7-xsl \ php7-zip \ - php7-zlib - -RUN \ - # Disable xdebug by default \ - sed -i 's/zend_extension\s\?=/;zend_extension =/' $CONF_PHPMODS/50_xdebug.ini && \ - # Disable postgres by default \ - sed -i 's/extension/;extension/' $CONF_PHPMODS/01_pdo_pgsql.ini && \ - sed -i 's/extension/;extension/' $CONF_PHPMODS/00_pgsql.ini && \ - /bin/bash -e /clean.sh - -# Locate and install latest Alpine-compatible NewRelic, seed with variables to be replaced -# Requires PHP to already be installed -RUN NEWRELIC_MUSL_PATH=$(curl -s https://download.newrelic.com/php_agent/release/ | grep 'linux-musl.tar.gz' | cut -d '"' -f2) && \ - NEWRELIC_PATH="https://download.newrelic.com${NEWRELIC_MUSL_PATH}" && \ - curl -L ${NEWRELIC_PATH} -o ./root/newrelic-musl.tar.gz && \ - cd /root && \ - gzip -dc newrelic-musl.tar.gz | tar xf - && \ - rm newrelic-musl.tar.gz && \ - NEWRELIC_DIRECTORY=/root/$(basename $(find . -maxdepth 1 -type d -name newrelic\*)) && \ - cd $NEWRELIC_DIRECTORY && \ - echo "\n" | ./newrelic-install install && \ - chown root:root $NEWRELIC_DIRECTORY/agent/x64/newrelic-${PHP_ENGINE_VERSION}.so && \ - mv $NEWRELIC_DIRECTORY/agent/x64/newrelic-${PHP_ENGINE_VERSION}.so /usr/lib/php7/modules/newrelic.so && \ - rm -rf $NEWRELIC_DIRECTORY/agent/x64 && \ - # Fix permissions on extracted folder \ - chown -R $NOT_ROOT_USER:$NOT_ROOT_USER * && \ - /bin/bash -e /clean.sh - -RUN curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer - -RUN apk update && \ - apk add --no-cache \ - yaml-dev \ - zlib-dev \ - libmemcached-dev \ - cyrus-sasl-dev \ + php7-zlib \ + # below required to compile non-packaged extensions + yaml-dev \ + zlib-dev \ + libmemcached-dev \ + cyrus-sasl-dev \ && \ apk add --no-cache --virtual .phpize_deps \ autoconf file g++ gcc libc-dev make pkgconf re2c php7-dev php7-pear \ @@ -130,8 +107,17 @@ RUN apk update && \ echo "extension=msgpack.so" > $CONF_PHPMODS/msgpack.ini && \ pecl install memcached && \ echo "extension=memcached.so" > $CONF_PHPMODS/memcached.ini && \ - rm -rf /usr/share/php7 && \ + # Disable xdebug by default \ + sed -i 's/zend_extension\s\?=/;zend_extension =/' $CONF_PHPMODS/50_xdebug.ini && \ + # Disable postgres by default \ + sed -i 's/extension/;extension/' $CONF_PHPMODS/01_pdo_pgsql.ini && \ + sed -i 's/extension/;extension/' $CONF_PHPMODS/00_pgsql.ini \ + && \ + /bin/bash -e /scripts/install-newrelic-alpine.sh && \ + curl -sS https://getcomposer.org/installer | php && \ + mv composer.phar /usr/local/bin/composer && \ apk del .phpize_deps && \ + # rm -rf /usr/share/php7 && \ /bin/bash -e /clean.sh # Overlay the root filesystem from this repo @@ -143,7 +129,10 @@ RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ # - Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants chown $NOT_ROOT_USER:$NOT_ROOT_USER /var/log/php7 && \ ln -s /usr/sbin/php-fpm7 /usr/sbin/php-fpm && \ - /bin/bash -e prep-php.sh + /bin/bash -e /scripts/prep-php.sh +# HACK: workaround for https://github.com/aelsabbahy/goss/issues/392 +# Run the child and parent test configs separately instead of leveraging inheritance RUN goss -g /tests/php-fpm/7.4-alpine.goss.yaml validate && \ + goss -g /tests/php-fpm/base.goss.yaml validate && \ /aufs_hack.sh diff --git a/Dockerfile-8.0 b/Dockerfile-8.0 index e803ed7..eea122d 100644 --- a/Dockerfile-8.0 +++ b/Dockerfile-8.0 @@ -27,7 +27,14 @@ ENV CONF_PHPFPM=/etc/php/8.0/fpm/php-fpm.conf \ PHP_ENGINE_VERSION=20200930 \ CFG_APP_DEBUG=1 -# - Update security packages, only +COPY ./scripts/ /scripts/ + +# - Update security packages +# - Add PHP and support packages +# - Install NewRelic +# - Compile extensions +# - Enable/disable default extensions +# - Cleanup RUN /bin/bash -e /security_updates.sh && \ apt-get install -yqq --no-install-recommends \ gpg-agent \ @@ -39,50 +46,16 @@ RUN /bin/bash -e /security_updates.sh && \ && \ locale-gen en_US.UTF-8 && export LANG=en_US.UTF-8 && \ add-apt-repository ppa:ondrej/php -y && \ - echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list && \ - wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - && \ - # Prevent newrelic install from prompting for input \ - echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections && \ - echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections && \ - # Perform cleanup \ - apt-get remove --purge -yq \ - patch \ - software-properties-common \ - locales \ - wget \ - && \ - /bin/bash /clean.sh - -# Add PHP and support packages -COPY container/root/usr/local/bin/pecl-install /usr/local/bin -RUN apt-get update -q && \ + apt-get update -q && \ # Ensure old versions of PHP don't accidentally get added by PPA maintainers apt-mark hold \ - manpages \ - manpages-dev \ - apache2 \ - apache2-bin \ - libapache2-mod-php7.4 \ - php5.6-cli \ - php5.6-common \ - php5.6-json \ - php7.0-cli \ - php7.0-common \ - php7.0-json \ - php7.1-cli \ - php7.1-common \ - php7.1-json \ - php7.2-cli \ - php7.2-common \ - php7.2-json \ - php7.3-cli \ - php7.3-common \ - php7.3-json \ - php7.4-cli \ - php7.4-common \ - php7.4-json - -RUN apt-get -yqq install \ + manpages \ + manpages-dev \ + apache2 \ + apache2-bin \ + libapache2-mod-php8.0 \ + && \ + apt-get -yqq install \ php8.0 \ php8.0-apcu \ php8.0-bcmath \ @@ -101,30 +74,39 @@ RUN apt-get -yqq install \ php8.0-xml \ php8.0-yaml \ php8.0-zip \ - newrelic-php5 \ - newrelic-php5-common \ - newrelic-daemon \ && \ - /bin/bash /clean.sh \ + /bin/bash -e /scripts/install-newrelic-ubuntu.sh && \ + phpenmod \ + memcached \ + igbinary \ + msgpack \ + && \ + phpdismod \ + pdo_pgsql \ + pgsql \ + redis \ + yaml \ + xdebug \ && \ - phpenmod memcached && \ - phpenmod igbinary && \ - phpenmod msgpack && \ - phpdismod pdo_pgsql && \ - phpdismod pgsql && \ - phpdismod redis && \ - phpdismod yaml && \ - phpdismod xdebug && \ + curl -sS https://getcomposer.org/installer | php && \ + mv composer.phar /usr/local/bin/composer && \ + apt-get remove --purge -yq \ + build-essential \ + cpp \ + cpp-7 \ + gcc \ + locales \ + patch \ + php7.4-dev \ + pkg-config \ + software-properties-common \ + wget \ + && \ + /bin/bash /clean.sh \ # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder cd /usr/lib/php && \ ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ - rm -rf /usr/lib/php/7.4 && \ - # Remove unused agents for other PHP versions - cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ - cd / && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ - /bin/bash /clean.sh + cd / # Overlay the root filesystem from this repo COPY ./container/root / @@ -139,9 +121,7 @@ RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. phpenmod newrelic && \ # Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants - /bin/bash -e /prep-php.sh && \ - # New 7.3+ specific configuration - sed -i "s/;decorate_workers_output.*/decorate_workers_output = no/" $CONF_FPMPOOL + /bin/bash -e /scripts/prep-php.sh # HACK: workaround for https://github.com/aelsabbahy/goss/issues/392 # Run the child and parent test configs separately instead of leveraging inheritance diff --git a/scripts/install-newrelic-alpine.sh b/scripts/install-newrelic-alpine.sh new file mode 100644 index 0000000..6d0c6cd --- /dev/null +++ b/scripts/install-newrelic-alpine.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +ARCH=$(archstring --x64 x64 --arm64 arm64) + +if [[ "$ARCH" == "x64" ]]; then + # Locate and install latest Alpine-compatible NewRelic, seed with variables to be replaced + # Requires PHP to already be installed + NEWRELIC_MUSL_PATH=$(curl -s https://download.newrelic.com/php_agent/release/ | grep 'linux-musl.tar.gz' | cut -d '"' -f2) + NEWRELIC_PATH="https://download.newrelic.com${NEWRELIC_MUSL_PATH}" + curl -L ${NEWRELIC_PATH} -o ./root/newrelic-musl.tar.gz + cd /root + gzip -dc newrelic-musl.tar.gz | tar xf - + rm newrelic-musl.tar.gz + NEWRELIC_DIRECTORY=/root/$(basename $(find . -maxdepth 1 -type d -name newrelic\*)) + cd $NEWRELIC_DIRECTORY + echo "\n" | ./newrelic-install install + chown root:root $NEWRELIC_DIRECTORY/agent/x64/newrelic-${PHP_ENGINE_VERSION}.so + mv $NEWRELIC_DIRECTORY/agent/x64/newrelic-${PHP_ENGINE_VERSION}.so /usr/lib/php7/modules/newrelic.so + rm -rf $NEWRELIC_DIRECTORY/agent/x64 + # Fix permissions on extracted folder + chown -R $NOT_ROOT_USER:$NOT_ROOT_USER * + exit 0 +fi + +echo "[newrelic] arm64 detected, compiling from source" +cd /root +git clone https://github.com/newrelic/newrelic-php-agent +cd newrelic-php-agent + +# Assumes apt cache is available, build-essential and phpXX-dev packages are already installed +apk add --no-cache --virtual .newrelic_deps \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + zlib-static \ + curl-dev \ + automake \ + libtool \ + make + +make all + +mkdir -p /var/log/newrelic +chmod 777 /var/log/newrelic +cp agent/scripts/newrelic.ini.template "${CONF_PHPMODS}"/newrelic.ini +cp bin/daemon /usr/bin/newrelic-daemon + +# Cleanup script-specific packages +apk del .newrelic_deps diff --git a/scripts/install-newrelic-ubuntu.sh b/scripts/install-newrelic-ubuntu.sh new file mode 100644 index 0000000..7dce26e --- /dev/null +++ b/scripts/install-newrelic-ubuntu.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +ARCH=$(archstring --x64 x64 --arm64 arm64) + +if [[ "$ARCH" == "x64" ]]; then + echo "[newrelic] x64 detected, installing pre-built packages" + + echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list + wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - + + # Prevent newrelic install from prompting for input + echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections + echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections + + apt-get update + apt-get install -yqq \ + newrelic-php5 \ + newrelic-php5-common \ + newrelic-daemon + + # Removes unused agents for other PHP versions + cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ + exit 0 +fi + +echo "[newrelic] arm64 detected, compiling from source" +cd /root +git clone https://github.com/newrelic/newrelic-php-agent + +# Assumes apt cache is available, build-essential and phpXX-dev packages are already installed +apt-get install -yqq \ + libssl-dev \ + libpcre3-dev \ + golang + +make all + +mkdir -p /var/log/newrelic +chmod 777 /var/log/newrelic +cp agent/scripts/newrelic.ini.template "${CONF_PHPMODS}"/newrelic.ini +cp bin/daemon /usr/bin/newrelic-daemon + +# Cleanup script-specific packages +apt-get remove --purge -yq \ + libssl-dev \ + libpcre3-dev \ + golang diff --git a/container/root/usr/local/bin/pecl-install b/scripts/pecl-install.sh similarity index 100% rename from container/root/usr/local/bin/pecl-install rename to scripts/pecl-install.sh diff --git a/container/root/prep-php.sh b/scripts/prep-php.sh similarity index 96% rename from container/root/prep-php.sh rename to scripts/prep-php.sh index 8abc884..51a8caa 100644 --- a/container/root/prep-php.sh +++ b/scripts/prep-php.sh @@ -45,6 +45,9 @@ sed -i "s/^;rlimit_files =.*/rlimit_files = 40000/" $CONF_FPMPOOL # - Set max core size rlimit for the master process. sed -i "s/^;rlimit_core =.*/rlimit_core = unlimited/" $CONF_FPMPOOL +# - When logging to stdout, don't wrap the message in any way +sed -i "s/;decorate_workers_output.*/decorate_workers_output = no/" $CONF_FPMPOOL + # - Allow NewRelic to be partially configured by environment variables, set sane defaults # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. From 864c40e5cc2aba3a02e521a6ea776e7f8218d1c3 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Wed, 15 Dec 2021 22:51:50 -0500 Subject: [PATCH 05/16] PHP 8.1: removed, not yet ready. --- Dockerfile-8.1 | 151 --------------------- container/root/tests/php-fpm/8.1.goss.yaml | 22 --- 2 files changed, 173 deletions(-) delete mode 100644 Dockerfile-8.1 delete mode 100644 container/root/tests/php-fpm/8.1.goss.yaml diff --git a/Dockerfile-8.1 b/Dockerfile-8.1 deleted file mode 100644 index 00a491b..0000000 --- a/Dockerfile-8.1 +++ /dev/null @@ -1,151 +0,0 @@ -FROM behance/docker-nginx:9.0 -LABEL maintainers="Behance Team " - -# Set TERM to suppress warning messages. -ENV CONF_PHPFPM=/etc/php/8.1/fpm/php-fpm.conf \ - CONF_PHPMODS=/etc/php/8.1/mods-available \ - CONF_FPMPOOL=/etc/php/8.1/fpm/pool.d/www.conf \ - CONF_FPMOVERRIDES=/etc/php/8.1/fpm/conf.d/overrides.user.ini \ - APP_ROOT=/app \ - SERVER_WORKER_CONNECTIONS=3072 \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_CLIENT_HEADER_BUFFER_SIZE=1k \ - SERVER_CLIENT_BODY_BUFFER_SIZE=128k \ - SERVER_LARGE_CLIENT_HEADER_BUFFERS="4 256k" \ - PHP_FPM_MAX_CHILDREN=4096 \ - PHP_FPM_START_SERVERS=20 \ - PHP_FPM_MAX_REQUESTS=1024 \ - PHP_FPM_MIN_SPARE_SERVERS=5 \ - PHP_FPM_MAX_SPARE_SERVERS=128 \ - PHP_FPM_MEMORY_LIMIT=256M \ - PHP_FPM_MAX_EXECUTION_TIME=60 \ - PHP_FPM_UPLOAD_MAX_FILESIZE=1M \ - PHP_OPCACHE_MEMORY_CONSUMPTION=128 \ - PHP_OPCACHE_INTERNED_STRINGS_BUFFER=16 \ - PHP_OPCACHE_MAX_WASTED_PERCENTAGE=5 \ - PHP_OPCACHE_ENABLE_CLI=1 \ - PHP_ENGINE_VERSION=20200930 \ - CFG_APP_DEBUG=1 - -# - Update security packages, only -RUN /bin/bash -e /security_updates.sh && \ - apt-get install -yqq --no-install-recommends \ - gpg-agent \ - git \ - curl \ - wget \ - software-properties-common \ - locales \ - && \ - locale-gen en_US.UTF-8 && export LANG=en_US.UTF-8 && \ - add-apt-repository ppa:ondrej/php -y && \ - echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list && \ - wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - && \ - # Prevent newrelic install from prompting for input \ - echo newrelic-php5 newrelic-php5/application-name string "REPLACE_NEWRELIC_APP" | debconf-set-selections && \ - echo newrelic-php5 newrelic-php5/license-key string "REPLACE_NEWRELIC_LICENSE" | debconf-set-selections && \ - # Perform cleanup \ - apt-get remove --purge -yq \ - patch \ - software-properties-common \ - locales \ - wget \ - && \ - /bin/bash /clean.sh - -# Add PHP and support packages -COPY container/root/usr/local/bin/pecl-install /usr/local/bin -RUN apt-get update -q && \ - # Ensure old versions of PHP don't accidentally get added by PPA maintainers - apt-mark hold \ - manpages \ - manpages-dev \ - apache2 \ - apache2-bin \ - libapache2-mod-php7.4 \ - php5.6-cli \ - php5.6-common \ - php5.6-json \ - php7.0-cli \ - php7.0-common \ - php7.0-json \ - php7.1-cli \ - php7.1-common \ - php7.1-json \ - php7.2-cli \ - php7.2-common \ - php7.2-json \ - php7.3-cli \ - php7.3-common \ - php7.3-json \ - php7.4-cli \ - php7.4-common \ - php7.4-json - -RUN apt-get -yqq install \ - php8.1 \ - php8.1-apcu \ - php8.1-bcmath \ - php8.1-bz2 \ - php8.1-curl \ - php8.1-fpm \ - php8.1-gd \ - php8.1-intl \ - php8.1-mbstring \ - php8.1-memcache \ - php8.1-memcached \ - php8.1-mysql \ - php8.1-pgsql \ - php8.1-redis \ - php8.1-xdebug \ - php8.1-xml \ - php8.1-yaml \ - php8.1-zip \ - newrelic-php5 \ - newrelic-php5-common \ - newrelic-daemon \ - && \ - /bin/bash /clean.sh \ - && \ - phpenmod memcached && \ - phpenmod igbinary && \ - phpenmod msgpack && \ - phpdismod pdo_pgsql && \ - phpdismod pgsql && \ - phpdismod redis && \ - phpdismod yaml && \ - phpdismod xdebug && \ - # Remove extra extensions installed via packages for other versions of PHP, leaving the active engine folder - cd /usr/lib/php && \ - ls -d */ | grep '[0-9]\{8\}' | grep -v ${PHP_ENGINE_VERSION} | xargs rm -rf && \ - rm -rf /usr/lib/php/7.4 && \ - rm -rf /usr/lib/php/8.0 && \ - # Remove unused agents for other PHP versions - cd /usr/lib/newrelic-php5/agent/x64 && ls | grep -v newrelic-${PHP_ENGINE_VERSION}.so | xargs rm && \ - cd / && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ - /bin/bash /clean.sh - -# Overlay the root filesystem from this repo -COPY ./container/root / - -# - Make additional hacks to migrate files/config from 7.0 --> 8.1 folder -RUN cp /etc/php/7.0/mods-available/* $CONF_PHPMODS && \ - cp /etc/php/7.0/fpm/conf.d/overrides.user.ini $CONF_FPMOVERRIDES && \ - # Hack: share startup scripts between variant versions by symlinking \ - ln -s /usr/sbin/php-fpm8.1 /usr/sbin/php-fpm && \ - # Override default ini values for both CLI + FPM \ - phpenmod overrides && \ - # Enable NewRelic via Ubuntu symlinks, but disable in file. Cross-variant startup script uncomments with env vars. - phpenmod newrelic && \ - # Run standard set of tweaks to ensure runs performant, reliably, and consistent between variants - /bin/bash -e /prep-php.sh && \ - # New 7.3+ specific configuration - sed -i "s/;decorate_workers_output.*/decorate_workers_output = no/" $CONF_FPMPOOL - -# HACK: workaround for https://github.com/aelsabbahy/goss/issues/392 -# Run the child and parent test configs separately instead of leveraging inheritance -RUN goss -g /tests/php-fpm/8.1.goss.yaml validate && \ - goss -g /tests/php-fpm/base.goss.yaml validate && \ - /aufs_hack.sh diff --git a/container/root/tests/php-fpm/8.1.goss.yaml b/container/root/tests/php-fpm/8.1.goss.yaml deleted file mode 100644 index 673aea9..0000000 --- a/container/root/tests/php-fpm/8.1.goss.yaml +++ /dev/null @@ -1,22 +0,0 @@ - -# Extended file tests will be overridden/ignored from parent -# Note: Other variants may not include extended file tests, are not susceptible -# @see https://github.com/aelsabbahy/goss/issues/392 - -# gossfile: -# base.goss.yaml: {} - -command: - # IMPORTANT: confirm the major/minor version of PHP itself - php -r 'echo PHP_MAJOR_VERSION;': - exit-status: 0 - stdout: [8] - php -r 'echo PHP_MINOR_VERSION;': - exit-status: 0 - stdout: [1] - php-fpm -v: - exit-status: 0 - stdout: [PHP 8.1] - # Not common to all variants, test in supported children - php -m | grep -i memcache: - exit-status: 0 From 61320dcbdbf3243485ab685905f6de7defe7877f Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 10:09:44 -0500 Subject: [PATCH 06/16] Newrelic: ubuntu compilation fixes --- scripts/install-newrelic-ubuntu.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install-newrelic-ubuntu.sh b/scripts/install-newrelic-ubuntu.sh index 7dce26e..8603775 100644 --- a/scripts/install-newrelic-ubuntu.sh +++ b/scripts/install-newrelic-ubuntu.sh @@ -26,6 +26,7 @@ fi echo "[newrelic] arm64 detected, compiling from source" cd /root git clone https://github.com/newrelic/newrelic-php-agent +cd newrelic-php-agent # Assumes apt cache is available, build-essential and phpXX-dev packages are already installed apt-get install -yqq \ From c4e7b2cd78bad5fe20f8dafd4aed578d2ecf500c Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 13:45:22 -0500 Subject: [PATCH 07/16] Dockerfile: moving dependencies up --- Dockerfile-7.4 | 6 ++++++ Dockerfile-8.0 | 13 ++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/Dockerfile-7.4 b/Dockerfile-7.4 index 3e4e099..f6175f6 100644 --- a/Dockerfile-7.4 +++ b/Dockerfile-7.4 @@ -78,6 +78,9 @@ RUN /bin/bash -e /security_updates.sh && \ pkg-config \ libmemcached-dev \ zlib1g-dev \ + libssl-dev \ + libpcre3-dev \ + golang \ && \ /bin/bash -e /scripts/install-newrelic-ubuntu.sh && \ /scripts/pecl-install.sh \ @@ -105,6 +108,9 @@ RUN /bin/bash -e /security_updates.sh && \ cpp \ cpp-7 \ gcc \ + golang \ + libpcre3-dev \ + libssl-dev \ locales \ patch \ php7.4-dev \ diff --git a/Dockerfile-8.0 b/Dockerfile-8.0 index eea122d..f1708f0 100644 --- a/Dockerfile-8.0 +++ b/Dockerfile-8.0 @@ -74,6 +74,14 @@ RUN /bin/bash -e /security_updates.sh && \ php8.0-xml \ php8.0-yaml \ php8.0-zip \ + # below required to compile non-packaged extensions + php8.0-dev \ + pkg-config \ + libmemcached-dev \ + zlib1g-dev \ + libssl-dev \ + libpcre3-dev \ + golang \ && \ /bin/bash -e /scripts/install-newrelic-ubuntu.sh && \ phpenmod \ @@ -95,9 +103,12 @@ RUN /bin/bash -e /security_updates.sh && \ cpp \ cpp-7 \ gcc \ + golang \ + libpcre3-dev \ + libssl-dev \ locales \ patch \ - php7.4-dev \ + php8.0-dev \ pkg-config \ software-properties-common \ wget \ From a4b637101e5796b5357e4032a2cf8de0ce0d26d4 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 13:47:39 -0500 Subject: [PATCH 08/16] Newrelic: moved package installs out --- scripts/install-newrelic-ubuntu.sh | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/scripts/install-newrelic-ubuntu.sh b/scripts/install-newrelic-ubuntu.sh index 8603775..cc7f231 100644 --- a/scripts/install-newrelic-ubuntu.sh +++ b/scripts/install-newrelic-ubuntu.sh @@ -28,21 +28,9 @@ cd /root git clone https://github.com/newrelic/newrelic-php-agent cd newrelic-php-agent -# Assumes apt cache is available, build-essential and phpXX-dev packages are already installed -apt-get install -yqq \ - libssl-dev \ - libpcre3-dev \ - golang - make all mkdir -p /var/log/newrelic chmod 777 /var/log/newrelic cp agent/scripts/newrelic.ini.template "${CONF_PHPMODS}"/newrelic.ini cp bin/daemon /usr/bin/newrelic-daemon - -# Cleanup script-specific packages -apt-get remove --purge -yq \ - libssl-dev \ - libpcre3-dev \ - golang From ab05e693809c520c0e76e27126f65642839a8455 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 16:00:57 -0500 Subject: [PATCH 09/16] Github Actions: updating workflows --- .github/workflows/ci.yml | 26 +++++++++----------------- .github/workflows/publish.yml | 22 +++++++++++++++++----- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8e8006..ad2d588 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,14 +11,20 @@ jobs: matrix: props: - Dockerfile: Dockerfile-7.4 + version: 7.4 - Dockerfile: Dockerfile-7.4-alpine + version: 7.4 - Dockerfile: Dockerfile-8.0 - - Dockerfile: Dockerfile-8.1 + version: 8.0 platform: - linux/amd64 - - linux/arm64 + # - linux/arm64 + exclude: + - props: + Dockerfile: Dockerfile-7.4-alpine + - platform: linux/arm64 env: - TEST_MATCH: Welcome to nginx! + TEST_MATCH: PHP Version ${{ matrix.props.version }} steps: - name: Checkout @@ -68,21 +74,11 @@ jobs: # Remove sha256: from tag identifier BUILD_SHA=$(echo $BUILD_SHA | sed 's/sha256\://') - # Generate self-signed certificates - mkdir -p certs - openssl genrsa -out ./certs/ca.key 2048 - openssl req -new -key ./certs/ca.key -out ./certs/ca.csr -subj '/CN=localhost' - openssl x509 -req -days 365 -in ./certs/ca.csr -signkey ./certs/ca.key -out ./certs/ca.crt - # Run various configurations of containers CONTAINER_VANILLA=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d $BUILD_SHA) - CONTAINER_ENV_FILE=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d --env-file ./.test.env $BUILD_SHA) - CONTAINER_HTTPS=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d -e SERVER_ENABLE_HTTPS=true -v $(pwd)/certs:/etc/nginx/certs:ro $BUILD_SHA) # Retrieve dynamically-allocated host port VANILLA_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_VANILLA) - ENV_FILE_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_ENV_FILE) - HTTPS_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_HTTPS) # Wait for containers to boot (in background) sleep 5 @@ -92,11 +88,7 @@ jobs: # Check for nginx test page response curl ${TARGET_HOST}:${VANILLA_PORT} | grep "${{ env.TEST_MATCH }}" - curl ${TARGET_HOST}:${ENV_FILE_PORT} | grep "${{ env.TEST_MATCH }}" - curl -k https://${TARGET_HOST}:${HTTPS_PORT} | grep "${{ env.TEST_MATCH }}" # Cleanup docker kill $CONTAINER_VANILLA - docker kill $CONTAINER_ENV_FILE - docker kill $CONTAINER_HTTPS docker rmi $BUILD_SHA diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e02781c..ead1151 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,14 +14,24 @@ jobs: matrix: props: # Variant distributions all have semantic versions + PHP version + suffix (ex. 3.2.1-alpine) + props: - Dockerfile: Dockerfile-7.4 - suffix: 7.4 + version: 7.4 + prefix: 7.4 - Dockerfile: Dockerfile-7.4-alpine - suffix: 7.4-alpine + version: 7.4 + prefix: 7.4 + suffix: alpine - Dockerfile: Dockerfile-8.0 - suffix: 8.0 - - Dockerfile: Dockerfile-8.1 - suffix: 8.1 + version: 8.0 + prefix: 8.0 + platform: + - linux/amd64 + # - linux/arm64 + exclude: + - props: + Dockerfile: Dockerfile-7.4-alpine + - platform: linux/arm64 steps: - name: Checkout @@ -30,6 +40,7 @@ jobs: name: Add tag suffix if: matrix.props.suffix run: | + echo TAG_PREFIX="${{ matrix.props.prefix }}-" >> $GITHUB_ENV echo TAG_SUFFIX="-${{ matrix.props.suffix }}" >> $GITHUB_ENV - name: Docker meta @@ -44,6 +55,7 @@ jobs: type=semver,pattern={{major}} flavor: | latest=auto + prefix=${{ env.TAG_PREFIX }} suffix=${{ env.TAG_SUFFIX }} - name: Set up QEMU From 9515e919eba5e37a3dd08304ced3e164b88f252e Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 17:57:35 -0500 Subject: [PATCH 10/16] Test: updated to include platform, GH action support --- .github/workflows/ci.yml | 50 ++++------------------------- README.md | 16 +++------- test.sh | 69 +++++++++++++++++++++++----------------- 3 files changed, 50 insertions(+), 85 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad2d588..7a06be5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,13 +9,10 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - props: - - Dockerfile: Dockerfile-7.4 - version: 7.4 - - Dockerfile: Dockerfile-7.4-alpine - version: 7.4 - - Dockerfile: Dockerfile-8.0 - version: 8.0 + variant: + - 7.4 + - 7.4-alpine + - 8.0 platform: - linux/amd64 # - linux/arm64 @@ -55,40 +52,5 @@ jobs: docker run --privileged --rm tonistiigi/binfmt --install arm64,amd64 TARGET_PLATFORM=${{ matrix.platform }} - TARGET_DOCKERFILE=${{ matrix.props.Dockerfile }} - - # Since containers may or may not be against the same docker engine, create a matrix-unique tag name for outputs - TAG_NAME="docker-php-${TARGET_DOCKERFILE}-${TARGET_PLATFORM}" - # Formats as lowercase - TAG_NAME=$(echo $TAG_NAME | tr '[:upper:]' '[:lower:]') - # Removes slashes - TAG_NAME=$(echo $TAG_NAME | sed 's/\///') - - echo $TAG_NAME - - docker buildx build --platform $TARGET_PLATFORM --iidfile $TAG_NAME -t $TAG_NAME -f $TARGET_DOCKERFILE . - - # NOTE: multi-arch builds may not be accessible by docker tag, instead target by ID - BUILD_SHA=$(cat ./$TAG_NAME) - - # Remove sha256: from tag identifier - BUILD_SHA=$(echo $BUILD_SHA | sed 's/sha256\://') - - # Run various configurations of containers - CONTAINER_VANILLA=$(docker run --platform $TARGET_PLATFORM --rm -p 8080 -d $BUILD_SHA) - - # Retrieve dynamically-allocated host port - VANILLA_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_VANILLA) - - # Wait for containers to boot (in background) - sleep 5 - - TARGET_HOST=${{ env.TARGET_HOST }} - echo "HOSTING ${TARGET_HOST}" - - # Check for nginx test page response - curl ${TARGET_HOST}:${VANILLA_PORT} | grep "${{ env.TEST_MATCH }}" - - # Cleanup - docker kill $CONTAINER_VANILLA - docker rmi $BUILD_SHA + PHP_VARIANT=${{ matrix.variant }} + PLATFORM=${TARGET_PLATFORM} PHP_VARIANT=${PHP_VARIANT} ./test.sh $TARGET_HOST diff --git a/README.md b/README.md index 93e5e48..625a098 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,7 @@ Available on [Docker Hub](https://hub.docker.com/r/behance/docker-php/). ### Quick-start -- `docker run behance/docker-php:7.0 "php" "-v"` -- `docker run behance/docker-php:7.1 "php" "-v"` -- `docker run behance/docker-php:7.2 "php" "-v"` -- `docker run behance/docker-php:7.3-alpine "php" "-v"` -- `docker run behance/docker-php:7.3" "php" "-v"` +- `docker run behance/docker-php:7.4-alpine "php" "-v"` - `docker run behance/docker-php:7.4" "php" "-v"` - `docker run behance/docker-php:8.0" "php" "-v"` @@ -29,7 +25,7 @@ Adding startup logic, [basic](https://github.com/behance/docker-base#startuprunt - `PHP_MAJOR.PHP_MINOR`, required. Engine versions of PHP. ex. `docker-php:8.0` - `(Major.Minor.Patch)`, optional. Semantically versioned container provisioning code. ex. `docker-php:7.4-13.4.0`. -- `(-variant)`, optional. Alpine variants are slim versions of the container. ex. `docker-php:7.3-alpine`. +- `(-variant)`, optional. Alpine variants are slim versions of the container. ex. `docker-php:7.4-alpine`. ### Includes --- @@ -44,7 +40,6 @@ Adding startup logic, [basic](https://github.com/behance/docker-base#startuprunt For extension customization, including enabling and disabling defaults, see [here](https://github.com/behance/docker-php#downstream-configuration) `^` - not available on `-alpine` variant -`*` - not available on `7.2+` `~` - disabled by default - apcu @@ -63,7 +58,6 @@ For extension customization, including enabling and disabling defaults, see [her - intl - json - mbstring - - mcrypt * - memcache ^ - memcached - msgpack @@ -87,7 +81,7 @@ For extension customization, including enabling and disabling defaults, see [her - sysvsem - sysvshm - tokenizer - - xdebug ~,* + - xdebug ~ - xml - xmlreader - xmlwriter @@ -211,12 +205,12 @@ PHP_FPM_LOG_BUFFERING | PHP_FPM_LOG_BUFFERING=no | yes | PHP 7.3+ only [docs](ht ### Testing --- -- Requires `bash`, `docker`, `docker-compose`, and `dgoss` +- Requires `bash`, `docker`, and `dgoss` ([link](https://github.com/aelsabbahy/goss/blob/master/extras/dgoss/README.md)) To test locally, run `PHP_VARIANT=8.0 ./test.sh {docker engine IP}`. This will: -- Build a single container `PHP_VARIANT` (7.0, 7.1, 7.2, 7.3, 7.3-alpine, 7.4, 8.0) +- Build a single container `PHP_VARIANT` (ex. 7.4-alpine, 7.4, 8.0) - Leverages [Goss](https://goss.rocks) to confirm package, config, and extension installation - Validates a large file upload - Boots container with specific NewRelic configuration overrides diff --git a/test.sh b/test.sh index 19cedcc..d715607 100755 --- a/test.sh +++ b/test.sh @@ -12,7 +12,7 @@ set -o pipefail #----------------------------------------------------------------------- MACHINE=$1 -CONTAINER_PORT=8080 +INTERNAL_PORT=8080 PREFIX="==>" if [ -z "$1" ]; then @@ -32,67 +32,76 @@ DOCKERFILE_NAME="Dockerfile-${PHP_VARIANT}" # Removes suffix for -alpine variant if it has one PHP_VERSION=${PHP_VARIANT%"-alpine"} -DATE=`date '+%H-%M-%S'` -DOCKER_TAG="${PHP_VERSION}-${DATE}" -DOCKER_NAME="${VARIANT_NAME}-${DATE}" +TEST_STRING="PHP Version ${PHP_VERSION}." +PLATFORM="${PLATFORM:=linux/amd64}" + +# Since containers may or may not be against the same docker engine, create a matrix-unique tag name for outputs +TAG_NAME="docker-php-${VARIANT_NAME}-${PLATFORM}" +# Formats as lowercase +TAG_NAME=$(echo $TAG_NAME | tr '[:upper:]' '[:lower:]') +# Removes slashes +TAG_NAME=$(echo $TAG_NAME | sed 's/\///') + + +echo "${PREFIX} Variant ${VARIANT_NAME}" +echo "${PREFIX} PHP Version: ${PHP_VERSION}" +echo "${PREFIX} Dockerfile: ${DOCKERFILE_NAME}" +echo "${PREFIX} Tag ${TAG_NAME}" +echo "${PREFIX} Platform: ${PLATFORM}" + +printf "${PREFIX} Building container\n" + +docker buildx build --platform $PLATFORM --iidfile $TAG_NAME -t $TAG_NAME -f $DOCKERFILE_NAME . + +# NOTE: multi-arch builds may not be accessible by docker tag, instead target by ID +BUILD_SHA=$(cat ./$TAG_NAME) + +# Remove sha256: from tag identifier +BUILD_SHA=$(echo $BUILD_SHA | sed 's/sha256\://') + +printf "${PREFIX} Running container in background\n" +CONTAINER_ID=$(docker run --rm --platform $PLATFORM --env-file ./.test.env -p $INTERNAL_PORT -d $BUILD_SHA) +CONTAINER_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' $CONTAINER_ID) # ==> Cleanup routine -# CI environments are ephemeral, but local -# environments are not +# CI environments may be ephemeral, but local environments are not function finish { echo "${PREFIX} Cleaning up ephemeral resources, safe to ignore any failures" # Stop the container if it is running - docker kill $DOCKER_NAME 2>&1 > /dev/null + docker kill $CONTAINER_ID 2>&1 > /dev/null # Remove the tag if it exists - docker rmi -f $DOCKER_TAG 2>&1 > /dev/null + docker rmi -f $BUILD_SHA 2>&1 > /dev/null } trap finish EXIT - -echo "${PREFIX} Building out variant ${VARIANT_NAME}" -echo "${PREFIX} PHP Version: ${PHP_VERSION}" -echo "${PREFIX} Dockerfile: ${DOCKERFILE_NAME}, using temporary tag ${DOCKER_TAG}" - -printf "${PREFIX} Building the container\n" -docker build -t $DOCKER_TAG -f $DOCKERFILE_NAME . - -printf "${PREFIX} Running container in background\n" -docker run \ - --name=$DOCKER_NAME \ - --env-file=./.test.env \ - -p "${CONTAINER_PORT}:${CONTAINER_PORT}" \ - -d \ - -t "${DOCKER_TAG}:latest" - printf "${PREFIX} Waiting for container to boot\n" sleep 5 echo "${PREFIX} Check default response, including PHP version identification" -curl "${MACHINE}:${CONTAINER_PORT}" | grep "PHP Version ${PHP_VERSION}." +curl "${MACHINE}:${CONTAINER_PORT}" | grep "${TEST_STRING}" echo "${PREFIX} Create a random file to upload" dd if=/dev/zero of=tmp.txt count=100000 bs=1024 echo "${PREFIX} Send uploaded file" curl --form upload=@tmp.txt "${MACHINE}:${CONTAINER_PORT}" \ - | grep "PHP Version ${PHP_VERSION}." > /dev/null + | grep "${TEST_STRING}" > /dev/null echo "${PREFIX} Perform startup tests" GOSS_PATH=goss \ GOSS_SLEEP=5 \ GOSS_FILES_PATH="runtime-tests/startup/${PHP_VARIANT}/" \ -./dgoss run \ - "${DOCKER_TAG}:latest" +dgoss run --rm $BUILD_SHA echo "${PREFIX} Perform NewRelic runtime tests" GOSS_PATH=goss \ GOSS_FILES_PATH="runtime-tests/newrelic/${PHP_VARIANT}/" \ -./dgoss run \ +dgoss run \ -e REPLACE_NEWRELIC_APP="abcdefg" \ -e REPLACE_NEWRELIC_LICENSE="hijklmno" \ -e NEWRELIC_TRACING_ENABLED="true" \ -e NEWRELIC_LOGLEVEL="verbosedebug" \ -e NEWRELIC_SPECIAL="debug_autorum" \ - "${DOCKER_TAG}:latest" + $BUILD_SHA From a2bab27e884896e03cabe22c16fb0fa7b57c9d08 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 22:20:20 -0500 Subject: [PATCH 11/16] Travis: fix dgoss, goss install --- .travis.yml | 11 +++++++---- test.sh | 5 +++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3085780..3606ed5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,13 @@ sudo: required env: - - PHP_VARIANT=7.4-alpine - - PHP_VARIANT=7.4 - - PHP_VARIANT=8.0 - - PHP_VARIANT=8.1 + global: + - GOSS_INSTALL_PATH="./" + jobs: + - PHP_VARIANT=7.4-alpine + - PHP_VARIANT=7.4 + - PHP_VARIANT=8.0 + - PHP_VARIANT=8.1 services: - docker diff --git a/test.sh b/test.sh index d715607..e7d8f23 100755 --- a/test.sh +++ b/test.sh @@ -72,6 +72,7 @@ function finish { # Remove the tag if it exists docker rmi -f $BUILD_SHA 2>&1 > /dev/null + rm ./$TAG_NAME } trap finish EXIT @@ -93,12 +94,12 @@ echo "${PREFIX} Perform startup tests" GOSS_PATH=goss \ GOSS_SLEEP=5 \ GOSS_FILES_PATH="runtime-tests/startup/${PHP_VARIANT}/" \ -dgoss run --rm $BUILD_SHA +"${GOSS_INSTALL_PATH}dgoss" run --rm $BUILD_SHA echo "${PREFIX} Perform NewRelic runtime tests" GOSS_PATH=goss \ GOSS_FILES_PATH="runtime-tests/newrelic/${PHP_VARIANT}/" \ -dgoss run \ +"${GOSS_INSTALL_PATH}dgoss" run \ -e REPLACE_NEWRELIC_APP="abcdefg" \ -e REPLACE_NEWRELIC_LICENSE="hijklmno" \ -e NEWRELIC_TRACING_ENABLED="true" \ From 68ada62e58cd66d4f172afc36a258f902bcf1a95 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Thu, 16 Dec 2021 22:29:52 -0500 Subject: [PATCH 12/16] Travis: removed wrong variant Goss: removed/fixed test paths --- .travis.yml | 1 - runtime-tests/newrelic/7.0/goss.yaml | 11 ----------- runtime-tests/newrelic/7.1/goss.yaml | 11 ----------- runtime-tests/newrelic/7.2/goss.yaml | 11 ----------- runtime-tests/newrelic/7.3/goss.yaml | 11 ----------- .../newrelic/{7.3-alpine => 7.4-alpine}/goss.yaml | 0 runtime-tests/startup/7.0/goss.yaml | 6 ------ runtime-tests/startup/7.1/goss.yaml | 6 ------ runtime-tests/startup/7.2/goss.yaml | 6 ------ runtime-tests/startup/7.3/goss.yaml | 6 ------ .../startup/{7.3-alpine => 7.4-alpine}/goss.yaml | 0 11 files changed, 69 deletions(-) delete mode 100644 runtime-tests/newrelic/7.0/goss.yaml delete mode 100644 runtime-tests/newrelic/7.1/goss.yaml delete mode 100644 runtime-tests/newrelic/7.2/goss.yaml delete mode 100644 runtime-tests/newrelic/7.3/goss.yaml rename runtime-tests/newrelic/{7.3-alpine => 7.4-alpine}/goss.yaml (100%) delete mode 100644 runtime-tests/startup/7.0/goss.yaml delete mode 100644 runtime-tests/startup/7.1/goss.yaml delete mode 100644 runtime-tests/startup/7.2/goss.yaml delete mode 100644 runtime-tests/startup/7.3/goss.yaml rename runtime-tests/startup/{7.3-alpine => 7.4-alpine}/goss.yaml (100%) diff --git a/.travis.yml b/.travis.yml index 3606ed5..17565a0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,6 @@ env: - PHP_VARIANT=7.4-alpine - PHP_VARIANT=7.4 - PHP_VARIANT=8.0 - - PHP_VARIANT=8.1 services: - docker diff --git a/runtime-tests/newrelic/7.0/goss.yaml b/runtime-tests/newrelic/7.0/goss.yaml deleted file mode 100644 index 599b143..0000000 --- a/runtime-tests/newrelic/7.0/goss.yaml +++ /dev/null @@ -1,11 +0,0 @@ -file: - /etc/php/7.0/mods-available/newrelic.ini: - exists: true - mode: "0644" - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/^newrelic.transaction_tracer.enabled = true/' - - '/^newrelic.distributed_tracing_enabled = true/' - - '/^newrelic.loglevel = \"verbosedebug\"/' - - '/^newrelic.daemon.loglevel = \"verbosedebug\"/' - - '/^newrelic.special=debug_autorum/' diff --git a/runtime-tests/newrelic/7.1/goss.yaml b/runtime-tests/newrelic/7.1/goss.yaml deleted file mode 100644 index 0803258..0000000 --- a/runtime-tests/newrelic/7.1/goss.yaml +++ /dev/null @@ -1,11 +0,0 @@ -file: - /etc/php/7.1/mods-available/newrelic.ini: - exists: true - mode: "0644" - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/^newrelic.transaction_tracer.enabled = true/' - - '/^newrelic.distributed_tracing_enabled = true/' - - '/^newrelic.loglevel = \"verbosedebug\"/' - - '/^newrelic.daemon.loglevel = \"verbosedebug\"/' - - '/^newrelic.special=debug_autorum/' diff --git a/runtime-tests/newrelic/7.2/goss.yaml b/runtime-tests/newrelic/7.2/goss.yaml deleted file mode 100644 index d02e082..0000000 --- a/runtime-tests/newrelic/7.2/goss.yaml +++ /dev/null @@ -1,11 +0,0 @@ -file: - /etc/php/7.2/mods-available/newrelic.ini: - exists: true - mode: "0644" - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/^newrelic.transaction_tracer.enabled = true/' - - '/^newrelic.distributed_tracing_enabled = true/' - - '/^newrelic.loglevel = \"verbosedebug\"/' - - '/^newrelic.daemon.loglevel = \"verbosedebug\"/' - - '/^newrelic.special=debug_autorum/' diff --git a/runtime-tests/newrelic/7.3/goss.yaml b/runtime-tests/newrelic/7.3/goss.yaml deleted file mode 100644 index 29b4b5c..0000000 --- a/runtime-tests/newrelic/7.3/goss.yaml +++ /dev/null @@ -1,11 +0,0 @@ -file: - /etc/php/7.3/mods-available/newrelic.ini: - exists: true - mode: "0644" - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/^newrelic.transaction_tracer.enabled = true/' - - '/^newrelic.distributed_tracing_enabled = true/' - - '/^newrelic.loglevel = \"verbosedebug\"/' - - '/^newrelic.daemon.loglevel = \"verbosedebug\"/' - - '/^newrelic.special=debug_autorum/' diff --git a/runtime-tests/newrelic/7.3-alpine/goss.yaml b/runtime-tests/newrelic/7.4-alpine/goss.yaml similarity index 100% rename from runtime-tests/newrelic/7.3-alpine/goss.yaml rename to runtime-tests/newrelic/7.4-alpine/goss.yaml diff --git a/runtime-tests/startup/7.0/goss.yaml b/runtime-tests/startup/7.0/goss.yaml deleted file mode 100644 index 3d3337e..0000000 --- a/runtime-tests/startup/7.0/goss.yaml +++ /dev/null @@ -1,6 +0,0 @@ -file: - /goss/docker_output.log: - exists: true - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/legacy filtered stdout/' diff --git a/runtime-tests/startup/7.1/goss.yaml b/runtime-tests/startup/7.1/goss.yaml deleted file mode 100644 index 3d3337e..0000000 --- a/runtime-tests/startup/7.1/goss.yaml +++ /dev/null @@ -1,6 +0,0 @@ -file: - /goss/docker_output.log: - exists: true - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/legacy filtered stdout/' diff --git a/runtime-tests/startup/7.2/goss.yaml b/runtime-tests/startup/7.2/goss.yaml deleted file mode 100644 index 3d3337e..0000000 --- a/runtime-tests/startup/7.2/goss.yaml +++ /dev/null @@ -1,6 +0,0 @@ -file: - /goss/docker_output.log: - exists: true - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/legacy filtered stdout/' diff --git a/runtime-tests/startup/7.3/goss.yaml b/runtime-tests/startup/7.3/goss.yaml deleted file mode 100644 index 7c10162..0000000 --- a/runtime-tests/startup/7.3/goss.yaml +++ /dev/null @@ -1,6 +0,0 @@ -file: - /goss/docker_output.log: - exists: true - filetype: file # file, symlink, directory - contains: # Check file content for these patterns - - '/launching...$/' diff --git a/runtime-tests/startup/7.3-alpine/goss.yaml b/runtime-tests/startup/7.4-alpine/goss.yaml similarity index 100% rename from runtime-tests/startup/7.3-alpine/goss.yaml rename to runtime-tests/startup/7.4-alpine/goss.yaml From c38453cf5d442a1b02ab63d16cfb7832c303f471 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Fri, 17 Dec 2021 11:01:21 -0500 Subject: [PATCH 13/16] Publish: setting up tags --- .github/workflows/publish.yml | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ead1151..5299420 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,35 +12,26 @@ jobs: IMAGE_BASE: behance/docker-php strategy: matrix: - props: # Variant distributions all have semantic versions + PHP version + suffix (ex. 3.2.1-alpine) props: - - Dockerfile: Dockerfile-7.4 - version: 7.4 - prefix: 7.4 - Dockerfile: Dockerfile-7.4-alpine - version: 7.4 - prefix: 7.4 + version: "7.4" suffix: alpine + platforms: linux/amd64 + - Dockerfile: Dockerfile-7.4 + version: "7.4" + platforms: linux/amd64,linux/arm64 - Dockerfile: Dockerfile-8.0 - version: 8.0 - prefix: 8.0 - platform: - - linux/amd64 - # - linux/arm64 - exclude: - - props: - Dockerfile: Dockerfile-7.4-alpine - - platform: linux/arm64 + version: "8.0" + platforms: linux/amd64,linux/arm64 steps: - name: Checkout uses: actions/checkout@v2 - - name: Add tag suffix + name: Add tag suffix if one exists if: matrix.props.suffix run: | - echo TAG_PREFIX="${{ matrix.props.prefix }}-" >> $GITHUB_ENV echo TAG_SUFFIX="-${{ matrix.props.suffix }}" >> $GITHUB_ENV - name: Docker meta @@ -50,12 +41,12 @@ jobs: with: images: ${{ env.IMAGE_BASE }} tags: | - type=semver,pattern={{major}}.{{minor}}.{{patch}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} + type=raw,priority=100,value=${{ matrix.props.version }} + type=semver,priority=200,prefix=${{ matrix.props.version }}-,pattern={{major}} + type=semver,priority=300,prefix=${{ matrix.props.version }}-,pattern={{major}}.{{minor}} + type=semver,priority=400,prefix=${{ matrix.props.version }}-,pattern={{major}}.{{minor}}.{{patch}} flavor: | latest=auto - prefix=${{ env.TAG_PREFIX }} suffix=${{ env.TAG_SUFFIX }} - name: Set up QEMU @@ -75,7 +66,7 @@ jobs: uses: docker/build-push-action@v2 with: context: . - platforms: linux/amd64,linux/arm64 + platforms: ${{ matrix.props.platforms }} file: ${{ matrix.props.Dockerfile }} tags: ${{ steps.meta.outputs.tags }} push: ${{ github.event_name != 'pull_request' }} From e274b669245c564188f22dd49f8fb04ce1b8477a Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Fri, 17 Dec 2021 13:30:27 -0500 Subject: [PATCH 14/16] Review: updates for comments - Converted composer install to script, added test - Newrelic compile cp -a - Newrelic daemon test --- Dockerfile-7.4 | 3 +-- Dockerfile-7.4-alpine | 3 +-- Dockerfile-8.0 | 3 +-- container/root/tests/php-fpm/base.goss.yaml | 9 +++++++-- scripts/install-composer.sh | 20 ++++++++++++++++++++ scripts/install-newrelic-alpine.sh | 2 +- 6 files changed, 31 insertions(+), 9 deletions(-) create mode 100644 scripts/install-composer.sh diff --git a/Dockerfile-7.4 b/Dockerfile-7.4 index f6175f6..94eed84 100644 --- a/Dockerfile-7.4 +++ b/Dockerfile-7.4 @@ -83,6 +83,7 @@ RUN /bin/bash -e /security_updates.sh && \ golang \ && \ /bin/bash -e /scripts/install-newrelic-ubuntu.sh && \ + /bin/bash -e /scripts/install-composer.sh && \ /scripts/pecl-install.sh \ igbinary \ memcached \ @@ -101,8 +102,6 @@ RUN /bin/bash -e /security_updates.sh && \ yaml \ xdebug \ && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ apt-get remove --purge -yq \ build-essential \ cpp \ diff --git a/Dockerfile-7.4-alpine b/Dockerfile-7.4-alpine index 6989b18..97a6e7c 100644 --- a/Dockerfile-7.4-alpine +++ b/Dockerfile-7.4-alpine @@ -114,8 +114,7 @@ RUN apk update && \ sed -i 's/extension/;extension/' $CONF_PHPMODS/00_pgsql.ini \ && \ /bin/bash -e /scripts/install-newrelic-alpine.sh && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ + /bin/bash -e /scripts/install-composer.sh && \ apk del .phpize_deps && \ # rm -rf /usr/share/php7 && \ /bin/bash -e /clean.sh diff --git a/Dockerfile-8.0 b/Dockerfile-8.0 index f1708f0..cd91224 100644 --- a/Dockerfile-8.0 +++ b/Dockerfile-8.0 @@ -84,6 +84,7 @@ RUN /bin/bash -e /security_updates.sh && \ golang \ && \ /bin/bash -e /scripts/install-newrelic-ubuntu.sh && \ + /bin/bash -e /scripts/install-composer.sh && \ phpenmod \ memcached \ igbinary \ @@ -96,8 +97,6 @@ RUN /bin/bash -e /security_updates.sh && \ yaml \ xdebug \ && \ - curl -sS https://getcomposer.org/installer | php && \ - mv composer.phar /usr/local/bin/composer && \ apt-get remove --purge -yq \ build-essential \ cpp \ diff --git a/container/root/tests/php-fpm/base.goss.yaml b/container/root/tests/php-fpm/base.goss.yaml index 817e1c9..2a950b1 100644 --- a/container/root/tests/php-fpm/base.goss.yaml +++ b/container/root/tests/php-fpm/base.goss.yaml @@ -158,7 +158,12 @@ command: php -n -d zend_extension=xdebug.so --ri xdebug: exit-status: 0 stderr: ['!/./'] - + composer about: + exit-status: 0 + stdout: ['/Composer - Dependency Manager for PHP/'] + newrelic-daemon -v: + exit-status: 0 + stdout: ['/New Relic daemon/'] file: {{ .Env.CONF_FPMPOOL }}: exists: true @@ -205,4 +210,4 @@ file: - '/^opcache.file_cache=\${PHP_OPCACHE_FILE_CACHE}/' - '/^opcache.enable_cli=\${PHP_OPCACHE_ENABLE_CLI}/' - '/^opcache.preload_user=\${NOT_ROOT_USER}/' - - '/^opcache.preload=\${PHP_OPCACHE_PRELOAD}/' \ No newline at end of file + - '/^opcache.preload=\${PHP_OPCACHE_PRELOAD}/' diff --git a/scripts/install-composer.sh b/scripts/install-composer.sh new file mode 100644 index 0000000..1a3e0c4 --- /dev/null +++ b/scripts/install-composer.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')" +php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" +ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" + +if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ] +then + >&2 echo 'ERROR: Invalid installer checksum' + rm composer-setup.php + exit 1 +fi + +php composer-setup.php --quiet +RESULT=$? +rm composer-setup.php + +mv composer.phar /usr/local/bin/composer + +exit $RESULT diff --git a/scripts/install-newrelic-alpine.sh b/scripts/install-newrelic-alpine.sh index 6d0c6cd..6d75bbc 100644 --- a/scripts/install-newrelic-alpine.sh +++ b/scripts/install-newrelic-alpine.sh @@ -43,7 +43,7 @@ make all mkdir -p /var/log/newrelic chmod 777 /var/log/newrelic cp agent/scripts/newrelic.ini.template "${CONF_PHPMODS}"/newrelic.ini -cp bin/daemon /usr/bin/newrelic-daemon +cp -a bin/daemon /usr/bin/newrelic-daemon # Cleanup script-specific packages apk del .newrelic_deps From c5a20a2a9f6b8eebe018e11f070da3801e175355 Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Fri, 17 Dec 2021 17:00:54 -0500 Subject: [PATCH 15/16] Newrelic: install and compilation artifact clean --- scripts/install-newrelic-alpine.sh | 8 ++++++-- scripts/install-newrelic-ubuntu.sh | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/install-newrelic-alpine.sh b/scripts/install-newrelic-alpine.sh index 6d75bbc..0cd223d 100644 --- a/scripts/install-newrelic-alpine.sh +++ b/scripts/install-newrelic-alpine.sh @@ -22,7 +22,7 @@ if [[ "$ARCH" == "x64" ]]; then exit 0 fi -echo "[newrelic] arm64 detected, compiling from source" +echo "[newrelic] arm64 detected, compiling from source: NOT CURRENTLY WORKING" cd /root git clone https://github.com/newrelic/newrelic-php-agent cd newrelic-php-agent @@ -39,11 +39,15 @@ apk add --no-cache --virtual .newrelic_deps \ make make all +make agent-install +mv bin/daemon /usr/bin/newrelic-daemon mkdir -p /var/log/newrelic chmod 777 /var/log/newrelic cp agent/scripts/newrelic.ini.template "${CONF_PHPMODS}"/newrelic.ini -cp -a bin/daemon /usr/bin/newrelic-daemon # Cleanup script-specific packages apk del .newrelic_deps + +# Delete compilation directory, no longer needed +rm -rf /root/newrelic-php-agent diff --git a/scripts/install-newrelic-ubuntu.sh b/scripts/install-newrelic-ubuntu.sh index cc7f231..bafb008 100644 --- a/scripts/install-newrelic-ubuntu.sh +++ b/scripts/install-newrelic-ubuntu.sh @@ -29,8 +29,12 @@ git clone https://github.com/newrelic/newrelic-php-agent cd newrelic-php-agent make all +make agent-install +mv bin/daemon /usr/bin/newrelic-daemon mkdir -p /var/log/newrelic chmod 777 /var/log/newrelic cp agent/scripts/newrelic.ini.template "${CONF_PHPMODS}"/newrelic.ini -cp bin/daemon /usr/bin/newrelic-daemon + +# Delete compilation directory, no longer needed +rm -rf /root/newrelic-php-agent From f7260af6e85d7d655f6b3535e06847d2352febfa Mon Sep 17 00:00:00 2001 From: Bryan Latten Date: Fri, 17 Dec 2021 17:40:30 -0500 Subject: [PATCH 16/16] README: add release management --- README.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 625a098..1bbf6ac 100644 --- a/README.md +++ b/README.md @@ -215,5 +215,26 @@ This will: - Validates a large file upload - Boots container with specific NewRelic configuration overrides -The test matrix is run automatically per pull request on Travis CI. +### Release Management +Github actions provide the machinery for testing (ci.yaml) and producing tags distributed through Docker Hub (publish.yaml). Testing will confirm that `nginx` is able to serve content in various configurations, but also that it can terminate TLS with self-signed certificates. Once a tested and approved PR is merged, simply cutting a new semantically-versioned tag will generate the a matrix of tagged builds. See Container tag scheme above. + +Platform support is available for multiple architectures: +- `linux/amd64`: Ubuntu and Alpine variants +- `linux/arm64`: Ubuntu variants-only + +To add new variant based on a new Dockerfile, add an entry to `matrix.props` within `./github/workflows` YAML files. + +### Github Actions: Simulation + +docker-nginx uses Github Actions for CI/CD. Simulated workflows can be achieved locally with `act`. All commands must be executes from repository root. + +Pre-reqs: tested on Mac +1. [Docker Desktop](https://www.docker.com/products/docker-desktop) +1. [act](https://github.com/nektos/act) + +Pull request simulation: executes successfully, but only on ARM devices (ex. Apple M1). ARM emulation through QEMU on X64 machines does not implement the full kernel functionality required by nginx at this time. +- `act pull_request` + +Publish simulation: executes, but fails (intentionally) without credentials +- `act`