From 9ab01af3a13446b4ddff14b3ea0fb72d48bd5f88 Mon Sep 17 00:00:00 2001 From: Pascal Date: Fri, 29 Jun 2018 21:14:33 +0200 Subject: [PATCH 01/46] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e2dcd7a..e71ed6c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN wget --no-check-certificate https://release.larsjung.de/h5ai/h5ai-${H5AI_VER COPY class-setup.php.patch class-setup.php.patch RUN patch -p1 -u -d /usr/share/h5ai/_h5ai/private/php/core/ -i /class-setup.php.patch && rm class-setup.php.patch -FROM alpine:latest +FROM alpine:3.6 LABEL maintainer "benj.saiz@gmail.com" From 3783a0f72098595c92f3a9c67fe7b5489170e894 Mon Sep 17 00:00:00 2001 From: pad Date: Wed, 4 Jul 2018 10:18:23 +0200 Subject: [PATCH 02/46] cleanup --- Dockerfile | 13 +++++++------ entrypoint.sh => slash/entrypoint.sh | 0 nginx.conf => slash/etc/nginx/nginx.conf | 0 php-fpm.conf => slash/etc/php7/php-fpm.conf | 0 4 files changed, 7 insertions(+), 6 deletions(-) rename entrypoint.sh => slash/entrypoint.sh (100%) rename nginx.conf => slash/etc/nginx/nginx.conf (100%) rename php-fpm.conf => slash/etc/php7/php-fpm.conf (100%) diff --git a/Dockerfile b/Dockerfile index 9a40e36..d10d6d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,22 +13,23 @@ RUN apt-get update \ && npm audit fix \ && npm run build -COPY class-setup.php.patch class-setup.php.patch -RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch && rm class-setup.php.patch +COPY class-setup.php.patch /class-setup.php.patch +RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ + && rm /class-setup.php.patch FROM alpine:3.6 LABEL maintainer "benj.saiz@gmail.com" RUN apk add --no-cache \ - nginx ffmpeg graphicsmagick \ + nginx \ + ffmpeg \ + graphicsmagick \ php7-fpm php7-curl php7-iconv php7-xml php7-dom php7-json php7-zlib php7-session php7-gd COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai -COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY nginx.conf /etc/nginx/nginx.conf -COPY entrypoint.sh /entrypoint.sh +COPY slash/ / RUN chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ && \ chown nginx:www-data /usr/share/h5ai/_h5ai/private/cache/ diff --git a/entrypoint.sh b/slash/entrypoint.sh similarity index 100% rename from entrypoint.sh rename to slash/entrypoint.sh diff --git a/nginx.conf b/slash/etc/nginx/nginx.conf similarity index 100% rename from nginx.conf rename to slash/etc/nginx/nginx.conf diff --git a/php-fpm.conf b/slash/etc/php7/php-fpm.conf similarity index 100% rename from php-fpm.conf rename to slash/etc/php7/php-fpm.conf From b56cd923e2877b5c158bc460df1688a0ef394b05 Mon Sep 17 00:00:00 2001 From: Pascal Date: Fri, 6 Jul 2018 17:01:01 +0200 Subject: [PATCH 03/46] Update Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 132f4dc..b0b0bba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,6 +33,7 @@ COPY slash/ / RUN sed -i '/txt;$/ a text/plain cfg;' /etc/nginx/mime.types \ && sed -i '/txt;$/ a text/plain ini;' /etc/nginx/mime.types \ + && sed -i '/txt;$/ a text/plain nfo;' /etc/nginx/mime.types \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ && chown nginx:www-data /usr/share/h5ai/_h5ai/private/cache/ From 0b7b3a1a831df312c43c0647133dd5a2d4bb1daa Mon Sep 17 00:00:00 2001 From: Pascal Date: Fri, 6 Jul 2018 17:04:09 +0200 Subject: [PATCH 04/46] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7e90af5..4e85208 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ [h5ai project](https://larsjung.de/h5ai/) +[![Layers](https://images.microbadger.com/badges/image/pad92/docker-h5ai.svg)](https://microbadger.com/images/pad92/docker-h5ai) [![GitHub issues](https://img.shields.io/github/issues/pad92/docker-docker-h5ai.svg)](https://github.com/pad92/docker-docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) + ``` docker container run -it -p 80:80 -v $PWD/sharing-file:/share akit042/docker-h5ai ``` From b2fee3b720dd2668e445259e9f1da1b1645c4207 Mon Sep 17 00:00:00 2001 From: pad Date: Fri, 6 Jul 2018 17:13:43 +0200 Subject: [PATCH 05/46] format and send nginx log to std(out|err) --- Dockerfile | 7 +++++-- slash/etc/nginx/nginx.conf | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index ade3287..3e633ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,8 +31,11 @@ COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / -RUN sed -i '/txt;$/ a text/plain cfg;' /etc/nginx/mime.types \ - && sed -i '/txt;$/ a text/plain ini;' /etc/nginx/mime.types \ +RUN sed -i '/txt;$/ a text/plain cfg;' /etc/nginx/mime.types \ + && sed -i '/txt;$/ a text/plain ini;' /etc/nginx/mime.types \ + && ln -sf /dev/stderr /var/log/fpm-php.www.log \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ && chown nginx:www-data /usr/share/h5ai/_h5ai/private/cache/ diff --git a/slash/etc/nginx/nginx.conf b/slash/etc/nginx/nginx.conf index fa8e2be..6e30d22 100644 --- a/slash/etc/nginx/nginx.conf +++ b/slash/etc/nginx/nginx.conf @@ -11,7 +11,16 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - access_log off; + log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '"$host" sn="$server_name" ' + 'rt=$request_time ' + 'ua="$upstream_addr" us="$upstream_status" ' + 'ut="$upstream_response_time" ul="$upstream_response_length" ' + 'cs=$upstream_cache_status' ; + + access_log /var/log/nginx/access.log main_ext; error_log /var/log/nginx/error.log error; sendfile on; @@ -56,8 +65,8 @@ http { try_files $uri $uri/ =404; location /_h5ai { - root /usr/share/h5ai/; - location /_h5ai/public/index.php { + root /usr/share/h5ai/; + location /_h5ai/public/index.php { try_files $uri =404; fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm.sock; @@ -67,4 +76,3 @@ http { } } } - From 494e03588460687536969434d8bfaab8d90dd5d0 Mon Sep 17 00:00:00 2001 From: Pascal Date: Fri, 6 Jul 2018 21:24:59 +0200 Subject: [PATCH 06/46] alpine:3.8 ! --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fe9d11e..f7d33b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer "benj.saiz@gmail.com" From 016f266c75c830ce5f060d9e77749f923892751c Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Sat, 7 Jul 2018 23:24:56 +0200 Subject: [PATCH 07/46] overhide mime.types package file --- Dockerfile | 5 +- slash/etc/nginx/mime.types | 97 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 4 deletions(-) create mode 100644 slash/etc/nginx/mime.types diff --git a/Dockerfile b/Dockerfile index f7d33b2..56b4f4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,10 +31,7 @@ COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / -RUN sed -i '/txt;$/ a text/plain cfg;' /etc/nginx/mime.types \ - && sed -i '/txt;$/ a text/plain ini;' /etc/nginx/mime.types \ - && sed -i '/txt;$/ a text/plain nfo;' /etc/nginx/mime.types \ - && ln -sf /dev/stderr /var/log/fpm-php.www.log \ +RUN ln -sf /dev/stderr /var/log/fpm-php.www.log \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ diff --git a/slash/etc/nginx/mime.types b/slash/etc/nginx/mime.types new file mode 100644 index 0000000..d721105 --- /dev/null +++ b/slash/etc/nginx/mime.types @@ -0,0 +1,97 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt nfo ini; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} From cefaa716118427eeee15ed117572111b1fdf7ec0 Mon Sep 17 00:00:00 2001 From: Pascal Date: Sat, 7 Jul 2018 23:27:42 +0200 Subject: [PATCH 08/46] add md ( rfc7763 ) --- slash/etc/nginx/mime.types | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slash/etc/nginx/mime.types b/slash/etc/nginx/mime.types index d721105..c02810c 100644 --- a/slash/etc/nginx/mime.types +++ b/slash/etc/nginx/mime.types @@ -1,4 +1,3 @@ - types { text/html html htm shtml; text/css css; @@ -11,6 +10,7 @@ types { text/mathml mml; text/plain txt nfo ini; + text/markdown md; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; From 92afdfe0c1e0541eee5035e636a3821d1a3e87a4 Mon Sep 17 00:00:00 2001 From: Pascal Date: Sat, 7 Jul 2018 23:43:18 +0200 Subject: [PATCH 09/46] add label --- Dockerfile | 10 +++++++++- README.md | 14 +++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 56b4f4c..71dc09b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,15 @@ RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patc FROM alpine:3.8 -LABEL maintainer "benj.saiz@gmail.com" +LABEL maintainer="pad92" \ + org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.version=$H5AI_VERSION \ + org.label-schema.vcs-url="https://github.com/pad92/docker-h5ai.git" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.docker.dockerfile="/Dockerfile" \ + org.label-schema.description="h5ai on alpine docker image" \ + org.label-schema.schema-version="1.0" RUN apk add --no-cache \ nginx \ diff --git a/README.md b/README.md index 4e85208..cc160ad 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,23 @@ [![Layers](https://images.microbadger.com/badges/image/pad92/docker-h5ai.svg)](https://microbadger.com/images/pad92/docker-h5ai) [![GitHub issues](https://img.shields.io/github/issues/pad92/docker-docker-h5ai.svg)](https://github.com/pad92/docker-docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) +# Usage + +## Commun + ``` -docker container run -it -p 80:80 -v $PWD/sharing-file:/share akit042/docker-h5ai +docker container run -it -p 80:80 \ + -v $PWD/sharing-file:/share \ + pad92/docker-h5ai ``` -for overide options.json +## With custom h5ai options + +For overide [options.json](https://raw.githubusercontent.com/lrsjng/h5ai/v0.29.0/src/_h5ai/private/conf/options.json) file is into `/usr/share/h5ai/_h5ai/private/conf/options.json` ``` docker container run -it -p 80:80 \ -v $PWD/sharing-file:/share \ -v $PWD/options.json:/usr/share/h5ai/_h5ai/private/conf/options.json \ - akit042/docker-h5ai + pad92/docker-h5ai ``` From a4b80cd2bcfbbb2844c597613c6dd46ebede9890 Mon Sep 17 00:00:00 2001 From: pad Date: Sun, 8 Jul 2018 10:18:45 +0200 Subject: [PATCH 10/46] add HEALTHCHECK --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 71dc09b..8cc08f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,6 +30,7 @@ LABEL maintainer="pad92" \ org.label-schema.schema-version="1.0" RUN apk add --no-cache \ + curl \ nginx \ ffmpeg \ graphicsmagick \ @@ -48,3 +49,4 @@ RUN ln -sf /dev/stderr /var/log/fpm-php.www.log \ EXPOSE 80 CMD ["/entrypoint.sh"] +HEALTHCHECK CMD curl --fail http://localhost/ || exit 1 From e214f3e2aab846a60a485ccbe27f435c4c9a4dce Mon Sep 17 00:00:00 2001 From: pad Date: Mon, 9 Jul 2018 11:00:25 +0200 Subject: [PATCH 11/46] fix labels --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8cc08f3..72ed4d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,4 @@ + FROM node:slim as builder ARG H5AI_VERSION=0.29.0 @@ -19,12 +20,14 @@ RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patc FROM alpine:3.8 +ARG H5AI_VERSION=0.29.0 + LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ org.label-schema.build-date=$BUILD_DATE \ org.label-schema.version=$H5AI_VERSION \ org.label-schema.vcs-url="https://github.com/pad92/docker-h5ai.git" \ - org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-ref=$BUILD_VCSREF \ org.label-schema.docker.dockerfile="/Dockerfile" \ org.label-schema.description="h5ai on alpine docker image" \ org.label-schema.schema-version="1.0" From ebc57662d8044a4013f767e7727c11bbab578837 Mon Sep 17 00:00:00 2001 From: Pascal Date: Mon, 9 Jul 2018 11:45:28 +0200 Subject: [PATCH 12/46] remove unused tags --- .gitlab-ci.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c5830f8..0d6d9e5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,8 +28,6 @@ build_image.default: - dev except: - tags - tags: - - tractor # Issue branches (^[0-9]+-.*]) # Strip branch name branch ID @@ -46,8 +44,6 @@ build_image.feature: - /^[0-9]+-.*$/ except: - tags - tags: - - tractor # Non Standard branches (^[a-zA-Z]+.*) # Strip branch name to 128 char max @@ -66,8 +62,6 @@ build_image.nonstd: - master - dev - tags - tags: - - tractor # TAGS build_image.tag: @@ -81,8 +75,6 @@ build_image.tag: - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" only: - tags - tags: - - tractor ### ## TAG IMAGE @@ -98,5 +90,3 @@ tag_image.latest: - master except: - tags - tags: - - tractor From ea3809cf5e7bb239c9670ffa3bcc353b0d38a0d3 Mon Sep 17 00:00:00 2001 From: pad Date: Mon, 9 Jul 2018 12:19:48 +0200 Subject: [PATCH 13/46] opti --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 72ed4d7..aff164f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM node:slim as builder -ARG H5AI_VERSION=0.29.0 +ENV H5AI_VERSION=0.29.0 RUN apt-get update \ && apt-get --no-install-recommends -y install \ @@ -20,8 +20,6 @@ RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patc FROM alpine:3.8 -ARG H5AI_VERSION=0.29.0 - LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ org.label-schema.build-date=$BUILD_DATE \ @@ -52,4 +50,4 @@ RUN ln -sf /dev/stderr /var/log/fpm-php.www.log \ EXPOSE 80 CMD ["/entrypoint.sh"] -HEALTHCHECK CMD curl --fail http://localhost/ || exit 1 +HEALTHCHECK CMD curl -I --fail http://localhost/ || exit 1 From 981bbf96eae10416bdf5d81943727830808052c4 Mon Sep 17 00:00:00 2001 From: Pascal Date: Mon, 9 Jul 2018 14:49:48 +0200 Subject: [PATCH 14/46] add cfg --- slash/etc/nginx/mime.types | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slash/etc/nginx/mime.types b/slash/etc/nginx/mime.types index c02810c..0b7e927 100644 --- a/slash/etc/nginx/mime.types +++ b/slash/etc/nginx/mime.types @@ -9,7 +9,7 @@ types { application/rss+xml rss; text/mathml mml; - text/plain txt nfo ini; + text/plain txt nfo ini cfg; text/markdown md; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; From 36ae053e60bd5889a2d4b83e180d73349759ee04 Mon Sep 17 00:00:00 2001 From: Pascal Date: Tue, 10 Jul 2018 16:35:57 +0200 Subject: [PATCH 15/46] fix php7 error log --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index aff164f..068238a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ - FROM node:slim as builder ENV H5AI_VERSION=0.29.0 @@ -41,7 +40,7 @@ COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / -RUN ln -sf /dev/stderr /var/log/fpm-php.www.log \ +RUN ln -sf /dev/stderr /var/log/php7/error.log \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ From c479eeab6625d764c8a5ee947535b876ef38f1e5 Mon Sep 17 00:00:00 2001 From: Pascal Date: Tue, 20 Nov 2018 11:18:34 +0100 Subject: [PATCH 16/46] Reduce memory usage/cache --- Dockerfile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 068238a..f11dd13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,8 +34,18 @@ RUN apk add --no-cache \ nginx \ ffmpeg \ graphicsmagick \ - php7-fpm php7-curl php7-iconv php7-xml php7-dom php7-json php7-zip php7-session php7-gd - + php7 \ + php7-fileinfo \ + php7-fpm \ + php7-json \ + php7-mbstring \ + php7-openssl \ + php7-session \ + php7-simplexml \ + php7-xml \ + php7-xmlwriter \ + php7-zlib + COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / From 579ded6c4e66e0433602da87b01df81e8868a9ba Mon Sep 17 00:00:00 2001 From: pad Date: Tue, 20 Nov 2018 11:42:58 +0100 Subject: [PATCH 17/46] :zap: cleanup dependencies --- Dockerfile | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index f11dd13..b524bb8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,20 +32,18 @@ LABEL maintainer="pad92" \ RUN apk add --no-cache \ curl \ nginx \ - ffmpeg \ - graphicsmagick \ php7 \ - php7-fileinfo \ - php7-fpm \ - php7-json \ - php7-mbstring \ - php7-openssl \ - php7-session \ - php7-simplexml \ - php7-xml \ - php7-xmlwriter \ - php7-zlib - + php7-fileinfo \ + php7-fpm \ + php7-json \ + php7-mbstring \ + php7-openssl \ + php7-session \ + php7-simplexml \ + php7-xml \ + php7-xmlwriter \ + php7-zlib + COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / From 06d31b8b5445bf3692c5bf4289f1d4b91f82baf1 Mon Sep 17 00:00:00 2001 From: Pascal Date: Tue, 20 Nov 2018 12:00:10 +0100 Subject: [PATCH 18/46] Update .gitlab-ci.yml --- .gitlab-ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d6d9e5..adcd1c2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -21,11 +21,10 @@ build_image.default: --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" only: - master - - dev except: - tags From 939c9675dd889ee9bacfd26e98f845e18e23204c Mon Sep 17 00:00:00 2001 From: Pascal Date: Thu, 3 Jan 2019 15:28:25 +0100 Subject: [PATCH 19/46] add imagick --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index b524bb8..4080133 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,7 @@ RUN apk add --no-cache \ php7 \ php7-fileinfo \ php7-fpm \ + php7-imagick \ php7-json \ php7-mbstring \ php7-openssl \ @@ -44,6 +45,7 @@ RUN apk add --no-cache \ php7-xmlwriter \ php7-zlib + COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / From 5c6fb1b3ebfdc4b1999946d35433b4d94a171fac Mon Sep 17 00:00:00 2001 From: Pascal Date: Thu, 3 Jan 2019 16:46:59 +0100 Subject: [PATCH 20/46] add missing lib --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4080133..bfa5fe1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,10 +31,13 @@ LABEL maintainer="pad92" \ RUN apk add --no-cache \ curl \ + ffmpeg \ nginx \ php7 \ + php7-exif \ php7-fileinfo \ php7-fpm \ + php7-gd \ php7-imagick \ php7-json \ php7-mbstring \ @@ -43,8 +46,8 @@ RUN apk add --no-cache \ php7-simplexml \ php7-xml \ php7-xmlwriter \ - php7-zlib - + php7-zlib \ + zip COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai From 7711d5de03d7799186f5963742c503631f876c35 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Thu, 3 Jan 2019 17:11:40 +0100 Subject: [PATCH 21/46] migrate to supervisord --- Dockerfile | 5 +++-- slash/entrypoint.sh | 3 --- slash/etc/supervisor/conf.d/supervisord.conf | 8 ++++++++ 3 files changed, 11 insertions(+), 5 deletions(-) delete mode 100755 slash/entrypoint.sh create mode 100644 slash/etc/supervisor/conf.d/supervisord.conf diff --git a/Dockerfile b/Dockerfile index bfa5fe1..9e6313d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,8 @@ RUN apk add --no-cache \ php7-xml \ php7-xmlwriter \ php7-zlib \ - zip + zip \ + supervisor COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai @@ -61,5 +62,5 @@ RUN ln -sf /dev/stderr /var/log/php7/error.log \ EXPOSE 80 -CMD ["/entrypoint.sh"] +CMD supervisord -c /etc/supervisor/conf.d/supervisord.conf HEALTHCHECK CMD curl -I --fail http://localhost/ || exit 1 diff --git a/slash/entrypoint.sh b/slash/entrypoint.sh deleted file mode 100755 index e1de7aa..0000000 --- a/slash/entrypoint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -nohup sh -c $(php-fpm7 --nodaemonize --fpm-config /etc/php7/php-fpm.conf) & -nginx diff --git a/slash/etc/supervisor/conf.d/supervisord.conf b/slash/etc/supervisor/conf.d/supervisord.conf new file mode 100644 index 0000000..01910ad --- /dev/null +++ b/slash/etc/supervisor/conf.d/supervisord.conf @@ -0,0 +1,8 @@ +[supervisord] +nodaemon=true + +[program:php5-fpm] +command=/usr/sbin/php-fpm7 --nodaemonize --fpm-config /etc/php7/php-fpm.conf + +[program:nginx] +command=/usr/sbin/nginx From 32ebfd78336a29eec1653db3c45327f9065064af Mon Sep 17 00:00:00 2001 From: Pascal <1067997+pad92@users.noreply.github.com> Date: Wed, 27 Feb 2019 17:31:21 +0100 Subject: [PATCH 22/46] bump to alpine 3.9 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9e6313d..34b7bc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ From 4a3fc1c58d992e98b8cdf3f02ec7cb854d0fa672 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Mon, 29 Jul 2019 11:50:39 +0200 Subject: [PATCH 23/46] :pushpin: update h5ai and alpine - update h5ai to 0.29.2 - update alpine to 3.10.1 --- Dockerfile | 5 ++--- README.md | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 34b7bc2..0937745 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM node:slim as builder -ENV H5AI_VERSION=0.29.0 +ENV H5AI_VERSION=0.29.2 RUN apt-get update \ && apt-get --no-install-recommends -y install \ @@ -10,14 +10,13 @@ RUN apt-get update \ && cd h5ai \ && git checkout -b ${H5AI_VERSION} tags/v${H5AI_VERSION} \ && npm install \ - && npm audit fix \ && npm run build COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM alpine:3.9 +FROM alpine:3.10.1 LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ diff --git a/README.md b/README.md index cc160ad..5873d39 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [h5ai project](https://larsjung.de/h5ai/) -[![Layers](https://images.microbadger.com/badges/image/pad92/docker-h5ai.svg)](https://microbadger.com/images/pad92/docker-h5ai) [![GitHub issues](https://img.shields.io/github/issues/pad92/docker-docker-h5ai.svg)](https://github.com/pad92/docker-docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) +[![Layers](https://images.microbadger.com/badges/image/pad92/docker-h5ai.svg)](https://microbadger.com/images/pad92/docker-h5ai) [![GitHub issues](https://img.shields.io/github/issues/pad92/docker-docker-h5ai.svg)](https://github.com/pad92/docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) # Usage From 31acf1203f7a8a98e4b6b3a5f6a2d1d4167a0224 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Mon, 29 Jul 2019 13:40:11 +0200 Subject: [PATCH 24/46] :whale: switch to nginx:stable-alpine --- Dockerfile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0937745..b72e5b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM alpine:3.10.1 +FROM nginx:stable-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ @@ -29,15 +29,17 @@ LABEL maintainer="pad92" \ org.label-schema.schema-version="1.0" RUN apk add --no-cache \ + apache2-utils \ curl \ ffmpeg \ - nginx \ + imagemagick \ php7 \ php7-exif \ php7-fileinfo \ php7-fpm \ php7-gd \ php7-imagick \ + php7-intl \ php7-json \ php7-mbstring \ php7-openssl \ @@ -45,9 +47,10 @@ RUN apk add --no-cache \ php7-simplexml \ php7-xml \ php7-xmlwriter \ - php7-zlib \ - zip \ - supervisor + php7-zip \ + supervisor \ + tzdata \ + zip COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai From 15144f4f2bc8e98cb2913f16f103b4385c6e9216 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Sun, 27 Oct 2019 11:48:01 +0100 Subject: [PATCH 25/46] :whale: set docker image version switch to : - node:8.16.2-alpine - nginx:1.16.1-alpine --- Dockerfile | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index b72e5b6..a4aaf9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,8 @@ -FROM node:slim as builder +FROM node:8.16.2-alpine as builder ENV H5AI_VERSION=0.29.2 -RUN apt-get update \ - && apt-get --no-install-recommends -y install \ - git-core \ - patch \ +RUN apk add --no-cache git patch \ && git clone https://github.com/lrsjng/h5ai.git \ && cd h5ai \ && git checkout -b ${H5AI_VERSION} tags/v${H5AI_VERSION} \ @@ -16,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:stable-alpine +FROM nginx:1.16.1-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ From 8ba531e92cf4d9e2b5f808c3053a27e5f59ac3ac Mon Sep 17 00:00:00 2001 From: Pascal <1067997+pad92@users.noreply.github.com> Date: Fri, 1 Nov 2019 12:37:08 +0100 Subject: [PATCH 26/46] Create LICENSE --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f286e5b --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 OurContainers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 4bdb52636ea34c77aa35e8e9a5739df30bb3bd23 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Sat, 20 Jun 2020 01:45:06 +0200 Subject: [PATCH 27/46] add auth with var ENV_U and ENV_P --- Dockerfile | 2 +- slash/etc/nginx/nginx.conf | 2 ++ slash/etc/supervisor/conf.d/supervisord.conf | 4 ++-- slash/usr/local/bin/nginx_auth.sh | 10 ++++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) create mode 100755 slash/usr/local/bin/nginx_auth.sh diff --git a/Dockerfile b/Dockerfile index a4aaf9b..da3ef5b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.16.1-alpine +FROM nginx:1.18-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ diff --git a/slash/etc/nginx/nginx.conf b/slash/etc/nginx/nginx.conf index 6e30d22..04bb618 100644 --- a/slash/etc/nginx/nginx.conf +++ b/slash/etc/nginx/nginx.conf @@ -67,6 +67,8 @@ http { location /_h5ai { root /usr/share/h5ai/; location /_h5ai/public/index.php { + #auth_basic "Restricted"; + #auth_basic_user_file /etc/nginx/.htpasswd; try_files $uri =404; fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm.sock; diff --git a/slash/etc/supervisor/conf.d/supervisord.conf b/slash/etc/supervisor/conf.d/supervisord.conf index 01910ad..086681d 100644 --- a/slash/etc/supervisor/conf.d/supervisord.conf +++ b/slash/etc/supervisor/conf.d/supervisord.conf @@ -1,8 +1,8 @@ [supervisord] nodaemon=true -[program:php5-fpm] +[program:php7-fpm] command=/usr/sbin/php-fpm7 --nodaemonize --fpm-config /etc/php7/php-fpm.conf [program:nginx] -command=/usr/sbin/nginx +command=/usr/local/bin/nginx_auth.sh diff --git a/slash/usr/local/bin/nginx_auth.sh b/slash/usr/local/bin/nginx_auth.sh new file mode 100755 index 0000000..8b615bd --- /dev/null +++ b/slash/usr/local/bin/nginx_auth.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +HTPASSWD=$(/usr/bin/htpasswd -cb /etc/nginx/.htpasswd ${ENV_U} ${ENV_P} 2>/dev/null 1>&2 ) + +if [ $? -eq 0 ]; then + sed -i 's/#auth_/auth_/g' /etc/nginx/nginx.conf +fi + + +/usr/sbin/nginx From 7ecb520a0c99b5ae147c3638757149c9e02fa003 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Tue, 30 Nov 2021 10:54:03 +0100 Subject: [PATCH 28/46] bump to 0.30.0 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index da3ef5b..0170a88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM node:8.16.2-alpine as builder +FROM node:12-alpine as builder -ENV H5AI_VERSION=0.29.2 +ENV H5AI_VERSION=0.30.0 RUN apk add --no-cache git patch \ && git clone https://github.com/lrsjng/h5ai.git \ @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.18-alpine +FROM nginx:1.20.2-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ From 6e6b0cbe880ebc93669b2d2a595e44a31aea8578 Mon Sep 17 00:00:00 2001 From: Pascal <1067997+pad92@users.noreply.github.com> Date: Tue, 30 Nov 2021 11:03:41 +0100 Subject: [PATCH 29/46] Create docker-publish.yml --- .github/workflows/docker-publish.yml | 63 ++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..bc04de1 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,63 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '39 19 * * *' + push: + branches: [ master ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ master ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 28ba250694dc416da28feb366832918d4c94fe7a Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Tue, 30 Nov 2021 11:29:11 +0100 Subject: [PATCH 30/46] cleanup --- .github/workflows/docker-publish.yml | 63 ---------------------------- 1 file changed, 63 deletions(-) delete mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index bc04de1..0000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - schedule: - - cron: '39 19 * * *' - push: - branches: [ master ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ master ] - -env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} From 4208468953d82c1d672d73621ffd038cda523c28 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Tue, 30 Nov 2021 11:38:15 +0100 Subject: [PATCH 31/46] clean ci --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index adcd1c2..5671ce1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,8 +37,8 @@ build_image.feature: --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME%%-*}" . - - docker push "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME%%-*}" + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" only: - /^[0-9]+-.*$/ except: @@ -53,8 +53,8 @@ build_image.nonstd: --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME:0:128}" . - - docker push "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME:0:128}" + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" only: - /^[a-zA-Z]+.*$/ except: @@ -82,8 +82,8 @@ build_image.tag: tag_image.latest: stage: tag_latest script: - - docker pull "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" - - docker tag "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" + - docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" - docker push "${CI_REGISTRY_IMAGE}:latest" only: - master From 219f00345fb1941418068c047675a140d94a431c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 6 Jul 2022 09:46:44 +0000 Subject: [PATCH 32/46] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE314-CURL-2938007 - https://snyk.io/vuln/SNYK-ALPINE314-CURL-2938016 - https://snyk.io/vuln/SNYK-ALPINE314-CURL-2938016 - https://snyk.io/vuln/SNYK-ALPINE314-FREETYPE-2839592 - https://snyk.io/vuln/SNYK-ALPINE314-FREETYPE-2839593 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0170a88..d5ce6ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.20.2-alpine +FROM nginx:1.22.0-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ From 7e91565a52ae8a7508790965dc2ee96d6dcbe5c2 Mon Sep 17 00:00:00 2001 From: Pascal Armand Date: Wed, 6 Jul 2022 12:16:19 +0200 Subject: [PATCH 33/46] bump to php8 --- Dockerfile | 32 ++++++++++---------- slash/etc/{php7 => php8}/php-fpm.conf | 9 +++--- slash/etc/supervisor/conf.d/supervisord.conf | 4 +-- 3 files changed, 22 insertions(+), 23 deletions(-) rename slash/etc/{php7 => php8}/php-fpm.conf (58%) diff --git a/Dockerfile b/Dockerfile index d5ce6ac..86c4bd4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,21 +30,21 @@ RUN apk add --no-cache \ curl \ ffmpeg \ imagemagick \ - php7 \ - php7-exif \ - php7-fileinfo \ - php7-fpm \ - php7-gd \ - php7-imagick \ - php7-intl \ - php7-json \ - php7-mbstring \ - php7-openssl \ - php7-session \ - php7-simplexml \ - php7-xml \ - php7-xmlwriter \ - php7-zip \ + php8 \ + php8-exif \ + php8-fileinfo \ + php8-fpm \ + php8-gd \ + php8-pecl-imagick \ + php8-intl \ + php8-json \ + php8-mbstring \ + php8-openssl \ + php8-session \ + php8-simplexml \ + php8-xml \ + php8-xmlwriter \ + php8-zip \ supervisor \ tzdata \ zip @@ -53,7 +53,7 @@ COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / -RUN ln -sf /dev/stderr /var/log/php7/error.log \ +RUN ln -sf /dev/stderr /var/log/php8/error.log \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ diff --git a/slash/etc/php7/php-fpm.conf b/slash/etc/php8/php-fpm.conf similarity index 58% rename from slash/etc/php7/php-fpm.conf rename to slash/etc/php8/php-fpm.conf index a4a3462..cf0464c 100644 --- a/slash/etc/php7/php-fpm.conf +++ b/slash/etc/php8/php-fpm.conf @@ -5,10 +5,9 @@ listen = /var/run/php-fpm.sock listen.owner = nginx listen.mode = 0666 pm = dynamic -pm.max_children = 4 -pm.start_servers = 3 -pm.min_spare_servers = 2 -pm.max_spare_servers = 4 -pm.max_requests = 200 +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 catch_workers_output = yes clear_env = no diff --git a/slash/etc/supervisor/conf.d/supervisord.conf b/slash/etc/supervisor/conf.d/supervisord.conf index 086681d..95629ea 100644 --- a/slash/etc/supervisor/conf.d/supervisord.conf +++ b/slash/etc/supervisor/conf.d/supervisord.conf @@ -1,8 +1,8 @@ [supervisord] nodaemon=true -[program:php7-fpm] -command=/usr/sbin/php-fpm7 --nodaemonize --fpm-config /etc/php7/php-fpm.conf +[program:php8-fpm] +command=/usr/sbin/php-fpm8 --nodaemonize --fpm-config /etc/php8/php-fpm.conf [program:nginx] command=/usr/local/bin/nginx_auth.sh From 1958b1d0fffc6bc3f4f7aee36e5ebcefc9b17c4b Mon Sep 17 00:00:00 2001 From: pad Date: Wed, 6 Jul 2022 10:27:46 +0000 Subject: [PATCH 34/46] fix badges --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5873d39..5923c50 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [h5ai project](https://larsjung.de/h5ai/) -[![Layers](https://images.microbadger.com/badges/image/pad92/docker-h5ai.svg)](https://microbadger.com/images/pad92/docker-h5ai) [![GitHub issues](https://img.shields.io/github/issues/pad92/docker-docker-h5ai.svg)](https://github.com/pad92/docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) +[![GitHub issues](https://img.shields.io/github/issues/pad92/docker-h5ai.svg)](https://github.com/pad92/docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) # Usage From 4fcf8a3d61f71f483f5f6276ac77065e34df5d90 Mon Sep 17 00:00:00 2001 From: pad Date: Wed, 6 Jul 2022 10:28:37 +0000 Subject: [PATCH 35/46] clean badges --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5923c50..4d858e3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [h5ai project](https://larsjung.de/h5ai/) -[![GitHub issues](https://img.shields.io/github/issues/pad92/docker-h5ai.svg)](https://github.com/pad92/docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Build Status](https://img.shields.io/docker/build/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) +[![GitHub issues](https://img.shields.io/github/issues/pad92/docker-h5ai.svg)](https://github.com/pad92/docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) # Usage From 0fbc433c0f2cfb7b0e55ab52929dc6150813cdbf Mon Sep 17 00:00:00 2001 From: pad Date: Fri, 21 Oct 2022 20:12:23 +0000 Subject: [PATCH 36/46] [Snyk] Security upgrade nginx from 1.22.0-alpine to 1.22.1-alpine --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 86c4bd4..9c6588e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.22.0-alpine +FROM nginx:1.22.1-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ From 1151e885c4e934d4ef56e1ba2574f7c8df9039d8 Mon Sep 17 00:00:00 2001 From: pad Date: Sun, 14 May 2023 12:57:51 +0000 Subject: [PATCH 37/46] update php to 8.1 --- Dockerfile | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9c6588e..a0a386c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.22.1-alpine +FROM nginx:1.24-alpine LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ @@ -30,21 +30,21 @@ RUN apk add --no-cache \ curl \ ffmpeg \ imagemagick \ - php8 \ - php8-exif \ - php8-fileinfo \ - php8-fpm \ - php8-gd \ - php8-pecl-imagick \ - php8-intl \ - php8-json \ - php8-mbstring \ - php8-openssl \ - php8-session \ - php8-simplexml \ - php8-xml \ - php8-xmlwriter \ - php8-zip \ + php81 \ + php81-exif \ + php81-fileinfo \ + php81-fpm \ + php81-gd \ + php81-pecl-imagick \ + php81-intl \ + php81-json \ + php81-mbstring \ + php81-openssl \ + php81-session \ + php81-simplexml \ + php81-xml \ + php81-xmlwriter \ + php81-zip \ supervisor \ tzdata \ zip @@ -53,7 +53,7 @@ COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / -RUN ln -sf /dev/stderr /var/log/php8/error.log \ +RUN ln -sf /dev/stderr /var/log/php81/error.log \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ From 2d5461fbc0bbd6390cf742a19bcfa1ba6355c0a0 Mon Sep 17 00:00:00 2001 From: pad Date: Sun, 14 May 2023 13:07:29 +0000 Subject: [PATCH 38/46] fix php81 --- slash/etc/{php8 => php81}/php-fpm.conf | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename slash/etc/{php8 => php81}/php-fpm.conf (100%) diff --git a/slash/etc/php8/php-fpm.conf b/slash/etc/php81/php-fpm.conf similarity index 100% rename from slash/etc/php8/php-fpm.conf rename to slash/etc/php81/php-fpm.conf From 277fe9a971195cbadae7e932d2bd68b140545d75 Mon Sep 17 00:00:00 2001 From: pad Date: Sun, 14 May 2023 13:08:22 +0000 Subject: [PATCH 39/46] Update file supervisord.conf --- slash/etc/supervisor/conf.d/supervisord.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slash/etc/supervisor/conf.d/supervisord.conf b/slash/etc/supervisor/conf.d/supervisord.conf index 95629ea..d3b44eb 100644 --- a/slash/etc/supervisor/conf.d/supervisord.conf +++ b/slash/etc/supervisor/conf.d/supervisord.conf @@ -1,8 +1,8 @@ [supervisord] nodaemon=true -[program:php8-fpm] -command=/usr/sbin/php-fpm8 --nodaemonize --fpm-config /etc/php8/php-fpm.conf +[program:php81-fpm] +command=/usr/sbin/php-fpm81 --nodaemonize --fpm-config /etc/php81/php-fpm.conf [program:nginx] command=/usr/local/bin/nginx_auth.sh From c7928d1a58d78c757c806d7c548f4e6e098dcedf Mon Sep 17 00:00:00 2001 From: pad Date: Mon, 22 May 2023 10:57:07 +0200 Subject: [PATCH 40/46] update nodes and add opcache --- .github/workflows/buildx.yml | 30 ++++++++++++++++++++++++++++++ Dockerfile | 9 +++++---- slash/etc/php81/conf.d/opcache.ini | 4 ++++ 3 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/buildx.yml create mode 100644 slash/etc/php81/conf.d/opcache.ini diff --git a/.github/workflows/buildx.yml b/.github/workflows/buildx.yml new file mode 100644 index 0000000..0199cf6 --- /dev/null +++ b/.github/workflows/buildx.yml @@ -0,0 +1,30 @@ +name: buildx +on: + push: + branches: + - master +jobs: + buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 + tags: ${{ secrets.DOCKERHUB_USERNAME }}/h5ai:latest + push: true diff --git a/Dockerfile b/Dockerfile index a0a386c..7ade2a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -FROM node:12-alpine as builder +FROM node:16-alpine as builder ENV H5AI_VERSION=0.30.0 -RUN apk add --no-cache git patch \ +RUN apk add --no-cache git patch \ && git clone https://github.com/lrsjng/h5ai.git \ && cd h5ai \ && git checkout -b ${H5AI_VERSION} tags/v${H5AI_VERSION} \ @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.24-alpine +FROM nginx:1.24-alpine-slim LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ @@ -35,11 +35,12 @@ RUN apk add --no-cache \ php81-fileinfo \ php81-fpm \ php81-gd \ - php81-pecl-imagick \ php81-intl \ php81-json \ php81-mbstring \ + php81-opcache \ php81-openssl \ + php81-pecl-imagick \ php81-session \ php81-simplexml \ php81-xml \ diff --git a/slash/etc/php81/conf.d/opcache.ini b/slash/etc/php81/conf.d/opcache.ini new file mode 100644 index 0000000..a30b6ae --- /dev/null +++ b/slash/etc/php81/conf.d/opcache.ini @@ -0,0 +1,4 @@ +[opcache] +opcache.enable=1 +opcache.jit_buffer_size=100M +opcache.jit=tracing From d7a7ffcb321a2f9ce80dc219b8a0eba8e61d9f8c Mon Sep 17 00:00:00 2001 From: pad Date: Thu, 13 Jul 2023 11:07:54 +0000 Subject: [PATCH 41/46] Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist --- .gitlab-ci.yml | 109 +++++++++++++++++++++---------------------------- 1 file changed, 46 insertions(+), 63 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5671ce1..8d74a9b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,91 +1,74 @@ +# You can override the included template(s) by including variable overrides +# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings +# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings +# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings +# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# Note that environment variables can be set in several places +# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence image: docker:git - services: - - docker:dind - +- docker:dind stages: - - build_image - - tag_latest - +- build_image +- tag_latest +- test before_script: - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}" - -### -## BUILD IMAGE -# -# Default branches (master/dev) +- docker login -u "${CI_REGISTRY_USER}" -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}" build_image.default: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date + '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" only: - - master + - master except: - - tags - -# Issue branches (^[0-9]+-.*]) -# Strip branch name branch ID + - tags build_image.feature: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" + - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date + '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" + . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" only: - - /^[0-9]+-.*$/ + - "/^[0-9]+-.*$/" except: - - tags - -# Non Standard branches (^[a-zA-Z]+.*) -# Strip branch name to 128 char max + - tags build_image.nonstd: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" + - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date + '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" + . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" only: - - /^[a-zA-Z]+.*$/ + - "/^[a-zA-Z]+.*$/" except: - - master - - dev - - tags - -# TAGS + - master + - dev + - tags build_image.tag: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_REF_NAME}" - -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date + '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_REF_NAME}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + . + - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" only: - - tags - -### -## TAG IMAGE -# -# Tag latest on master branch + - tags tag_image.latest: stage: tag_latest script: - - docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" - - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" - - docker push "${CI_REGISTRY_IMAGE}:latest" + - docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" + - docker push "${CI_REGISTRY_IMAGE}:latest" only: - - master + - master except: - - tags + - tags +sast: + stage: test +include: +- template: Security/SAST.gitlab-ci.yml From ef710eb05486a1736e7a82a4e7da15132da7c422 Mon Sep 17 00:00:00 2001 From: pad Date: Thu, 13 Jul 2023 11:09:53 +0000 Subject: [PATCH 42/46] Configure Container Scanning in `.gitlab-ci.yml`, creating this file if it does not already exist --- .gitlab-ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8d74a9b..3484b5a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,12 @@ # Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings # Note that environment variables can be set in several places # See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence + +# container_scanning: +# variables: +# DOCKER_IMAGE: ... +# DOCKER_USER: ... +# DOCKER_PASSWORD: ... image: docker:git services: - docker:dind @@ -72,3 +78,4 @@ sast: stage: test include: - template: Security/SAST.gitlab-ci.yml +- template: Jobs/Container-Scanning.gitlab-ci.yml From 329bf9aca2832c11916474e5ab3cd76256c5eb5c Mon Sep 17 00:00:00 2001 From: pad Date: Tue, 3 Oct 2023 00:23:22 +0000 Subject: [PATCH 43/46] build linux/arm64,linux/amd64,linux/arm/v7 --- .gitlab-ci.yml | 92 +++++++++++++++++++++++++++----------------------- Dockerfile | 2 +- 2 files changed, 51 insertions(+), 43 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3484b5a..970ee6d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,81 +1,89 @@ -# You can override the included template(s) by including variable overrides -# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings -# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings -# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings -# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings -# Note that environment variables can be set in several places -# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence - -# container_scanning: -# variables: -# DOCKER_IMAGE: ... -# DOCKER_USER: ... -# DOCKER_PASSWORD: ... image: docker:git + services: - docker:dind + stages: - build_image -- tag_latest -- test + before_script: - docker login -u "${CI_REGISTRY_USER}" -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}" + build_image.default: stage: build_image script: - - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date - '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" + - docker push "${CI_REGISTRY_IMAGE}:latest" only: - master except: - tags + build_image.feature: stage: build_image script: - - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date - '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" only: - "/^[0-9]+-.*$/" except: - tags + build_image.nonstd: stage: build_image script: - - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date - '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" only: - "/^[a-zA-Z]+.*$/" except: - master - dev - tags + build_image.tag: stage: build_image script: - - docker build --pull --build-arg BUILD_NAME="${CI_PROJECT_NAME}" --build-arg BUILD_DATE="$(date - '+%FT%T.%s%z')" --build-arg BUILD_VCSREF="${CI_COMMIT_REF_NAME}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" only: - tags -tag_image.latest: - stage: tag_latest - script: - - docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" - - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" - - docker push "${CI_REGISTRY_IMAGE}:latest" - only: - - master - except: - - tags -sast: - stage: test -include: -- template: Security/SAST.gitlab-ci.yml -- template: Jobs/Container-Scanning.gitlab-ci.yml + diff --git a/Dockerfile b/Dockerfile index 7ade2a2..8e3cb1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM nginx:1.24-alpine-slim +FROM nginx:1.25-alpine-slim LABEL maintainer="pad92" \ org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ From 74ea4d6e8986931728c1fcadff17c99c7bfa640d Mon Sep 17 00:00:00 2001 From: pad Date: Tue, 3 Oct 2023 05:35:23 +0000 Subject: [PATCH 44/46] fix tag ci --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 970ee6d..e16cf5e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,8 +23,6 @@ build_image.default: --push -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" - - docker push "${CI_REGISTRY_IMAGE}:latest" only: - master except: @@ -83,6 +81,7 @@ build_image.tag: --platform=linux/arm64,linux/amd64,linux/arm/v7 --push -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + -t "${CI_REGISTRY_IMAGE}:latest" . only: - tags From 26f658da80728d1227ff5d01b359cc26c0210adb Mon Sep 17 00:00:00 2001 From: pad Date: Tue, 10 Oct 2023 10:28:37 +0000 Subject: [PATCH 45/46] fix http logs --- .gitlab-ci.yml | 1 - docker-compose.yml | 11 +++++++++++ slash/etc/supervisor/conf.d/supervisord.conf | 16 ++++++++++++++++ slash/usr/local/bin/nginx_auth.sh | 2 +- 4 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 docker-compose.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e16cf5e..b64d2d9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -85,4 +85,3 @@ build_image.tag: . only: - tags - diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..cf303d0 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,11 @@ +version: '3' +services: + h5ai-devel: + build: + context: . + dockerfile: Dockerfile + image: h5ai-devel + ports: + - 8888:80 + volumes: + - .:/share:ro diff --git a/slash/etc/supervisor/conf.d/supervisord.conf b/slash/etc/supervisor/conf.d/supervisord.conf index d3b44eb..403da18 100644 --- a/slash/etc/supervisor/conf.d/supervisord.conf +++ b/slash/etc/supervisor/conf.d/supervisord.conf @@ -3,6 +3,22 @@ nodaemon=true [program:php81-fpm] command=/usr/sbin/php-fpm81 --nodaemonize --fpm-config /etc/php81/php-fpm.conf +process_name=%(program_name)s_%(process_num)02d +numprocs=1 +autostart=true +autorestart=false +startsecs=0 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 [program:nginx] command=/usr/local/bin/nginx_auth.sh +process_name=%(program_name)s_%(process_num)02d +numprocs=1 +autostart=true +autorestart=false +startsecs=0 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 diff --git a/slash/usr/local/bin/nginx_auth.sh b/slash/usr/local/bin/nginx_auth.sh index 8b615bd..8b738ff 100755 --- a/slash/usr/local/bin/nginx_auth.sh +++ b/slash/usr/local/bin/nginx_auth.sh @@ -7,4 +7,4 @@ if [ $? -eq 0 ]; then fi -/usr/sbin/nginx +/usr/sbin/nginx -c /etc/nginx/nginx.conf From 6d931e3c2f23fd28bc81116640f594425a40aa01 Mon Sep 17 00:00:00 2001 From: pad Date: Tue, 10 Oct 2023 10:47:27 +0000 Subject: [PATCH 46/46] fix http real ip --- slash/etc/nginx/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slash/etc/nginx/nginx.conf b/slash/etc/nginx/nginx.conf index 04bb618..24fbcf7 100644 --- a/slash/etc/nginx/nginx.conf +++ b/slash/etc/nginx/nginx.conf @@ -11,7 +11,7 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' + log_format main_ext '$http_x_forwarded_for - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '"$host" sn="$server_name" '