diff --git a/Dockerfile b/Dockerfile index 745085f..5c795f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,78 +13,90 @@ ARG GIT_USERNAME="seb" # https://hub.docker.com/_/php # WARNING: the FastCGI protocol is inherently trusting, and thus extremely insecure to expose outside of a private container network -- unless you know exactly what you are doing (and are willing to accept the extreme risk), do not use Docker's --publish (-p) flag with this image variant. -FROM php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS php -EXPOSE 9000/tcp +FROM php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS php-builder + +# Use php development configuration # see configuration : https://hub.docker.com/_/php RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" # config system # git is required for symfony cli -RUN apk update --no-cache \ - && apk add fish bash git +# supervisor is required for worker (then messenger) +#RUN apk update --no-cache \ +# && apk add fish bash git supervisor +#RUN apk update --no-cache \ +# && apk add bash git # Add php extension installer # available extensions : https://github.com/mlocati/docker-php-extension-installer#supported-php-extensions -ADD --chmod=700 \ +ADD --chmod=755 \ https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions \ /usr/local/bin/ # runtime extensions - https://symfony.com/doc/current/setup.html#technical-requirements # already bundled : Ctype , iconv, PCRE, Session, Tokenizer, simplexml # json, mbstring (bundled) -RUN install-php-extensions intl pdo_pgsql opcache apcu +# opcache, apcu required for internal php/symfony performance +# imagick for image manipulation, @see https://github.com/liip/LiipImagineBundle +RUN install-php-extensions intl pdo_pgsql opcache apcu imagick + # dev extensions # To start xdebug for a interactive cli use this : # XDEBUG_MODE=debug XDEBUG_SESSION=1 XDEBUG_CONFIG="client_host=172.17.0.1 client_port=9003" PHP_IDE_CONFIG="serverName=myrepl" php /app/hello.php # A phpstorm server with the appropriate name is also needed ( Config : PHP > Servers ) RUN install-php-extensions xdebug -# since we use php-fpm, we may use www-data user @todo -RUN adduser -D -s /usr/bin/fish -h /home/climber -u 1000 climber - # Add composer # We may also use `install-php-extensions @composer` (not tested) +#RUN install-php-extensions @${COMPOSER_VERSION} # or get the binary from the composer docker image +# maybe getting the binary from the composer image is better for docker scout scanning ... ARG COMPOSER_VERSION -ADD --chown=climber:climber \ - --chmod=744 \ - https://github.com/composer/composer/releases/download/${COMPOSER_VERSION}/composer.phar \ +ADD --chown=www-data:www-data https://github.com/composer/composer/releases/download/${COMPOSER_VERSION}/composer.phar \ /usr/local/bin/composer -RUN composer --version - -# Create app directory & vendor/bin (needed ?) -WORKDIR /app -RUN chown climber /app && mkdir -p /app/vendor/bin/ # Add psysh - https://github.com/bobthecow/psysh -RUN curl -L -o /tmp/psysh.tar.gz https://github.com/bobthecow/psysh/releases/download/v0.12.0/psysh-v0.12.0.tar.gz \ - && tar -xvf /tmp/psysh.tar.gz -C /usr/local/bin/ \ - && chmod 500 /usr/local/bin/psysh \ - && chown climber /usr/local/bin/psysh \ - && psysh --version +ADD --chown=www-data:www-data https://github.com/bobthecow/psysh/releases/download/v0.12.0/psysh-v0.12.0.tar.gz \ + /usr/local/bin/psysh # Add symfony cli -RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.alpine.sh' | bash \ - && apk --no-cache add symfony-cli \ - && symfony local:check:requirements - -USER climber -# configure git (needed for symnfony cli) -ARG GIT_EMAIL -ARG GIT_USERNAME -RUN git config --global user.email "${GIT_EMAIL}" \ - && git config --global user.name "${GIT_USERNAME}" +# No need for this cli, since evetything is done within container +#RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.alpine.sh' | bash \ +# && apk --no-cache add symfony-cli \ +# && symfony local:check:requirements # Add php-cs-fixer -# @deprecated, better include it in the composer.json ARG PHP_CS_FIXER_VERSION -ADD --chown=climber:climber \ - --chmod=744 \ - https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases/download/v${PHP_CS_FIXER_VERSION}/php-cs-fixer.phar \ +ADD --chown=www-data:www-data https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases/download/v${PHP_CS_FIXER_VERSION}/php-cs-fixer.phar \ /usr/local/bin/php-cs-fixer +# ------------------ + +FROM php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS final +COPY --from=php-builder /usr/local/bin /usr/local/bin +COPY --from=php-builder /usr/local/etc /usr/local/etc +COPY --from=php-builder /usr/local/lib /usr/local/lib +COPY --from=php-builder /usr/lib /usr/lib + +EXPOSE 9000/tcp + +# Create app directory & vendor/bin (needed ?) +WORKDIR /app +RUN mkdir -p /app/var/ +RUN chown www-data:www-data /app -R + +RUN apk update --no-cache \ + && apk add fish git supervisor \ + && apk cache clean + +USER www-data + # Add composer binaries to path +RUN mkdir /app/vendor/bin -p RUN ["fish", "-c fish_add_path /app/vendor/bin"] -# switch back to www-data user ? - +# configure git (needed for symnfony cli) +ARG GIT_EMAIL +ARG GIT_USERNAME +RUN git config --global user.email "${GIT_EMAIL}" \ + && git config --global user.name "${GIT_USERNAME}"