Benzine/Docker-Swarm-Loadbalancer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Trunk linter ()

Browse source 
* linting is fun

* mis-detection of missing healthcheck staements.

* typo

* disable tagging vanity tags on non-main branch

* Unbugger node build?

* Add gitleaks detector, remove an expired secret.

* More linting-derived cleanup

* Fiddle with trivy

* Fiddle with trivy

* add a readme

* Fix build bug with php flavours

* Marshall should build other flavours of ubuntu.

* Fiddle with act cache location.

* Add concurrency checks

* Composer version gubbins for 7.0/7.1

* ubuntu is just a label, and injected over the top of.

* Composer version gubbins for 7.0/7.1

* Run when workflow is altered too please.

* Hopefully fix composer stage.

* setup tooling meta-tooling.

* Add trunk

* Disable mirror mode, its being problematic, and increase retries to 5.

* Revisit how ghcr login works.

* Add trunk checks.

* All hail the linter

* Heavilly revise workflow

* Fettling

* Fettling

* Fettling

* Fettling

* Fettling

* Cleanup

* Cleanup

* Fettling.. Why does mitm build but not redis?

* Fettling.. Why does mitm build but not redis?

* Debuggin

* Fettling.

* Fix build?

* Permissions are a pain

* Switch around some should_push logic because envs aren't available that early.

* Permissionssssss

* Trivy, bane of my life

* Fix merge?

* Fix labels

* Help node along, among other things

* Redis 6.1 & 7.1 aren't a thing any more.

* Ffff USER nonsense

* latest-openssl doesn't exist.

* fixup mysqlproxy.

* Fix labels

* uurrgh

* uurrgh

* Didn't need to add the mitmproxy user, it exists

* Missing ghcr login

* Missing backtick

* Fix build?

* Add validate build step to bouncer.

* Fix bouncer build

* Disable laravel build

* Missing env

* Fix swarm mon build

* Scout just doesn't seem to work.
This commit is contained in:
Greyscale 2024-02-07 16:21:14 +01:00 committed by GitHub
parent 73c3900f75
commit 6db6395f66
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
126 changed files with 2925 additions and 2442 deletions
.actrc
.github
cache
act
artifacts
.gitkeep
cache
.gitkeep
docker
.gitkeep
workflows
bouncer.ymlbuild.ymllaravel.ymllint.ymlmarshall.ymlmitm-proxy.ymlmqtt.ymlmysql-proxy.ymlnode.ymloctoprint.ymlphp-flavours.ymlphp-vanity-tags.ymlphp.ymlredis.ymlswarm-monitor.ymltrunk.cache.ymltrunk.check.ymlwordpress.yml
.gitignore.gitleaksignore.trivyignore
.trunk
.gitignore
configs
.gitleaksignore.hadolint.yaml.markdownlint.yaml.shellcheck.shellcheckrc.trivyignore.yamllint.yaml
trunk.yaml
Readme.md
bouncer
DockerfileReadme.mdbouncer.finishcomposer.lockdocker-compose.ymlgrey-ooo-test.ymllogs-nginx-access.runitlogs.finishlogs.runit
public
index.html
laravel
CODE_OF_CONDUCT.mdDockerfilelaravel-horizon.finishlaravel-horizon.runitlaravel-scheduler.runitlaravel.runitmigrate.runitnginx.runitwait-for-mysql
marshall
CODE_OF_CONDUCT.mdDockerfile
etc/service
logrotate
logrotate.runit
rsyslog
rsyslog.finishrsyslog.runit
installers
000_apt.sh001_bash.sh002_timezone.sh003_dos2unix.sh004_gpgagent.sh050_runit.sh100_cron.sh101_rsyslog.sh900_utils.sh999_cleanup.shconfiginstall
usr/bin
package-report
mitm-proxy
CODE_OF_CONDUCT.mdDockerfile
mqtt
Dockerfile
mysql-proxy
.hadolint.yamlDockerfileREADME.mddocker-compose.ymlentrypoint.shhealthcheck.sh
node
CODE_OF_CONDUCT.mdDockerfile
php
CODE_OF_CONDUCT.mdDockerfileDockerfile.CoreMakefileREADME.mdREADME.template
apache
apache.runit
core
install-report.sh
nginx
letsencrypt.runitlogs-letsencrypt.finishlogs-letsencrypt.runitlogs-nginx-access.runitlogs-phpfpm-error.finishlogs-phpfpm-error.runitnginx.runitphp-fpm.runit
redis
CODE_OF_CONDUCT.md
Show more

14
.actrc
View file

@ -1,9 +1,11 @@
--secret-file .act-secrets --bind
--action-cache-path .github/cache/act/actions --action-cache-path .github/cache/act/actions
--artifact-server-path .github/cache/act/artifacts --artifact-server-path .github/cache/act/artifacts
--artifact-server-port 34566
--cache-server-path .github/cache/act/cache --cache-server-path .github/cache/act/cache
-P self-hosted=ghcr.io/catthehacker/ubuntu:act-latest --use-new-action-cache
-P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest --platform self-hosted=ghcr.io/catthehacker/ubuntu:act-latest
-P ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04 --platform ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
-P ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04 --platform ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
-P ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04 --platform ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
--platform ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04

0
.github/cache/act/artifacts/.gitkeep vendored
View file

0
.github/cache/act/cache/.gitkeep vendored
View file

0
.github/cache/docker/.gitkeep vendored
View file

50
.github/workflows/bouncer.yml vendored
View file

@ -1,24 +1,25 @@
name: Build Nginx + LetsEncrypt Bouncer name: Build Nginx + LetsEncrypt Bouncer
permissions:
contents: read
packages: write
on: on:
push: push:
paths:
- '.github/workflows/bouncer.yml'
- 'bouncer/**'
pull_request:
branches: branches:
- '!dependabot/**' - main
workflow_run: paths:
workflows: - bouncer/**
- Build PHP Flavours - .github/workflows/bouncer.yml
branches: [ 'master', 'feature/**' ] workflow_call:
types:
- completed
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
bouncer-build: bouncer-build:
name: "Bake Bouncer Container" name: Bake Bouncer Container
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: "Setup: Get Date" - name: "Setup: Get Date"
@ -48,17 +49,16 @@ jobs:
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub" - name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }} uses: docker/login-action@v3
uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR" - name: "Setup: Login to GHCR"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }} username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }} password: ${{ secrets.GHCR_PASSWORD }}
- name: "Setup: Checkout Source" - name: "Setup: Checkout Source"
@ -86,6 +86,7 @@ jobs:
target: bouncer target: bouncer
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true pull: true
#push: ${{ env.should_push && !env.ACT }}
push: true push: true
build-args: | build-args: |
GIT_SHA=${{ github.sha }} GIT_SHA=${{ github.sha }}
@ -94,5 +95,16 @@ jobs:
tags: | tags: |
${{ !env.ACT && 'benzine/bouncer:latest' || '' }} ${{ !env.ACT && 'benzine/bouncer:latest' || '' }}
${{ !env.ACT && 'ghcr.io/benzine-framework/bouncer:latest' || 'ghcr.io/benzine-framework/bouncer:devel' }} ${{ !env.ACT && 'ghcr.io/benzine-framework/bouncer:latest' || 'ghcr.io/benzine-framework/bouncer:devel' }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }} cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=/tmp' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }} cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=/tmp' }}
build-contexts: |
php:cli=docker-image://ghcr.io/benzine-framework/php:cli-8.2
- name: "Validate build"
shell: bash
run: |
docker \
run \
--rm \
ghcr.io/benzine-framework/bouncer:latest \
/usr/bin/install-report

121
.github/workflows/build.yml vendored Normal file
View file

@ -0,0 +1,121 @@
name: Build
on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- main
workflow_dispatch:
concurrency:
group: build-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions: read-all
jobs:
qc-before:
name: QC Trunk
uses: ./.github/workflows/trunk.check.yml
secrets: inherit
permissions: write-all
marshall:
needs: qc-before
name: Marshall
uses: ./.github/workflows/marshall.yml
secrets: inherit
permissions:
contents: read
packages: write
php:
needs: marshall
name: PHP Core
uses: ./.github/workflows/php.yml
secrets: inherit
permissions:
contents: read
packages: write
#laravel:
# needs: php
# name: PHP Vanity Tags
# uses: ./.github/workflows/laravel.yml
# secrets: inherit
# permissions:
# contents: read
# packages: write
bouncer:
needs: php
name: Nginx Load Balancer (Bouncer)
uses: ./.github/workflows/bouncer.yml
secrets: inherit
permissions:
contents: read
packages: write
mitm-proxy:
needs: qc-before
name: Man-in-the-middle proxy w/Healthchecks
uses: ./.github/workflows/mitm-proxy.yml
secrets: inherit
permissions:
contents: read
packages: write
mqtt:
needs: qc-before
name: MQTT w/Healthchecks
uses: ./.github/workflows/mqtt.yml
secrets: inherit
permissions:
contents: read
packages: write
mysql-proxy:
needs: qc-before
name: MySQL Proxy
uses: ./.github/workflows/mysql-proxy.yml
secrets: inherit
permissions:
contents: read
packages: write
#node:
# needs: marshall
# name: Node
# uses: ./.github/workflows/node.yml
# secrets: inherit
# permissions:
# contents: read
# packages: write
redis:
needs: qc-before
name: Redis w/Healthchecks
uses: ./.github/workflows/redis.yml
secrets: inherit
permissions:
contents: read
packages: write
swarm-monitor:
needs: php
name: Swarm Monitor
uses: ./.github/workflows/swarm-monitor.yml
secrets: inherit
permissions:
contents: read
packages: write
wordpress:
needs: php
name: Wordpress
uses: ./.github/workflows/wordpress.yml
secrets: inherit
permissions:
contents: read
packages: write

44
.github/workflows/laravel.yml vendored
View file

@ -1,23 +1,18 @@
name: Build Laravel Container name: Build Laravel Container
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'laravel/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Vanity Tags
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
laravel-build: laravel-build:
name: "Bake Laravel Container" name: "Build: Laravel Container"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
@ -36,7 +31,7 @@ jobs:
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2 - uses: docker/login-action@v3
name: Login to Docker Hub name: Login to Docker Hub
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -48,27 +43,32 @@ jobs:
context: laravel context: laravel
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true pull: true
push: ${{ !env.ACT && true || false }} push: ${{ env.should_push && !env.ACT }}
build-args: | build-args: |
PHP_VERSION=${{ matrix.version }} PHP_VERSION=${{ matrix.version }}
tags: | tags: |
ghcr.io/benzine-framework/laravel:php-${{ matrix.version }}
benzine/laravel:php-${{ matrix.version }}
matthewbaggett/laravel:${{ matrix.version }} matthewbaggett/laravel:${{ matrix.version }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }} cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=/tmp' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }} cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=/tmp' }}
build-contexts: |
php:nginx=docker-image://ghcr.io/benzine-framework/php:nginx-8.2
laravel-tag-latest: laravel-tag-latest:
name: "Bake Laravel Container" name: "Tag: Laravel Container"
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [laravel-build] needs: [laravel-build]
steps: steps:
- uses: docker/login-action@v2 - uses: docker/login-action@v3
name: Login to Docker Hub name: Login to Docker Hub
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Retag matthewbaggett/laravel:${{ matrix.version }} to matthewbaggett/laravel:latest"
- name: "Retag matthewbaggett/laravel:8.3 to matthewbaggett/laravel:latest"
if: ${{ !env.ACT }} if: ${{ !env.ACT }}
run: | run: |
docker pull matthewbaggett/laravel:8.2 docker pull matthewbaggett/laravel:8.3
docker tag matthewbaggett/laravel:8.2 matthewbaggett/laravel:latest docker tag matthewbaggett/laravel:8.3 matthewbaggett/laravel:latest
docker push matthewbaggett/laravel:latest docker push matthewbaggett/laravel:latest

31
.github/workflows/lint.yml vendored
View file

@ -1,31 +0,0 @@
name: Lint Docker Files
on:
schedule:
- cron: '0 4 * * TUE'
workflow_dispatch:
push:
jobs:
lint:
name: Lint Docker Files
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
dockerfile:
- marshall/Dockerfile
- php/Dockerfile.Core
- php/Dockerfile.Flavours
- laravel/Dockerfile
- wordpress/Dockerfile
- mqtt/Dockerfile
- node/Dockerfile
- redis/Dockerfile
- bouncer/Dockerfile
- mitm-proxy/Dockerfile
steps:
- uses: actions/checkout@v3
- uses: hadolint/hadolint-action@v3.1.0 # Yes you have to be version-specific, because they don't publish v3
with:
dockerfile: ./${{ matrix.dockerfile }}

218
.github/workflows/marshall.yml vendored
View file

@ -1,25 +1,37 @@
name: Build Marshall name: Build Marshall
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'marshall/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
jobs: env:
latest-stable-version: "focal"
ghcr_image: "ghcr.io/benzine-framework/marshall"
docker_hub_image: "benzine/marshall"
jobs:
marshall-build: marshall-build:
name: "Build Marshall" name: "Build"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ubuntu:
- focal
- jammy
- lunar
- mantic
- noble
- devel
- rolling
- latest
platform:
- linux/amd64
- linux/arm64
steps: steps:
- name: "Build: Prepare Environment Variables" - name: "Build: Prepare Environment Variables"
id: environment id: environment
@ -34,6 +46,11 @@ jobs:
echo "marshall_build_host=$(hostname)" echo "marshall_build_host=$(hostname)"
} >> "$GITHUB_OUTPUT" } >> "$GITHUB_OUTPUT"
{
platform=${{ matrix.platform }}
echo "platform_pair=${platform//\//-}"
} >> "$GITHUB_ENV"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
sparse-checkout: | sparse-checkout: |
@ -41,34 +58,177 @@ jobs:
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v3
- name: "Setup: Login to Docker Hub" - name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR" - name: "Setup: Login to GHCR"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }} username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }} password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v5 - name: "Setup: Docker meta"
name: Build & Push id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.ghcr_image }}
${{ env.docker_hub_image }}
labels: |
org.opencontainers.image.title=Marshall
org.opencontainers.image.description=Multi-thread (marshalling..) docker base image built atop Ubuntu ${{ matrix.ubuntu }} & Runit
org.opencontainers.image.vendor=Matthew Baggett
flavor: |
latest=auto
tags: |
${{ matrix.ubuntu }}
- name: "Build: Build Marshall for ${{ matrix.ubuntu }} on ${{ matrix.platform }}"
uses: docker/build-push-action@v5
id: build
with: with:
context: marshall context: marshall
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ matrix.platform }}
pull: true labels: ${{ steps.meta.outputs.labels }}
push: ${{ !env.ACT && true || false }}
tags: |
ghcr.io/benzine-framework/marshall:latest
benzine/marshall:latest
build-args: | build-args: |
MARSHALL_VERSION=${{ steps.environment.outputs.marshall_version }} MARSHALL_VERSION=${{ steps.environment.outputs.marshall_version }}
MARSHALL_BUILD_DATE=${{ steps.environment.outputs.marshall_build_date }} MARSHALL_BUILD_DATE=${{ steps.environment.outputs.marshall_build_date }}
MARSHALL_BUILD_HOST=${{ steps.environment.outputs.marshall_build_host }} MARSHALL_BUILD_HOST=${{ steps.environment.outputs.marshall_build_host }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }} cache-from: ${{ !env.ACT && 'type=gha,scope=marshall-${{ matrix.ubuntu }}' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }} cache-to: ${{ !env.ACT && 'type=gha,mode=max,scope=marshall-${{ matrix.ubuntu }}' || '' }}
build-contexts: ubuntu:version=docker-image://ubuntu:${{ matrix.ubuntu }}
outputs: |
type=image,name=${{ env.ghcr_image }},push-by-digest=true,name-canonical=true,push=true
- name: "Build: Export digest"
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: "Build: Upload digest"
uses: actions/upload-artifact@v3
with:
name: digests-${{ matrix.ubuntu }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
marshall-merge:
runs-on: ubuntu-latest
name: "Merge"
needs: [marshall-build]
strategy:
fail-fast: false
matrix:
ubuntu:
- focal
- jammy
- lunar
- mantic
- noble
- devel
- rolling
- latest
steps:
- uses: docker/setup-buildx-action@v3
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Merge: Docker meta"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.ghcr_image }}
${{ env.docker_hub_image }}
labels: |
org.opencontainers.image.title=Marshall
org.opencontainers.image.description=Multi-thread (marshalling..) docker base image built atop Ubuntu ${{ matrix.ubuntu }} & Runit
org.opencontainers.image.vendor=Matthew Baggett
flavor: |
latest=auto
tags: |
${{ matrix.ubuntu }}
- uses: hmarr/debug-action@v3
- name: "Setup: Download ${{ matrix.ubuntu }} digests"
uses: actions/download-artifact@v3
with:
path: /tmp/digests
name: digests-${{ matrix.ubuntu }}
- name: "Merge: Create ${{ matrix.ubuntu }} manifest list and push"
working-directory: /tmp/digests
shell: bash
run: |
set -o xtrace
pwd
ls -lah
docker buildx imagetools \
create \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.ghcr_image }}@sha256:%s ' *)
- name: "Merge: Inspect image"
run: |
docker buildx imagetools inspect ${{ env.ghcr_image }}:${{ steps.meta.outputs.version }}
marshall-tag-latest:
name: "Tag Latest"
runs-on: ubuntu-latest
needs: [marshall-merge]
strategy:
fail-fast: false
matrix:
output_tag:
- "benzine/marshall"
- "gone/marshall"
- "ghcr.io/benzine-framework/marshall"
steps:
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Retag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:bleeding"
shell: bash
run: |
docker pull ${{ env.ghcr_image }}:${{ env.latest-stable-version }}
docker tag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} ${{ matrix.output_tag }}:bleeding
docker push ${{ matrix.output_tag }}:bleeding
- name: "Retag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:latest"
if: ${{ github.ref == 'refs/heads/main' }}
shell: bash
run: |
docker pull ${{ env.ghcr_image }}:${{ env.latest-stable-version }}
docker tag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} ${{ matrix.output_tag }}:latest
docker push ${{ matrix.output_tag }}:latest

40
.github/workflows/mitm-proxy.yml vendored
View file

@ -1,20 +1,16 @@
name: Build mitmproxy name: Build mitmproxy
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'mitmproxy/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
mitmproxy-build: mitmproxy-build:
name: "MITM proxy with Healthchecks" name: "MITM proxy with Healthchecks"
@ -55,7 +51,6 @@ jobs:
- 5.1.0 - 5.1.0
- 5.0.1 - 5.0.1
- 5.0.0 - 5.0.0
steps: steps:
- name: "Setup: Setup QEMU" - name: "Setup: Setup QEMU"
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v2
@ -73,17 +68,16 @@ jobs:
mitm-proxy mitm-proxy
- name: "Setup: Login to Docker Hub" - name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }} uses: docker/login-action@v3
uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR" - name: "Setup: Login to GHCR"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }} username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }} password: ${{ secrets.GHCR_PASSWORD }}
- name: "Build: Build MITM proxy with healthchecks" - name: "Build: Build MITM proxy with healthchecks"
@ -91,18 +85,16 @@ jobs:
with: with:
context: mitm-proxy context: mitm-proxy
build-contexts: | build-contexts: |
mitmproxy/mitmproxy=docker-image://mitmproxy/mitmproxy:${{ matrix.mitmproxy }} mitmproxy:version=docker-image://mitmproxy/mitmproxy:${{ matrix.mitmproxy }}
build-args: | build-args: |
MITMPROXY_VERSION=${{ matrix.mitmproxy }} MITMPROXY_VERSION=${{ matrix.mitmproxy }}
GIT_SHA=${{ github.sha }} GIT_SHA=${{ github.sha }}
BUILD_DATE=${{ github.event.repository.pushed_at }} BUILD_DATE=${{ github.event.repository.pushed_at }}
platforms: ${{ (!env.ACT && !(startsWith('6.',matrix.mitmproxy) || startsWith('5.', matrix.mitmproxy))) && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ (!env.ACT && !(startsWith('6.',matrix.mitmproxy) || startsWith('5.', matrix.mitmproxy))) && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
${{ !env.ACT && format('benzine/mitmproxy:{0}',matrix.mitmproxy) || '' }} ${{ format('benzine/mitmproxy:{0}', matrix.mitmproxy) }}
${{ format('ghcr.io/benzine-framework/mitmproxy:{0}', matrix.mitmproxy) }} ${{ env.should_push && format('ghcr.io/benzine-framework/mitmproxy:{0}', matrix.mitmproxy) }}
cache-from: ${{ !env.ACT && 'type=gha' || '' }} cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }} cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}

66
.github/workflows/mqtt.yml vendored
View file

@ -1,39 +1,65 @@
name: Build MQTT name: Mosquitto
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'mqtt/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
mqtt-build: mqtt-build:
name: "MQTT" name: "Build"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
version:
- latest
- 2
- 2.0.18
- 2.0.14
- 1.6
openssl:
- ""
- "-openssl"
exclude:
- version: latest
openssl: "-openssl"
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
name: Login to Docker Hub - name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- uses: docker/build-push-action@v3
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v4
name: Build & Push name: Build & Push
with: with:
context: mqtt context: mqtt
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
benzine/mqtt gone/mqtt:${{ matrix.version }}${{ matrix.openssl }}
benzine/mqtt:${{ matrix.version }}${{ matrix.openssl }}
ghcr.io/benzine-framework/mqtt:${{ matrix.version }}${{ matrix.openssl }}
build-contexts: |
eclipse-mosquitto:injected-version=docker-image://eclipse-mosquitto:${{ matrix.version }}${{ matrix.openssl }}

45
.github/workflows/mysql-proxy.yml vendored
View file

@ -1,27 +1,25 @@
name: Build MySQL Proxy name: Build MySQL Proxy
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- '.github/workflows/mysql-proxy.yml'
- 'mysql-proxy/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Flavours
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
concurrency:
group: mysql-proxy-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
mysql-proxy-build: mysql-proxy-build:
name: "Build MySQL Proxy" name: "Build"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: "Setup: Setup QEMU" - name: "Setup: Setup QEMU"
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v2
@ -32,17 +30,16 @@ jobs:
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub" - name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }} uses: docker/login-action@v3
uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR" - name: "Setup: Login to GHCR"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }} username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }} password: ${{ secrets.GHCR_PASSWORD }}
- name: "Setup: Checkout Source" - name: "Setup: Checkout Source"
@ -58,9 +55,11 @@ jobs:
target: mysql-proxy target: mysql-proxy
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
${{ !env.ACT && 'benzine/mysql-proxy:latest' || '' }} ${{ !env.ACT && 'benzine/mysql-proxy:latest' || '' }}
${{ !env.ACT && 'ghcr.io/benzine-framework/mysql-proxy:latest' || 'ghcr.io/benzine-framework/mysql-proxy:devel' }} ${{ !env.ACT && 'ghcr.io/benzine-framework/mysql-proxy:latest' || 'ghcr.io/benzine-framework/mysql-proxy:devel' }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }} cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }} cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}
build-contexts: |
marshall:version=docker-image://ghcr.io/benzine-framework/marshall:focal

63
.github/workflows/node.yml vendored
View file

@ -1,40 +1,61 @@
name: Build NodeJS Flavours name: Build NodeJS Flavours
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'node/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build Marshall
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
concurrency:
group: nodejs-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
node-flavours-build: node-flavours-build:
name: "Build Node Flavours" name: "Build"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
yarn: yarn:
- "3.0.2" - latest
- "1.22.21"
- "1.22.20"
- "1.22.0"
- "1.21.0"
- "1.20.0"
node: node:
- "v16.13.0" - latest
- "16.13.0"
- "16.20.2"
- "17.9.1"
- "18.19.0"
- "19.9.0"
- "20.9.0"
- "21.6.1"
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
name: Login to Docker Hub - name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v3 - uses: docker/build-push-action@v3
name: Build & Push name: Build & Push
with: with:
@ -43,11 +64,13 @@ jobs:
target: nodejs target: nodejs
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
gone/node:${{ matrix.node }}-${{ matrix.yarn }} gone/node:${{ matrix.node }}-${{ matrix.yarn }}
benzine/node:${{ matrix.node }}-${{ matrix.yarn }} benzine/node:${{ matrix.node }}-${{ matrix.yarn }}
ghcr.io/benzine-framework/node:${{ matrix.node }}-${{ matrix.yarn }}
build-args: | build-args: |
NODE_VERSION=${{ matrix.node }} NODE_VERSION=${{ matrix.node }}
YARN_VERSION=${{ matrix.yarn }} YARN_VERSION=${{ matrix.yarn }}
build-contexts: |
marshall:build=docker-image://ghcr.io/benzine-framework/marshall:focal

23
.github/workflows/octoprint.yml vendored
View file

@ -1,14 +1,16 @@
name: Build Octoprint name: Build Octoprint
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'octoprint/**'
pull_request:
branches:
- '!dependabot/**'
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
octoprint-build: octoprint-build:
name: "Bake Octoprint" name: "Bake Octoprint"
@ -17,7 +19,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2 - uses: docker/login-action@v3
name: Login to Docker Hub name: Login to Docker Hub
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -29,8 +31,9 @@ jobs:
target: octoprint target: octoprint
platforms: linux/amd64,linux/arm64,linux/arm/v7 platforms: linux/amd64,linux/arm64,linux/arm/v7
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: matthewbaggett/octoprint:latest tags: matthewbaggett/octoprint:latest
octoprint-mjpg-build: octoprint-mjpg-build:
name: "Bake Octoprint for yuvu cameras" name: "Bake Octoprint for yuvu cameras"
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -38,7 +41,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2 - uses: docker/login-action@v3
name: Login to Docker Hub name: Login to Docker Hub
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -50,5 +53,5 @@ jobs:
target: octoprint-mjpg-streamer target: octoprint-mjpg-streamer
platforms: linux/amd64,linux/arm64,linux/arm/v7 platforms: linux/amd64,linux/arm64,linux/arm/v7
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: matthewbaggett/octoprint:mjpg-streamer-yu12 tags: matthewbaggett/octoprint:mjpg-streamer-yu12

100
.github/workflows/php-flavours.yml vendored
View file

@ -1,100 +0,0 @@
name: Build PHP Flavours
on:
push:
paths:
- 'php/apache/**'
- 'php/cli/**'
- 'php/nginx/**'
- 'php/Dockerfile.Flavours'
pull_request:
branches:
- '!dependabot/**'
workflow_dispatch:
workflow_run:
workflows:
- Build PHP Core
branches: [ 'master', 'feature/**' ]
types:
- completed
jobs:
php-flavours-build:
name: "Build PHP Flavours"
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 15
matrix:
variant:
- cli
- nginx
- apache
version:
- "7.0"
- "7.1"
- "7.2"
- "7.3"
- "7.4"
- "8.0"
- "8.1"
- "8.2"
- "8.3"
steps:
- name: Mangle Envs
id: vars
run: |
VERSION=$(echo "${{ matrix.version }}" | tr -d '.')
PACKAGE_LIST=PHP_PACKAGES_$VERSION
echo ::set-output name=php_packages::${!PACKAGE_LIST}
- name: Show mangled envs
run: |
echo "Packages to be installed:"
echo ${{ steps.vars.outputs.php_packages }}
- uses: actions/github-script@v3
name: Build Args
id: build_args
with:
result-encoding: string
script: return `PHP_VERSION=${{ matrix.version }}\nPHP_CORE_VERSION=benzine/php:core-${{ matrix.version }}`
- uses: actions/checkout@v4
with:
sparse-checkout: php
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v5
name: "Build: Build & Push"
with:
context: php
file: php/Dockerfile.Flavours
target: php-${{ matrix.variant }}
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ !env.ACT && true || false }}
tags: |
ghcr.io/benzine-framework/php:${{ matrix.variant }}-${{ matrix.version }}
gone/php:${{ matrix.variant }}-${{ matrix.version }}
benzine/php:${{ matrix.variant }}-${{ matrix.version }}
build-args: |
${{ steps.build_args.outputs.result }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}

49
.github/workflows/php-vanity-tags.yml vendored
View file

@ -1,49 +0,0 @@
name: Build PHP Vanity Tags
on:
workflow_dispatch:
workflow_run:
workflows:
- Build PHP Flavours
branches: [ 'master', 'feature/**' ]
types:
- completed
jobs:
php-vanity-tags:
name: Vanity Tags
runs-on: ubuntu-latest
env:
latest-stable-version: "8.3"
base_tag: "benzine/php"
strategy:
fail-fast: false
matrix:
variant:
- cli
- nginx
- apache
output_tag:
- "benzine/php"
- "gone/php"
- "ghcr.io/benzine-framework/php"
steps:
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Retag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:${{ matrix.variant }}"
run: |
docker pull ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }}
docker tag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} ${{ matrix.output_tag }}:${{ matrix.variant }}
docker push ${{ matrix.output_tag }}:${{ matrix.variant }}

135
.github/workflows/php-core.yml → .github/workflows/php.yml vendored
View file

@ -1,30 +1,28 @@
name: Build PHP Core name: Build PHP Core
on: on:
push: workflow_call:
paths:
- 'php/core/**'
- 'php/Dockerfile.Core'
pull_request:
branches:
- '!dependabot/**'
workflow_dispatch: workflow_dispatch:
workflow_run:
workflows: permissions:
- Build Marshall contents: read
branches: [ 'master', 'feature/**' ] packages: write
types:
- completed env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
php-flavours-build:
php-core-build: name: "Build PHP Flavours"
name: "Build PHP Core"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
max-parallel: 15
fail-fast: false fail-fast: false
max-parallel: 15
matrix: matrix:
variant:
- cli
- nginx
- apache
version: version:
- "7.0" - "7.0"
- "7.1" - "7.1"
@ -45,17 +43,19 @@ jobs:
PHP_PACKAGES_81: git htop mariadb-client php8.1-apcu php8.1-bcmath php8.1-bz2 php8.1-cli php8.1-curl php8.1-gd php8.1-imap php8.1-imagick php8.1-intl php8.1-ldap php8.1-mailparse php8.1-mbstring php8.1-memcache php8.1-mongodb php8.1-mysql php8.1-opcache php8.1-pgsql php8.1-phpdbg php8.1-pspell php8.1-redis php8.1-soap php8.1-sqlite php8.1-xdebug php8.1-xml php8.1-zip postgresql-client PHP_PACKAGES_81: git htop mariadb-client php8.1-apcu php8.1-bcmath php8.1-bz2 php8.1-cli php8.1-curl php8.1-gd php8.1-imap php8.1-imagick php8.1-intl php8.1-ldap php8.1-mailparse php8.1-mbstring php8.1-memcache php8.1-mongodb php8.1-mysql php8.1-opcache php8.1-pgsql php8.1-phpdbg php8.1-pspell php8.1-redis php8.1-soap php8.1-sqlite php8.1-xdebug php8.1-xml php8.1-zip postgresql-client
PHP_PACKAGES_82: git htop mariadb-client php8.2-apcu php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-curl php8.2-gd php8.2-imap php8.2-imagick php8.2-intl php8.2-ldap php8.2-mailparse php8.2-mbstring php8.2-memcache php8.2-mongodb php8.2-mysql php8.2-opcache php8.2-pgsql php8.2-phpdbg php8.2-pspell php8.2-redis php8.2-soap php8.2-sqlite php8.2-xdebug php8.2-xml php8.2-zip postgresql-client PHP_PACKAGES_82: git htop mariadb-client php8.2-apcu php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-curl php8.2-gd php8.2-imap php8.2-imagick php8.2-intl php8.2-ldap php8.2-mailparse php8.2-mbstring php8.2-memcache php8.2-mongodb php8.2-mysql php8.2-opcache php8.2-pgsql php8.2-phpdbg php8.2-pspell php8.2-redis php8.2-soap php8.2-sqlite php8.2-xdebug php8.2-xml php8.2-zip postgresql-client
PHP_PACKAGES_83: git htop mariadb-client php8.3-apcu php8.3-bcmath php8.3-bz2 php8.3-cli php8.3-curl php8.3-gd php8.3-imap php8.3-imagick php8.3-intl php8.3-ldap php8.3-mailparse php8.3-mbstring php8.3-memcache php8.3-mongodb php8.3-mysql php8.3-opcache php8.3-pgsql php8.3-phpdbg php8.3-pspell php8.3-redis php8.3-soap php8.3-sqlite php8.3-xdebug php8.3-xml php8.3-zip postgresql-client PHP_PACKAGES_83: git htop mariadb-client php8.3-apcu php8.3-bcmath php8.3-bz2 php8.3-cli php8.3-curl php8.3-gd php8.3-imap php8.3-imagick php8.3-intl php8.3-ldap php8.3-mailparse php8.3-mbstring php8.3-memcache php8.3-mongodb php8.3-mysql php8.3-opcache php8.3-pgsql php8.3-phpdbg php8.3-pspell php8.3-redis php8.3-soap php8.3-sqlite php8.3-xdebug php8.3-xml php8.3-zip postgresql-client
COMPOSER_UPDATE_FLAGS_70: --2.2 COMPOSER_VERSION_70: 2.2.22
COMPOSER_UPDATE_FLAGS_71: --2.2 COMPOSER_VERSION_71: 2.2.22
steps: steps:
- name: Mangle Envs - name: Interpolate Envs
id: vars id: vars
run: | run: |
{
VERSION=$(echo "${{ matrix.version }}" | tr -d '.') VERSION=$(echo "${{ matrix.version }}" | tr -d '.')
PACKAGE_LIST=PHP_PACKAGES_$VERSION PACKAGE_LIST=PHP_PACKAGES_$VERSION
echo ::set-output name=php_packages::${!PACKAGE_LIST} echo php_packages=${!PACKAGE_LIST}
COMPOSER_UPDATE_FLAGS=COMPOSER_UPDATE_FLAGS_$VERSION COMPOSER_VERSION=COMPOSER_VERSION_$VERSION
echo ::set-output name=composer_update_flags::${!COMPOSER_UPDATE_FLAGS} echo composer_version=${!COMPOSER_VERSION:-"latest-stable"}
} >> "$GITHUB_OUTPUT"
- name: Show mangled envs - name: Show mangled envs
run: | run: |
@ -67,43 +67,94 @@ jobs:
id: build_args id: build_args
with: with:
result-encoding: string result-encoding: string
script: return `PHP_PACKAGES=${{ steps.vars.outputs.php_packages }}\nPHP_VERSION=${{ matrix.version }}\nPHP_CORE_VERSION=benzine/php:core-${{ matrix.version }}\nCOMPOSER_UPDATE_FLAGS=${{ steps.vars.outputs.composer_update_flags }}` script: return `PHP_PACKAGES=${{ steps.vars.outputs.php_packages }}\nPHP_VERSION=${{ matrix.version }}\nCOMPOSER_VERSION=${{ steps.vars.outputs.composer_version }}`
- uses: actions/checkout@v4
with:
sparse-checkout: php
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub" - name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR" - name: "Setup: Login to GHCR"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }} username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }} password: ${{ secrets.GHCR_PASSWORD }}
- name: "Build: Build & Push" - uses: actions/checkout@v4
uses: docker/build-push-action@v5 with:
sparse-checkout: php
- uses: docker/build-push-action@v5
name: "Build: Build & Push"
with: with:
context: php context: php
file: php/Dockerfile.Core target: php-${{ matrix.variant }}
target: php-core
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true pull: true
push: ${{ !env.ACT && true || false }} push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
ghcr.io/benzine-framework/php:core-${{ matrix.version }} ghcr.io/benzine-framework/php:${{ matrix.variant }}-${{ matrix.version }}
gone/php:core-${{ matrix.version }} gone/php:${{ matrix.variant }}-${{ matrix.version }}
benzine/php:core-${{ matrix.version }} benzine/php:${{ matrix.variant }}-${{ matrix.version }}
build-args: | build-args: |
${{ steps.build_args.outputs.result }} ${{ steps.build_args.outputs.result }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }} cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }} cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}
build-contexts: |
marshall:build=docker-image://ghcr.io/benzine-framework/marshall:focal
- name: "Validate build"
shell: bash
run: |
docker \
run \
--rm \
ghcr.io/benzine-framework/php:${{ matrix.variant }}-${{ matrix.version }} \
/usr/bin/install-report
php-vanity-tags:
name: Vanity Tags
runs-on: ubuntu-latest
needs:
- php-flavours-build
env:
latest-stable-version: "8.3"
base_tag: "ghcr.io/benzine-framework/php"
strategy:
fail-fast: false
matrix:
variant:
- cli
- nginx
- apache
output_tag:
- "benzine/php"
- "gone/php"
- "ghcr.io/benzine-framework/php"
steps:
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Retag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:${{ matrix.variant }}"
if: ${{ github.ref == 'refs/heads/main' }}
shell: bash
run: |
docker pull ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }}
docker tag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} ${{ matrix.output_tag }}:${{ matrix.variant }}
docker push ${{ matrix.output_tag }}:${{ matrix.variant }}

48
.github/workflows/redis.yml vendored
View file

@ -1,25 +1,22 @@
name: Build Redis name: Build Redis
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'redis/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
redis-build: redis-build:
name: "Redis with Healthchecks" name: "Build"
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false
max-parallel: 15 max-parallel: 15
matrix: matrix:
redis: redis:
@ -30,13 +27,11 @@ jobs:
- 6-alpine - 6-alpine
- 6-buster - 6-buster
- 6.0 - 6.0
- 6.1
- 6.2 - 6.2
- 7 - 7
- 7-alpine - 7-alpine
- 7-bookworm - 7-bookworm
- 7.0 - 7.0
- 7.1
- 7.2 - 7.2
- latest - latest
steps: steps:
@ -56,17 +51,16 @@ jobs:
redis redis
- name: "Setup: Login to Docker Hub" - name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }} uses: docker/login-action@v3
uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }} password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR" - name: "Setup: Login to GHCR"
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }} username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }} password: ${{ secrets.GHCR_PASSWORD }}
- name: "Build: Build Redis with Healthchecks" - name: "Build: Build Redis with Healthchecks"
@ -74,14 +68,14 @@ jobs:
with: with:
context: redis context: redis
build-contexts: | build-contexts: |
redis=docker-image://redis:${{ matrix.redis }} redis:version=docker-image://redis:${{ matrix.redis }}
build-args: |
HEALTH_INTERVAL=10s
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }} platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true pull: true
push: ${{ !env.ACT && true || false }} push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
${{ !env.ACT && format('benzine/redis:{0}',matrix.redis) || '' }}
${{ format('ghcr.io/benzine-framework/redis:{0}', matrix.redis) }} ${{ format('ghcr.io/benzine-framework/redis:{0}', matrix.redis) }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }} ${{ env.should_push && format('benzine/redis:{0}',matrix.redis) || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }} cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}

85
.github/workflows/swarm-monitor.yml vendored
View file

@ -1,24 +1,85 @@
name: Build Swarm Monitor name: Build Swarm Monitor
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'swarm-monitor/**'
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
swarm-monitor-build: swarm-monitor-build:
name: Build Swarm Monitor name: Build Swarm Monitor
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
component:
- agent
- stats
steps: steps:
- name: Git Checkout - name: "Setup: PHP"
uses: actions/checkout@v3 uses: shivammathur/setup-php@v2
- uses: docker/login-action@v2
name: Login to Docker Hub
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} php-version: 8.1
password: ${{ secrets.DOCKER_HUB_PASSWORD }} env:
- name: Bake runner: self-hosted
working-directory: swarm-monitor
run: docker buildx bake --push
- name: "Setup: Setup QEMU"
uses: docker/setup-qemu-action@v2
- name: "Setup: Expose GitHub Runtime"
uses: crazy-max/ghaction-github-runtime@v3
- name: "Setup: Setup Docker Buildx"
uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Setup: Checkout Source"
uses: actions/checkout@v4
with:
sparse-checkout: |
swarm-monitor
- name: "Setup: Configure Cache"
uses: actions/cache@v4
with:
path: swarm-monitor
key: ${{ runner.os }}-swarm-monitor-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-swarm-monitor-composer-
- name: "Dependencies: Composer Install"
working-directory: swarm-monitor
run: composer install --ignore-platform-reqs
- name: "Build: Build & Push Image"
uses: docker/build-push-action@v5
with:
context: swarm-monitor
target: swarm-${{ matrix.component }}
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ env.should_push && !env.ACT }}
tags: |
matthewbaggett/swarm-agent:${{ matrix.component }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=/tmp' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=/tmp' }}
build-contexts: |
php:cli=docker-image://ghcr.io/benzine-framework/php:cli-8.2

24
.github/workflows/trunk.cache.yml vendored Normal file
View file

@ -0,0 +1,24 @@
name: Trunk Cache
on:
push:
branches: [main]
paths: [.trunk/trunk.yaml]
workflow_dispatch:
permissions: read-all
jobs:
trunk-cache:
name: Trunk Cache
runs-on: self-hosted
permissions:
actions: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trunk Check
uses: trunk-io/trunk-action@v1
with:
check-mode: populate_cache_only

27
.github/workflows/trunk.check.yml vendored Normal file
View file

@ -0,0 +1,27 @@
name: Code Quality Check (Trunk)
on:
workflow_call:
workflow_dispatch:
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
trunk-check:
name: Trunk Check Runner
runs-on: self-hosted
permissions:
checks: write # For trunk to post annotations
contents: read # For repo checkout
steps:
- name: Checkout
if: ${{ !env.ACT }}
uses: actions/checkout@v4
- name: Trunk Check
if: ${{ !env.ACT }}
uses: trunk-io/trunk-action@v1

26
.github/workflows/wordpress.yml vendored
View file

@ -1,20 +1,16 @@
name: Build Wordpress Container name: Build Wordpress Container
permissions:
contents: read
packages: write
on: on:
push: workflow_call:
paths:
- 'wordpress/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Vanity Tags
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_dispatch: workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs: jobs:
wordpress-build: wordpress-build:
name: "Bake Wordpress Container" name: "Bake Wordpress Container"
@ -23,7 +19,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2 - uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2 - uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2 - uses: docker/login-action@v3
name: Login to Docker Hub name: Login to Docker Hub
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -34,6 +30,8 @@ jobs:
context: wordpress context: wordpress
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
pull: true pull: true
push: true push: ${{ env.should_push && !env.ACT }}
tags: | tags: |
matthewbaggett/wordpress matthewbaggett/wordpress
build-contexts: |
php:nginx=docker-image://ghcr.io/benzine-framework/php:nginx-8.2

2
.gitignore vendored
View file

@ -1,4 +1,4 @@
.idea .idea
/.php-cs-fixer.cache /.php-cs-fixer.cache
/.github/cache /.github/cache
/.act-secrets /.secrets

7
.gitleaksignore Normal file
View file

@ -0,0 +1,7 @@
948b6fc9559ec3be24a1200a246044d343efa86c:bouncer/grey-ooo-test.yml:generic-api-key:15
a1a6c22a080fe58f80183f3737972155fc9c8220:bouncer/grey-ooo-test.yml:generic-api-key:15
919a1b9eefe9291ab0d174c12eb80008da5dfe94:aio/docker-compose.yml:generic-api-key:15
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/grey-ooo-test.yml:generic-api-key:13
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/self-signed-certificates/example.key:private-key:1
1b657b62e8a9036e608e3867cd0da4857f9478ca:php/self-signed-certificates/example.key:private-key:1
25fd34861ee2e2475b1c64de47e9aa54dea80a0e:php/self-signed-certificates/example.key:private-key:1

2
.trivyignore Normal file
View file

@ -0,0 +1,2 @@
AVD-DS-0001
AVD-DS-0002

9
.trunk/.gitignore vendored Normal file
View file

@ -0,0 +1,9 @@
*out
*logs
*actions
*notifications
*tools
plugins
user_trunk.yaml
user.yaml
tmp

7
.trunk/configs/.gitleaksignore Normal file
View file

@ -0,0 +1,7 @@
948b6fc9559ec3be24a1200a246044d343efa86c:bouncer/grey-ooo-test.yml:generic-api-key:15
a1a6c22a080fe58f80183f3737972155fc9c8220:bouncer/grey-ooo-test.yml:generic-api-key:15
919a1b9eefe9291ab0d174c12eb80008da5dfe94:aio/docker-compose.yml:generic-api-key:15
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/grey-ooo-test.yml:generic-api-key:13
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/self-signed-certificates/example.key:private-key:1
1b657b62e8a9036e608e3867cd0da4857f9478ca:php/self-signed-certificates/example.key:private-key:1
25fd34861ee2e2475b1c64de47e9aa54dea80a0e:php/self-signed-certificates/example.key:private-key:1

1
.hadolint.yaml → .trunk/configs/.hadolint.yaml
View file

@ -2,3 +2,4 @@ ignored:
- DL3006 - DL3006
- DL3008 - DL3008
- SC2043 - SC2043
- SC2312

10
.trunk/configs/.markdownlint.yaml Normal file
View file

@ -0,0 +1,10 @@
# Autoformatter friendly markdownlint config (all formatting rules disabled)
default: true
blank_lines: false
bullet: false
html: false
indentation: false
line_length: false
spaces: false
url: false
whitespace: false

0
.github/cache/act/actions/.gitkeep → .trunk/configs/.shellcheck
View file

7
.trunk/configs/.shellcheckrc Normal file
View file

@ -0,0 +1,7 @@
enable=all
source-path=SCRIPTDIR
disable=SC2154
# If you're having issues with shellcheck following source, disable the errors via:
# disable=SC1090
# disable=SC1091

2
.trunk/configs/.trivyignore Normal file
View file

@ -0,0 +1,2 @@
AVD-DS-0001
AVD-DS-0002

8
.trunk/configs/.yamllint.yaml Normal file
View file

@ -0,0 +1,8 @@
---
extends: relaxed
rules:
empty-values:
ignore:
- .github/workflows/*.yml
document-start: disable
line-length: disable

96
.trunk/trunk.yaml Normal file
View file

@ -0,0 +1,96 @@
# This file controls the behavior of Trunk: https://docs.trunk.io/cli
# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
version: 0.1
cli:
version: 1.19.0
shell_hooks:
enforce: true
# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
plugins:
sources:
- id: trunk
ref: v1.4.2
uri: https://github.com/trunk-io/plugins
# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
runtimes:
enabled:
- go@1.21.0
- node@18.12.1
- python@3.10.8
# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
lint:
disabled:
- terrascan
enabled:
- gitleaks@8.18.1
- actionlint@1.6.26
- checkov@3.2.2
- git-diff-check
- hadolint@2.12.0
- markdownlint@0.39.0
- osv-scanner@1.6.2
- prettier@3.2.4
- shellcheck@0.9.0
- shfmt@3.6.0
- trivy@0.48.3
- trufflehog@3.66.2
- yamllint@1.33.0
ignore:
- linters: [markdownlint]
paths:
- "**/LICENCE.md"
- "**/LICENSE.md"
- "**/CODE_OF_CONDUCT.md"
actions:
enabled:
- trunk-announce
- trunk-check-pre-push
- trunk-fmt-pre-commit
- trunk-upgrade-available
tools:
enabled:
- jq@jq-1.7.1
- gh@2.43.1
- act@0.2.59
- terraform@1.7.2
definitions:
- name: gh
download: gh
known_good_version: 2.27.0
environment:
- name: PATH
list: ["${tool}/bin"]
shims: [gh]
downloads:
- name: gh
downloads:
- os:
linux: linux
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.tar.gz
strip_components: 1
- os:
windows: windows
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.zip
strip_components: 1
# macOS releases since 2.28.0 started using .zip instead of .tar.gz
- os:
macos: macOS
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.zip
strip_components: 1
version: ">=2.28.0"
- os:
macos: macOS
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.tar.gz
strip_components: 1

18
Readme.md Normal file
View file

@ -0,0 +1,18 @@
# Benzine Docker Containers
This repository contains the Dockerfiles for the Benzine containers.
| Container | Tags | Build status | Description |
| -------------- | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
| PHP 8.3 CLI | <ul><li>benzine/php:cli-8.3</li><li>ghcr.io/benzine-framework/php:cli-8.3</li></ul> | [PHP 8.3 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.3 CLI container built atop Runit |
| PHP 8.2 CLI | <ul><li>benzine/php:cli-8.2</li><li>ghcr.io/benzine-framework/php:cli-8.2</li></ul> | [PHP 8.2 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.2 CLI container built atop Runit |
| PHP 8.1 CLI | <ul><li>benzine/php:cli-8.1</li><li>ghcr.io/benzine-framework/php:cli-8.1</li></ul> | [PHP 8.1 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.1 CLI container built atop Runit |
| PHP 7.4 CLI | <ul><li>benzine/php:cli-7.4</li><li>ghcr.io/benzine-framework/php:cli-7.4</li></ul> | [PHP 7.4 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 7.4 CLI container built atop Runit |
| PHP 8.3 NGINX | <ul><li>benzine/php:nginx-8.3</li><li>ghcr.io/benzine-framework/php:nginx-8.3</li></ul> | [PHP 8.3 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.3 NGINX container built atop Runit |
| PHP 8.2 NGINX | <ul><li>benzine/php:nginx-8.2</li><li>ghcr.io/benzine-framework/php:nginx-8.2</li></ul> | [PHP 8.2 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.2 NGINX container built atop Runit |
| PHP 8.1 NGINX | <ul><li>benzine/php:nginx-8.1</li><li>ghcr.io/benzine-framework/php:nginx-8.1</li></ul> | [PHP 8.1 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.1 NGINX container built atop Runit |
| PHP 7.4 NGINX | <ul><li>benzine/php:nginx-7.4</li><li>ghcr.io/benzine-framework/php:nginx-7.4</li></ul> | [PHP 7.4 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 7.4 NGINX container built atop Runit |
| PHP 8.3 Apache | <ul><li>benzine/php:apache-8.3</li><li>ghcr.io/benzine-framework/php:apache-8.3</li></ul> | [PHP 8.3 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.3 Apache container built atop Runit |
| PHP 8.2 Apache | <ul><li>benzine/php:apache-8.2</li><li>ghcr.io/benzine-framework/php:apache-8.2</li></ul> | [PHP 8.2 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.2 Apache container built atop Runit |
| PHP 8.1 Apache | <ul><li>benzine/php:apache-8.1</li><li>ghcr.io/benzine-framework/php:apache-8.1</li></ul> | [PHP 8.1 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.1 Apache container built atop Runit |
| PHP 7.4 Apache | <ul><li>benzine/php:apache-7.4</li><li>ghcr.io/benzine-framework/php:apache-7.4</li></ul> | [PHP 7.4 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 7.4 Apache container built atop Runit |

28
bouncer/Dockerfile
View file

@ -1,10 +1,13 @@
FROM benzine/php:cli-8.1 as bouncer FROM php:cli as bouncer
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker" org.opencontainers.image.source="https://github.com/benzine-framework/docker"
USER root
# ts:skip=AC_DOCKER_0002 Mis-detecting usage of apt instead of apt-get
# Install nginx, certbot # Install nginx, certbot
RUN apt-get -qq update && \ RUN adduser bouncer && \
apt-get -qq update && \
# Install pre-dependencies to use apt-key. # Install pre-dependencies to use apt-key.
apt-get -yqq install --no-install-recommends \ apt-get -yqq install --no-install-recommends \
lsb-core \ lsb-core \
@ -38,6 +41,7 @@ COPY self-signed-certificates /certs
# Install runits for services # Install runits for services
COPY nginx.runit /etc/service/nginx/run COPY nginx.runit /etc/service/nginx/run
COPY logs.runit /etc/service/nginx-logs/run COPY logs.runit /etc/service/nginx-logs/run
COPY logs.finish /etc/service/nginx-logs/finish
COPY bouncer.runit /etc/service/bouncer/run COPY bouncer.runit /etc/service/bouncer/run
COPY bouncer.finish /etc/service/bouncer/finish COPY bouncer.finish /etc/service/bouncer/finish
COPY logs-nginx-access.runit /etc/service/logs-nginx-access/run COPY logs-nginx-access.runit /etc/service/logs-nginx-access/run
@ -70,6 +74,20 @@ RUN chmod +x /app/bin/bouncer
VOLUME /etc/letsencrypt VOLUME /etc/letsencrypt
VOLUME /var/log/bouncer VOLUME /var/log/bouncer
# Expose ports
EXPOSE 80
EXPOSE 443
# Down-privelege to bouncer
USER bouncer
# Install Composer dependencies even though we don't need to, it should be done in the build process
RUN composer install
# Set a healthcheck to curl the bouncer and expect a 200
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1
# stuff some envs from build # stuff some envs from build
ARG BUILD_DATE ARG BUILD_DATE
ARG GIT_SHA ARG GIT_SHA
@ -80,10 +98,16 @@ ENV BUILD_DATE=${BUILD_DATE} \
FROM benzine/php:nginx-8.1 as test-app-a FROM benzine/php:nginx-8.1 as test-app-a
COPY ./test/public-web-a /app/public COPY ./test/public-web-a /app/public
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1
FROM benzine/php:nginx-8.1 as test-app-b FROM benzine/php:nginx-8.1 as test-app-b
COPY ./test/public-web-b /app/public COPY ./test/public-web-b /app/public
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1
FROM benzine/php:nginx-8.1 as test-app-c FROM benzine/php:nginx-8.1 as test-app-c
COPY ./test/public-web-c /app/public COPY ./test/public-web-c /app/public
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1

15
bouncer/Readme.md
View file

@ -1,13 +1,16 @@
# Automatic Swarm Nginx Load Balancer # Automatic Swarm Nginx Load Balancer
## Environment variables ## Environment variables
This container has its own environment variables, AS WELL AS scanning for some environment variables associated with your services. This container has its own environment variables, AS WELL AS scanning for some environment variables associated with your services.
These should not be confused. These should not be confused.
### Load Balancer Configuration ### Load Balancer Configuration
#### Main configuration #### Main configuration
| Key | Default | Options | Behaviour | | Key | Default | Options | Behaviour |
|-----------------------------------------------|-------------------------------------------------|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | --------------------------------------------- | ----------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- |
| DOCKER_HOST | false | | Define a http endpoint representing your docker socket. If this is null, it connects to /var/lib/docker.sock | | DOCKER_HOST | false | | Define a http endpoint representing your docker socket. If this is null, it connects to /var/lib/docker.sock |
| GLOBAL_CERT | false | Contents of an ssl certificate | If you want to provide a single cert for all endpoints, perhaps with a catch-all that may be later overriden, you can provide the whole contents of a certificates file here. | | GLOBAL_CERT | false | Contents of an ssl certificate | If you want to provide a single cert for all endpoints, perhaps with a catch-all that may be later overriden, you can provide the whole contents of a certificates file here. |
| GLOBAL_CERT_KEY | false | Contents of an ssl certificates private key | The private key related to GLOBAL CERT. These must be provided in tandem. | | GLOBAL_CERT_KEY | false | Contents of an ssl certificates private key | The private key related to GLOBAL CERT. These must be provided in tandem. |
@ -21,14 +24,16 @@ These should not be confused.
| LOG_COLOUR | true | true, false | Whether to colourise the log output sent to stdout. | | | LOG_COLOUR | true | true, false | Whether to colourise the log output sent to stdout. | |
#### For using with Lets Encrypt:tm: #### For using with Lets Encrypt:tm:
| Key | Default | Options | Behaviour | | Key | Default | Options | Behaviour |
|---------------------------|-----------|---------------------------|--------------------------------------------------------------------------------------| | ------------------------- | --------- | ------------------------- | ------------------------------------------------------------------------------------ |
| BOUNCER_LETSENCRYPT_MODE | 'staging' | 'staging' or 'production' | Determine if this is going to connect to a production or staging Lets Encrypt server | | BOUNCER_LETSENCRYPT_MODE | 'staging' | 'staging' or 'production' | Determine if this is going to connect to a production or staging Lets Encrypt server |
| BOUNCER_LETSENCRYPT_EMAIL | | 'bob@example.com' | Email address to associate with lets encrypt | | BOUNCER_LETSENCRYPT_EMAIL | | 'bob@example.com' | Email address to associate with lets encrypt |
#### For using S3-compatable storage for generated cert synchronisation with Lets Encrypt #### For using S3-compatable storage for generated cert synchronisation with Lets Encrypt
| Key | Default | Options | Behaviour | | Key | Default | Options | Behaviour |
|------------------------------------|---------|-----------------|---------------------------------------------------------------------------------------| | ---------------------------------- | ------- | --------------- | ------------------------------------------------------------------------------------- | --- |
| BOUNCER_S3_BUCKET | false | | enable S3 behaviour to store lets-encrypt generated certs | | BOUNCER_S3_BUCKET | false | | enable S3 behaviour to store lets-encrypt generated certs |
| BOUNCER_S3_ENDPOINT | false | | define s3 endpoint to override default AWS s3 implementation, for example, with minio | | BOUNCER_S3_ENDPOINT | false | | define s3 endpoint to override default AWS s3 implementation, for example, with minio |
| BOUNCER_S3_KEY_ID | false | | S3 API Key ID | | | BOUNCER_S3_KEY_ID | false | | S3 API Key ID | |
@ -38,10 +43,11 @@ These should not be confused.
| BOUNCER_S3_PREFIX | false | | Prefix file path in s3 bucket | | BOUNCER_S3_PREFIX | false | | Prefix file path in s3 bucket |
### Served Instance Configuration ### Served Instance Configuration
These environment variables need to be applied to the CONSUMING SERVICE and not the loadbalancer container itself. These environment variables need to be applied to the CONSUMING SERVICE and not the loadbalancer container itself.
| Key | Example | Behaviour | | Key | Example | Behaviour |
|--------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ------------------------------ | ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| BOUNCER_DOMAIN | "a.example.com" | The domain that should be directed to this container | | BOUNCER_DOMAIN | "a.example.com" | The domain that should be directed to this container |
| BOUNCER_LABEL | "MyService" | The label that should be directed to this container | | BOUNCER_LABEL | "MyService" | The label that should be directed to this container |
| BOUNCER_AUTH | "username:password" e.g "root:toor" | Add a HTTP BASIC auth requirement to this hostname. | | BOUNCER_AUTH | "username:password" e.g "root:toor" | Add a HTTP BASIC auth requirement to this hostname. |
@ -54,4 +60,5 @@ These environment variables need to be applied to the CONSUMING SERVICE and not
| BOUNCER_MAX_PAYLOADS_MEGABYTES | numbers | Size of max payload to allow, in megabytes. Requires BOUNCER_ALLOW_LARGE_PAYLOADS to be enabled | | BOUNCER_MAX_PAYLOADS_MEGABYTES | numbers | Size of max payload to allow, in megabytes. Requires BOUNCER_ALLOW_LARGE_PAYLOADS to be enabled |
## Security considerations ## Security considerations
If you're putting this behind access control to the docker socket, it will need access to the /swarm /services and /containers endpoints of the docker api. If you're putting this behind access control to the docker socket, it will need access to the /swarm /services and /containers endpoints of the docker api.

4
bouncer/bouncer.finish Normal file → Executable file
View file

@ -1,2 +1,2 @@
#!/bin/bash #!/usr/bin/env bash
sleep 5; sleep 5

134
bouncer/composer.lock generated
View file

@ -107,16 +107,16 @@
}, },
{ {
"name": "aws/aws-sdk-php", "name": "aws/aws-sdk-php",
"version": "3.297.0", "version": "3.298.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/aws/aws-sdk-php.git", "url": "https://github.com/aws/aws-sdk-php.git",
"reference": "ad1f7be78d74d48628a6fe345818ce53bae64169" "reference": "55536f81006d8721c51e342d638e7ccc3529e754"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/ad1f7be78d74d48628a6fe345818ce53bae64169", "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/55536f81006d8721c51e342d638e7ccc3529e754",
"reference": "ad1f7be78d74d48628a6fe345818ce53bae64169", "reference": "55536f81006d8721c51e342d638e7ccc3529e754",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -196,9 +196,9 @@
"support": { "support": {
"forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80", "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
"issues": "https://github.com/aws/aws-sdk-php/issues", "issues": "https://github.com/aws/aws-sdk-php/issues",
"source": "https://github.com/aws/aws-sdk-php/tree/3.297.0" "source": "https://github.com/aws/aws-sdk-php/tree/3.298.0"
}, },
"time": "2024-01-24T19:09:39+00:00" "time": "2024-01-31T19:06:05+00:00"
}, },
{ {
"name": "bramus/ansi-php", "name": "bramus/ansi-php",
@ -921,16 +921,16 @@
}, },
{ {
"name": "league/mime-type-detection", "name": "league/mime-type-detection",
"version": "1.14.0", "version": "1.15.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/thephpleague/mime-type-detection.git", "url": "https://github.com/thephpleague/mime-type-detection.git",
"reference": "b6a5854368533df0295c5761a0253656a2e52d9e" "reference": "ce0f4d1e8a6f4eb0ddff33f57c69c50fd09f4301"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/thephpleague/mime-type-detection/zipball/b6a5854368533df0295c5761a0253656a2e52d9e", "url": "https://api.github.com/repos/thephpleague/mime-type-detection/zipball/ce0f4d1e8a6f4eb0ddff33f57c69c50fd09f4301",
"reference": "b6a5854368533df0295c5761a0253656a2e52d9e", "reference": "ce0f4d1e8a6f4eb0ddff33f57c69c50fd09f4301",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -961,7 +961,7 @@
"description": "Mime-type detection for Flysystem", "description": "Mime-type detection for Flysystem",
"support": { "support": {
"issues": "https://github.com/thephpleague/mime-type-detection/issues", "issues": "https://github.com/thephpleague/mime-type-detection/issues",
"source": "https://github.com/thephpleague/mime-type-detection/tree/1.14.0" "source": "https://github.com/thephpleague/mime-type-detection/tree/1.15.0"
}, },
"funding": [ "funding": [
{ {
@ -973,7 +973,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-10-17T14:13:20+00:00" "time": "2024-01-28T23:22:08+00:00"
}, },
{ {
"name": "monolog/monolog", "name": "monolog/monolog",
@ -1144,16 +1144,16 @@
}, },
{ {
"name": "nesbot/carbon", "name": "nesbot/carbon",
"version": "2.72.2", "version": "2.72.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/briannesbitt/Carbon.git", "url": "https://github.com/briannesbitt/Carbon.git",
"reference": "3e7edc41b58d65509baeb0d4a14c8fa41d627130" "reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/3e7edc41b58d65509baeb0d4a14c8fa41d627130", "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/0c6fd108360c562f6e4fd1dedb8233b423e91c83",
"reference": "3e7edc41b58d65509baeb0d4a14c8fa41d627130", "reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -1247,7 +1247,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2024-01-19T00:21:53+00:00" "time": "2024-01-25T10:35:09+00:00"
}, },
{ {
"name": "phpspec/php-diff", "name": "phpspec/php-diff",
@ -1975,16 +1975,16 @@
}, },
{ {
"name": "symfony/translation", "name": "symfony/translation",
"version": "v6.4.2", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/translation.git", "url": "https://github.com/symfony/translation.git",
"reference": "a2ab2ec1a462e53016de8e8d5e8912bfd62ea681" "reference": "637c51191b6b184184bbf98937702bcf554f7d04"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/translation/zipball/a2ab2ec1a462e53016de8e8d5e8912bfd62ea681", "url": "https://api.github.com/repos/symfony/translation/zipball/637c51191b6b184184bbf98937702bcf554f7d04",
"reference": "a2ab2ec1a462e53016de8e8d5e8912bfd62ea681", "reference": "637c51191b6b184184bbf98937702bcf554f7d04",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2007,7 +2007,7 @@
"symfony/translation-implementation": "2.3|3.0" "symfony/translation-implementation": "2.3|3.0"
}, },
"require-dev": { "require-dev": {
"nikic/php-parser": "^4.13", "nikic/php-parser": "^4.18|^5.0",
"psr/log": "^1|^2|^3", "psr/log": "^1|^2|^3",
"symfony/config": "^5.4|^6.0|^7.0", "symfony/config": "^5.4|^6.0|^7.0",
"symfony/console": "^5.4|^6.0|^7.0", "symfony/console": "^5.4|^6.0|^7.0",
@ -2050,7 +2050,7 @@
"description": "Provides tools to internationalize your application", "description": "Provides tools to internationalize your application",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/translation/tree/v6.4.2" "source": "https://github.com/symfony/translation/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -2066,7 +2066,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-12-18T09:25:29+00:00" "time": "2024-01-29T13:11:52+00:00"
}, },
{ {
"name": "symfony/translation-contracts", "name": "symfony/translation-contracts",
@ -2148,16 +2148,16 @@
}, },
{ {
"name": "symfony/yaml", "name": "symfony/yaml",
"version": "v6.4.0", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/yaml.git", "url": "https://github.com/symfony/yaml.git",
"reference": "4f9237a1bb42455d609e6687d2613dde5b41a587" "reference": "d75715985f0f94f978e3a8fa42533e10db921b90"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/4f9237a1bb42455d609e6687d2613dde5b41a587", "url": "https://api.github.com/repos/symfony/yaml/zipball/d75715985f0f94f978e3a8fa42533e10db921b90",
"reference": "4f9237a1bb42455d609e6687d2613dde5b41a587", "reference": "d75715985f0f94f978e3a8fa42533e10db921b90",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2200,7 +2200,7 @@
"description": "Loads and dumps YAML files", "description": "Loads and dumps YAML files",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/yaml/tree/v6.4.0" "source": "https://github.com/symfony/yaml/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -2216,7 +2216,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-11-06T11:00:25+00:00" "time": "2024-01-23T14:51:35+00:00"
}, },
{ {
"name": "twig/twig", "name": "twig/twig",
@ -2773,16 +2773,16 @@
}, },
{ {
"name": "symfony/console", "name": "symfony/console",
"version": "v6.4.2", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/console.git", "url": "https://github.com/symfony/console.git",
"reference": "0254811a143e6bc6c8deea08b589a7e68a37f625" "reference": "2aaf83b4de5b9d43b93e4aec6f2f8b676f7c567e"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/0254811a143e6bc6c8deea08b589a7e68a37f625", "url": "https://api.github.com/repos/symfony/console/zipball/2aaf83b4de5b9d43b93e4aec6f2f8b676f7c567e",
"reference": "0254811a143e6bc6c8deea08b589a7e68a37f625", "reference": "2aaf83b4de5b9d43b93e4aec6f2f8b676f7c567e",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2847,7 +2847,7 @@
"terminal" "terminal"
], ],
"support": { "support": {
"source": "https://github.com/symfony/console/tree/v6.4.2" "source": "https://github.com/symfony/console/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -2863,20 +2863,20 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-12-10T16:15:48+00:00" "time": "2024-01-23T14:51:35+00:00"
}, },
{ {
"name": "symfony/event-dispatcher", "name": "symfony/event-dispatcher",
"version": "v6.4.2", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/event-dispatcher.git", "url": "https://github.com/symfony/event-dispatcher.git",
"reference": "e95216850555cd55e71b857eb9d6c2674124603a" "reference": "ae9d3a6f3003a6caf56acd7466d8d52378d44fef"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/e95216850555cd55e71b857eb9d6c2674124603a", "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/ae9d3a6f3003a6caf56acd7466d8d52378d44fef",
"reference": "e95216850555cd55e71b857eb9d6c2674124603a", "reference": "ae9d3a6f3003a6caf56acd7466d8d52378d44fef",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -2927,7 +2927,7 @@
"description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them", "description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/event-dispatcher/tree/v6.4.2" "source": "https://github.com/symfony/event-dispatcher/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -2943,7 +2943,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-12-27T22:16:42+00:00" "time": "2024-01-23T14:51:35+00:00"
}, },
{ {
"name": "symfony/event-dispatcher-contracts", "name": "symfony/event-dispatcher-contracts",
@ -3023,16 +3023,16 @@
}, },
{ {
"name": "symfony/filesystem", "name": "symfony/filesystem",
"version": "v6.4.0", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/filesystem.git", "url": "https://github.com/symfony/filesystem.git",
"reference": "952a8cb588c3bc6ce76f6023000fb932f16a6e59" "reference": "7f3b1755eb49297a0827a7575d5d2b2fd11cc9fb"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/952a8cb588c3bc6ce76f6023000fb932f16a6e59", "url": "https://api.github.com/repos/symfony/filesystem/zipball/7f3b1755eb49297a0827a7575d5d2b2fd11cc9fb",
"reference": "952a8cb588c3bc6ce76f6023000fb932f16a6e59", "reference": "7f3b1755eb49297a0827a7575d5d2b2fd11cc9fb",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3066,7 +3066,7 @@
"description": "Provides basic utilities for the filesystem", "description": "Provides basic utilities for the filesystem",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/filesystem/tree/v6.4.0" "source": "https://github.com/symfony/filesystem/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -3082,7 +3082,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-07-26T17:27:13+00:00" "time": "2024-01-23T14:51:35+00:00"
}, },
{ {
"name": "symfony/finder", "name": "symfony/finder",
@ -3461,16 +3461,16 @@
}, },
{ {
"name": "symfony/process", "name": "symfony/process",
"version": "v6.4.2", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/process.git", "url": "https://github.com/symfony/process.git",
"reference": "c4b1ef0bc80533d87a2e969806172f1c2a980241" "reference": "31642b0818bfcff85930344ef93193f8c607e0a3"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/process/zipball/c4b1ef0bc80533d87a2e969806172f1c2a980241", "url": "https://api.github.com/repos/symfony/process/zipball/31642b0818bfcff85930344ef93193f8c607e0a3",
"reference": "c4b1ef0bc80533d87a2e969806172f1c2a980241", "reference": "31642b0818bfcff85930344ef93193f8c607e0a3",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3502,7 +3502,7 @@
"description": "Executes commands in sub-processes", "description": "Executes commands in sub-processes",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/process/tree/v6.4.2" "source": "https://github.com/symfony/process/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -3518,7 +3518,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-12-22T16:42:54+00:00" "time": "2024-01-23T14:51:35+00:00"
}, },
{ {
"name": "symfony/service-contracts", "name": "symfony/service-contracts",
@ -3604,16 +3604,16 @@
}, },
{ {
"name": "symfony/stopwatch", "name": "symfony/stopwatch",
"version": "v6.4.0", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/stopwatch.git", "url": "https://github.com/symfony/stopwatch.git",
"reference": "fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2" "reference": "416596166641f1f728b0a64f5b9dd07cceb410c1"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/stopwatch/zipball/fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2", "url": "https://api.github.com/repos/symfony/stopwatch/zipball/416596166641f1f728b0a64f5b9dd07cceb410c1",
"reference": "fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2", "reference": "416596166641f1f728b0a64f5b9dd07cceb410c1",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3646,7 +3646,7 @@
"description": "Provides a way to profile code", "description": "Provides a way to profile code",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/stopwatch/tree/v6.4.0" "source": "https://github.com/symfony/stopwatch/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -3662,20 +3662,20 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-02-16T10:14:28+00:00" "time": "2024-01-23T14:35:58+00:00"
}, },
{ {
"name": "symfony/string", "name": "symfony/string",
"version": "v6.4.2", "version": "v6.4.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/string.git", "url": "https://github.com/symfony/string.git",
"reference": "7cb80bc10bfcdf6b5492741c0b9357dac66940bc" "reference": "7a14736fb179876575464e4658fce0c304e8c15b"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/string/zipball/7cb80bc10bfcdf6b5492741c0b9357dac66940bc", "url": "https://api.github.com/repos/symfony/string/zipball/7a14736fb179876575464e4658fce0c304e8c15b",
"reference": "7cb80bc10bfcdf6b5492741c0b9357dac66940bc", "reference": "7a14736fb179876575464e4658fce0c304e8c15b",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3732,7 +3732,7 @@
"utf8" "utf8"
], ],
"support": { "support": {
"source": "https://github.com/symfony/string/tree/v6.4.2" "source": "https://github.com/symfony/string/tree/v6.4.3"
}, },
"funding": [ "funding": [
{ {
@ -3748,7 +3748,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2023-12-10T16:15:48+00:00" "time": "2024-01-25T09:26:29+00:00"
} }
], ],
"aliases": [], "aliases": [],
@ -3763,5 +3763,5 @@
"ext-openssl": "*" "ext-openssl": "*"
}, },
"platform-dev": [], "platform-dev": [],
"plugin-api-version": "2.3.0" "plugin-api-version": "2.6.0"
} }

3
bouncer/docker-compose.yml
View file

@ -30,6 +30,7 @@ services:
- ./test/public-web-a:/app/public - ./test/public-web-a:/app/public
environment: environment:
- BOUNCER_DOMAIN=a.web.grey.ooo - BOUNCER_DOMAIN=a.web.grey.ooo
- BOUNCER_TARGET_PORT=80
# - BOUNCER_LETSENCRYPT=true # - BOUNCER_LETSENCRYPT=true
web-b: web-b:
@ -41,5 +42,5 @@ services:
- ./test/public-web-b:/app/public - ./test/public-web-b:/app/public
environment: environment:
- BOUNCER_DOMAIN=b.web.grey.ooo - BOUNCER_DOMAIN=b.web.grey.ooo
- BOUNCER_TARGET_PORT=80
# - BOUNCER_LETSENCRYPT=true # - BOUNCER_LETSENCRYPT=true

57
bouncer/grey-ooo-test.yml
View file

@ -1,57 +0,0 @@
version: "3.4"
services:
bouncer:
build:
context: .
target: bouncer
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# environment:
# - BOUNCER_LETSENCRYPT_MODE=production
# - BOUNCER_LETSENCRYPT_EMAIL=matthew@baggett.me
# - BOUNCER_S3_ENDPOINT=http://grey.ooo:9000
# - BOUNCER_S3_KEY_ID=geusebio
# - BOUNCER_S3_KEY_SECRET=teblE0neTf2NQcVFaZIRkSF44RscyQ3G
# - BOUNCER_S3_BUCKET=bouncer-certificates
# - BOUNCER_S3_USE_PATH_STYLE_ENDPOINT="yes"
ports:
- 127.0.0.5:80:80
- 127.0.0.5:443:443
depends_on:
- web-a
- web-b
- web-c
web-a:
build:
context: .
target: test-app-a
environment:
- BOUNCER_DOMAIN=a.web.grey.ooo
- BOUNCER_LETSENCRYPT=false
- BOUNCER_TARGET_PORT=80
ports:
- 127.0.0.5:81:80
web-b:
build:
context: .
target: test-app-b
environment:
- BOUNCER_DOMAIN=b.web.grey.ooo
- BOUNCER_LETSENCRYPT=false
- BOUNCER_TARGET_PORT=80
ports:
- 127.0.0.5:82:80
web-c:
build:
context: .
target: test-app-c
environment:
- BOUNCER_DOMAIN=c.web.grey.ooo
- BOUNCER_LETSENCRYPT=false
- BOUNCER_TARGET_PORT=80
ports:
- 127.0.0.5:83:80

1
bouncer/logs-nginx-access.runit
View file

@ -1,2 +1,3 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=SC2312
tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping

2
bouncer/logs.finish Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
sleep infinity

8
bouncer/logs.runit
View file

@ -1,6 +1,4 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [[ -f /var/log/bouncer/*.log ]]; then #if [[ -f /var/log/bouncer/bouncer.log ]]; then
tail -f /var/log/bouncer/*.log # tail -f /var/log/bouncer/bouncer.log
else #fi
sleep 1
fi

4
bouncer/public/index.html
View file

@ -1,5 +1,7 @@
<html> <html>
<head><title>👻 Nothing to see here!</title></head> <head>
<title>👻 Nothing to see here!</title>
</head>
<body> <body>
<h1>Oops!</h1> <h1>Oops!</h1>
<p>There's nothing here.</p> <p>There's nothing here.</p>

23
laravel/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here. This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements # Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._ - **Be friendly and patient.**
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._ - **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour # Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological. - Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. - Threats of violence, both physical and psycological.
* Continued communication after requests to cease. - Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions # Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work. - Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible. - Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

8
laravel/Dockerfile
View file

@ -1,5 +1,4 @@
ARG PHP_VERSION FROM php:nginx
FROM benzine/php:nginx-${PHP_VERSION}
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker" org.opencontainers.image.source="https://github.com/benzine-framework/docker"
@ -20,3 +19,8 @@ COPY laravel-scheduler.runit /etc/service/scheduler/run
COPY migrate.runit /etc/service/migrate/run COPY migrate.runit /etc/service/migrate/run
COPY wait-for-mysql /usr/bin/wait-for-mysql COPY wait-for-mysql /usr/bin/wait-for-mysql
RUN chmod +x /etc/service/*/run /etc/service/*/finish /usr/bin/wait-for-mysql RUN chmod +x /etc/service/*/run /etc/service/*/finish /usr/bin/wait-for-mysql
HEALTHCHECK --interval=10s --timeout=3s \
CMD curl -f http://localhost/ || exit 1
RUN adduser laravel
USER laravel

2
laravel/laravel-horizon.finish
View file

@ -1,2 +1,2 @@
#!/bin/bash #!/bin/bash
sleep 20; sleep 20

9
laravel/laravel-horizon.runit
View file

@ -2,17 +2,16 @@
rm -f /var/lock/laravel_horizon_started rm -f /var/lock/laravel_horizon_started
# If horizon is present, publish the frontend assets, if HORIZON_UI is set to "on" # If horizon is present, publish the frontend assets, if HORIZON_UI is set to "on"
if [ "${HORIZON_ENABLE,,}" = "on" ]; then if [[ ${HORIZON_ENABLE,,} == "on" ]]; then
if [[ -f "/app/config/horizon.php" ]]; then if [[ -f "/app/config/horizon.php" ]]; then
if [ "${MIGRATE_ENABLE}" = "on" ]; then if [[ ${MIGRATE_ENABLE} == "on" ]]; then
echo "[HORIZON] Waiting until Migration Complete." echo "[HORIZON] Waiting until Migration Complete."
until [ -f /var/lock/laravel_migration_complete ] until [[ -f /var/lock/laravel_migration_complete ]]; do
do
sleep 1 sleep 1
done done
echo "[HORIZON] Migration is complete, running Horizon." echo "[HORIZON] Migration is complete, running Horizon."
fi fi
if [ "${HORIZON_UI,,}" = "on" ]; then if [[ ${HORIZON_UI,,} == "on" ]]; then
echo "[HORIZON] Publishing horizon frontend assets" echo "[HORIZON] Publishing horizon frontend assets"
php /app/artisan horizon:publish php /app/artisan horizon:publish
fi fi

11
laravel/laravel-scheduler.runit
View file

@ -1,17 +1,16 @@
#!/bin/bash #!/bin/bash
cd /app cd /app || exit
if [ "${SCHEDULER_ENABLE,,}" = "on" ]; then if [[ ${SCHEDULER_ENABLE,,} == "on" ]]; then
if [ "${MIGRATE_ENABLE}" = "on" ]; then if [[ ${MIGRATE_ENABLE} == "on" ]]; then
echo "[SCHEDULER] Waiting until Migration Complete." echo "[SCHEDULER] Waiting until Migration Complete."
until [ -f /var/lock/laravel_migration_complete ] until [[ -f /var/lock/laravel_migration_complete ]]; do
do
sleep 1 sleep 1
done done
echo "[SCHEDULER] Migrations complete, starting scheduler" echo "[SCHEDULER] Migrations complete, starting scheduler"
fi fi
while true; do while true; do
php /app/artisan schedule:run php /app/artisan schedule:run
sleep 59; sleep 59
done done
else else
echo "[SCHEDULER] Not enabled. To enable this feature, set SCHEDULER_ENABLE = on." echo "[SCHEDULER] Not enabled. To enable this feature, set SCHEDULER_ENABLE = on."

2
laravel/laravel.runit
View file

@ -12,7 +12,7 @@ chmod 777 -R /app/storage
chmod +x /app/artisan chmod +x /app/artisan
php /app/artisan package:discover php /app/artisan package:discover
if [ "${REGENERATE_KEYS,,}" = "on" ]; then if [[ ${REGENERATE_KEYS,,} == "on" ]]; then
php /app/artisan key:generate php /app/artisan key:generate
php /app/artisan passport:keys --force php /app/artisan passport:keys --force
fi fi

13
laravel/migrate.runit
View file

@ -2,23 +2,22 @@
rm -f /var/lock/laravel_migration_underway \ rm -f /var/lock/laravel_migration_underway \
/var/lock/laravel_migration_complete /var/lock/laravel_migration_complete
if [ "${MIGRATE_ENABLE,,}" = "on" ]; then if [[ ${MIGRATE_ENABLE,,} == "on" ]]; then
# Give a moment for services to wake up # Give a moment for services to wake up
echo "[MIGRATION] Waiting until Laravel Ready." echo "[MIGRATION] Waiting until Laravel Ready."
sleep 3 sleep 3
until [ -f /var/lock/laravel_ready ] until [[ -f /var/lock/laravel_ready ]]; do
do
sleep 1 sleep 1
done done
echo "[MIGRATION] Laravel is ready, running migrations..." echo "[MIGRATION] Laravel is ready, running migrations..."
cd /app cd /app || exit
# Run migration # Run migration
touch /var/lock/laravel_migration_underway touch /var/lock/laravel_migration_underway
if [ "${MIGRATE_CLEAN,,}" = "on" ]; then if [[ ${MIGRATE_CLEAN,,} == "on" ]]; then
php /app/artisan migrate:fresh --force php /app/artisan migrate:fresh --force
php /app/artisan migrate --force # First run will fail due to permissions. We can ignore, but need to migrate again to finish. php /app/artisan migrate --force # First run will fail due to permissions. We can ignore, but need to migrate again to finish.
else else
@ -26,13 +25,13 @@ if [ "${MIGRATE_ENABLE,,}" = "on" ]; then
php /app/artisan migrate --force || php /app/artisan migrate --force php /app/artisan migrate --force || php /app/artisan migrate --force
fi fi
if [ "${SEEDERS,,}" = "on" ]; then if [[ ${SEEDERS,,} == "on" ]]; then
php /app/artisan db:seed -q php /app/artisan db:seed -q
fi fi
rm /var/lock/laravel_migration_underway rm /var/lock/laravel_migration_underway
touch /var/lock/laravel_migration_complete touch /var/lock/laravel_migration_complete
echo "[MIGRATION] Migration complete!"; echo "[MIGRATION] Migration complete!"
else else
echo "[MIGRATION] Not enabled. Set MIGRATE_ENABLE = on to enable." echo "[MIGRATION] Not enabled. Set MIGRATE_ENABLE = on to enable."

4
laravel/nginx.runit
View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [ -z "${SSL_CERTIFICATE}" ]; then if [[ -z ${SSL_CERTIFICATE} ]]; then
echo "No certificate set, using defaults" echo "No certificate set, using defaults"
else else
echo "Setting /certs/example.crt and /certs/example.key" echo "Setting /certs/example.crt and /certs/example.key"
@ -8,7 +8,7 @@ else
echo "${SSL_CERTIFICATE_KEY}" >/certs/example.key echo "${SSL_CERTIFICATE_KEY}" >/certs/example.key
fi fi
if [ "${HTTP_ENABLE,,}" = "on" ]; then if [[ ${HTTP_ENABLE,,} == "on" ]]; then
echo "[NGINX] Starting Nginx" echo "[NGINX] Starting Nginx"
/usr/sbin/nginx /usr/sbin/nginx
else else

6
laravel/wait-for-mysql
View file

@ -2,12 +2,12 @@
MYSQL_HOST=${MYSQL_HOST:-"localhost"} MYSQL_HOST=${MYSQL_HOST:-"localhost"}
MYSQL_PORT=${MYSQL_PORT:-3306} MYSQL_PORT=${MYSQL_PORT:-3306}
echo -n "Waiting for MySQL..." echo -n "Waiting for MySQL..."
while ! mysqladmin ping -h"$MYSQL_HOST" -P"$MYSQL_PORT" --silent; do while ! mysqladmin ping -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" --silent; do
sleep 1 sleep 1
echo -n "." echo -n "."
done done
sleep 1; sleep 1
while ! mysqladmin ping -h"$MYSQL_HOST" -P"$MYSQL_PORT" --silent; do while ! mysqladmin ping -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" --silent; do
sleep 1 sleep 1
echo -n "." echo -n "."
done done

23
marshall/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here. This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements # Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._ - **Be friendly and patient.**
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._ - **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour # Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological. - Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. - Threats of violence, both physical and psycological.
* Continued communication after requests to cease. - Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions # Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work. - Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible. - Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

8
marshall/Dockerfile
View file

@ -1,4 +1,5 @@
FROM ubuntu:focal # checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM ubuntu:version
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
@ -15,7 +16,7 @@ ENV DEBIAN_FRONTEND="teletype" \
MARSHALL_BUILD_HOST=${MARSHALL_BUILD_HOST} MARSHALL_BUILD_HOST=${MARSHALL_BUILD_HOST}
WORKDIR /app WORKDIR /app
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV PATH="/app:/app/bin:/app/vendor/bin:${PATH}" ENV PATH="/app:/app/bin:/app/vendor/bin:${PATH}"
ENV PS1="\[\e[31m\][\[\e[m\]\[\e[38;5;172m\]\u\[\e[m\]@\[\e[38;5;153m\]\h\[\e[m\] \[\e[38;5;214m\]\W\[\e[m\]\[\e[31m\]]\[\e[m\]\\$ " ENV PS1="\[\e[31m\][\[\e[m\]\[\e[38;5;172m\]\u\[\e[m\]@\[\e[38;5;153m\]\h\[\e[m\] \[\e[38;5;214m\]\W\[\e[m\]\[\e[31m\]]\[\e[m\]\\$ "
@ -28,3 +29,6 @@ CMD ["/usr/bin/marshall"]
RUN /installers/install && \ RUN /installers/install && \
rm -rf /marshall /installers && \ rm -rf /marshall /installers && \
chmod +x /usr/bin/marshall chmod +x /usr/bin/marshall
# Disable healthcheck, as healthcheck is nonsensical for this container.
HEALTHCHECK NONE

1
marshall/etc/service/logrotate/logrotate.runit
View file

@ -1,2 +1 @@
#!/bin/bash #!/bin/bash

2
marshall/etc/service/rsyslog/rsyslog.finish Normal file
View file

@ -0,0 +1,2 @@
#!/bin/bash
echo "Oh no! rsyslog has crashed!"

10
marshall/etc/service/rsyslog/rsyslog.runit
View file

@ -1,11 +1,11 @@
#!/bin/sh #!/bin/sh
SYSLOG_LOCATION=/var/log/syslog SYSLOG_LOCATION=/var/log/syslog
if [ ! -f $SYSLOG_LOCATION ]; then if [ ! -f "${SYSLOG_LOCATION}" ]; then
touch $SYSLOG_LOCATION touch "${SYSLOG_LOCATION}"
fi fi
chmod 777 $SYSLOG_LOCATION chmod 777 "${SYSLOG_LOCATION}"
service rsyslog start; service rsyslog start
sleep 5 sleep 5
tail -f $SYSLOG_LOCATION | sed --unbuffered 's|.*\[.*\]: ||g' tail -f "${SYSLOG_LOCATION}" | sed --unbuffered 's|.*\[.*\]: ||g'

25
marshall/installers/000_apt.sh
View file

@ -1,18 +1,19 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091,SC2312
source /installers/config source /installers/config
echo "force-unsafe-io" >/etc/dpkg/dpkg.cfg.d/force-unsafe-io echo "force-unsafe-io" >/etc/dpkg/dpkg.cfg.d/force-unsafe-io
# We're gonna move the sources to .d/ubuntu.list, then copy it, then manipulate it for a mirror list. # We're gonna move the sources to .d/ubuntu.list, then copy it, then manipulate it for a mirror list.
( #(
cat /etc/apt/sources.list; # cat /etc/apt/sources.list
cat /etc/apt/sources.list \ # sed 's/http\:\/\/archive\.ubuntu\.com\/ubuntu\//mirror\:\/\/mirrors.ubuntu.com\/mirrors.txt/g' </etc/apt/sources.list |
| sed 's/http\:\/\/archive\.ubuntu\.com\/ubuntu\//mirror\:\/\/mirrors.ubuntu.com\/mirrors.txt/g' \ # sed "s|deb http://security.ubuntu.com|# deb http://security.ubuntu.com|g"
| sed "s|deb http://security.ubuntu.com|# deb http://security.ubuntu.com|g" #) |
) \ # sed '/^#/d' |
| sed '/^#/d' \ # sed '/^$/d' \
| sed '/^$/d' \ # >/etc/apt/sources.list.d/ubuntu.list
> /etc/apt/sources.list.d/ubuntu.list #rm /etc/apt/sources.list
rm /etc/apt/sources.list; touch /etc/apt/sources.list; #touch /etc/apt/sources.list
# Remove duplicate sources # Remove duplicate sources
sort /etc/apt/sources.list.d/ubuntu.list | uniq >/etc/apt/sources.list.d/ubuntu.list.uniq sort /etc/apt/sources.list.d/ubuntu.list | uniq >/etc/apt/sources.list.d/ubuntu.list.uniq
@ -25,5 +26,5 @@ apt-get -qq update
apt-get -yq upgrade apt-get -yq upgrade
# Install apt-utils & ca-certificates to prevent some screaming. # Install apt-utils & ca-certificates to prevent some screaming.
$APT_GET ca-certificates ${APT_GET} ca-certificates
$APT_GET apt apt-utils ${APT_GET} apt apt-utils

3
marshall/installers/001_bash.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET bash ${APT_GET} bash

5
marshall/installers/002_timezone.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET tzdata ${APT_GET} tzdata
echo $DEFAULT_TZ > /etc/timezone echo "${DEFAULT_TZ}" >/etc/timezone

3
marshall/installers/003_dos2unix.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET dos2unix ${APT_GET} dos2unix

3
marshall/installers/004_gpgagent.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET gpg-agent ${APT_GET} gpg-agent

3
marshall/installers/050_runit.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET \ ${APT_GET} \
runit runit

3
marshall/installers/100_cron.sh
View file

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET cron ${APT_GET} cron
chmod 600 /etc/crontab chmod 600 /etc/crontab

6
marshall/installers/101_rsyslog.sh
View file

@ -1,7 +1,9 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET rsyslog ${APT_GET} rsyslog
mkdir -p /etc/service/rsyslog mkdir -p /etc/service/rsyslog
mv /etc/service/rsyslog/rsyslog.runit /etc/service/rsyslog/run mv /etc/service/rsyslog/rsyslog.runit /etc/service/rsyslog/run
chmod +x /etc/service/rsyslog/run mv /etc/service/rsyslog/rsyslog.finish /etc/service/rsyslog/finish
chmod +x /etc/service/rsyslog/run /etc/service/rsyslog/finish

3
marshall/installers/900_utils.sh
View file

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
$APT_GET \ ${APT_GET} \
inetutils-ping \ inetutils-ping \
nano \ nano \
host \ host \

1
marshall/installers/999_cleanup.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC1091
source /installers/config source /installers/config
cd / cd /
apt-get remove -yqq \ apt-get remove -yqq \

10
marshall/installers/config
View file

@ -1,10 +1,10 @@
#!/bin/bash #!/bin/bash
set -e set -e
COLOUR_FAIL='\e[31m' export COLOUR_FAIL='\e[31m'
COLOUR_SUCCESS='\e[32m' export COLOUR_SUCCESS='\e[32m'
COLOUR_RESET='\e[0m' export COLOUR_RESET='\e[0m'
printf 'Running: %b%s%b\n' $COLOUR_SUCCESS "${0##*/}" $COLOUR_RESET printf 'Running: %b%s%b\n' "${COLOUR_SUCCESS}" "${0##*/}" "${COLOUR_RESET}"
export LC_ALL=C export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
APT_GET='apt-get install -yqq --no-install-recommends ' export APT_GET='apt-get install -yqq --no-install-recommends '

2
marshall/installers/install
View file

@ -3,5 +3,5 @@ set -e
cd "$(dirname "$0")" cd "$(dirname "$0")"
for file in *.sh; do for file in *.sh; do
/bin/bash $file /bin/bash "${file}"
done done

8
marshall/usr/bin/package-report
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/usr/bin/env bash
echo "Packages installed:": printf "Packages installed:\n KiloBytes\tPackage\n"
echo " KiloBytes\tPackage";
dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n | tac # shellcheck disable=SC2312
dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n | tac | head -n 5

23
mitm-proxy/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here. This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements # Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._ - **Be friendly and patient.**
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._ - **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour # Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological. - Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. - Threats of violence, both physical and psycological.
* Continued communication after requests to cease. - Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions # Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work. - Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible. - Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

6
mitm-proxy/Dockerfile
View file

@ -1,6 +1,4 @@
# From upstream redis FROM mitmproxy:version
# hadolint ignore=DL3007
FROM mitmproxy/mitmproxy
ARG BUILD_DATE ARG BUILD_DATE
ARG GIT_SHA ARG GIT_SHA
ARG MITM_VERSION ARG MITM_VERSION
@ -38,6 +36,8 @@ RUN os=$(grep "^ID=" < /etc/os-release | cut -f2 -d'=') && \
exit 1; \ exit 1; \
fi fi
USER mitmproxy
# Add healthcheck # Add healthcheck
HEALTHCHECK --interval=30s --timeout=3s \ HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -I -x http://localhost:8080 -k https://www.google.com || exit 1 CMD curl -I -x http://localhost:8080 -k https://www.google.com || exit 1

9
mqtt/Dockerfile
View file

@ -1,4 +1,9 @@
# hadolint ignore=DL3007 FROM eclipse-mosquitto:injected-version
FROM eclipse-mosquitto:latest
COPY mosquitto.conf /mosquitto/config/mosquitto.conf COPY mosquitto.conf /mosquitto/config/mosquitto.conf
RUN adduser -D mqtt
USER mqtt
HEALTHCHECK --interval=15s --timeout=3s --start-period=10s --retries=5 \
CMD mosquitto_sub -h localhost -t '$SYS/#' -C 1 -W 3

3
mysql-proxy/.hadolint.yaml
View file

@ -1,3 +0,0 @@
ignored:
- DL3005
- DL3008

46
mysql-proxy/Dockerfile
View file

@ -1,4 +1,4 @@
FROM benzine/marshall:latest AS mysql-proxy FROM marshall:version AS mysql-proxy
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
@ -8,13 +8,14 @@ ENV MYSQL_PROXY_VERSION 0.8.5
ENV MYSQL_PROXY_TAR_NAME mysql-proxy-$MYSQL_PROXY_VERSION-linux-debian6.0-x86-64bit ENV MYSQL_PROXY_TAR_NAME mysql-proxy-$MYSQL_PROXY_VERSION-linux-debian6.0-x86-64bit
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \ RUN adduser mysql && \
apt-get update && \
apt-get upgrade -y ca-certificates tzdata && \ apt-get upgrade -y ca-certificates tzdata && \
apt-get -y install --no-install-recommends \ apt-get -y install --no-install-recommends \
wget \ wget \
mysql-client \ mysql-client \
&& \ && \
wget https://downloads.mysql.com/archives/get/p/21/file/$MYSQL_PROXY_TAR_NAME.tar.gz && \ wget -q https://downloads.mysql.com/archives/get/p/21/file/$MYSQL_PROXY_TAR_NAME.tar.gz && \
tar -xzvf $MYSQL_PROXY_TAR_NAME.tar.gz && \ tar -xzvf $MYSQL_PROXY_TAR_NAME.tar.gz && \
mv $MYSQL_PROXY_TAR_NAME /opt/mysql-proxy && \ mv $MYSQL_PROXY_TAR_NAME /opt/mysql-proxy && \
rm $MYSQL_PROXY_TAR_NAME.tar.gz && \ rm $MYSQL_PROXY_TAR_NAME.tar.gz && \
@ -22,38 +23,15 @@ RUN apt-get update && \
apt-get autoremove -yqq && \ apt-get autoremove -yqq && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/ && \ rm -rf /var/lib/apt/lists/ && \
chown -R root:root /opt/mysql-proxy && \ chown -R mysql:mysql /opt/mysql-proxy
printf "#!/bin/bash\n\
\n\
exec /opt/mysql-proxy/bin/mysql-proxy \\\\\n\
--keepalive \\\\\n\
--log-level=error \\\\\n\
--plugins=proxy \\\\\n\
--proxy-address=\${PROXY_DB_HOST}:\${PROXY_DB_PORT} \\\\\n\
--proxy-backend-addresses=\${REMOTE_DB_HOST}:\${REMOTE_DB_PORT} \\\\\n\
--proxy-lua-script=/opt/mysql-proxy/conf/main.lua\n\
" >> /usr/local/bin//entrypoint.sh && \
chmod u+x /usr/local/bin/entrypoint.sh && \
ln -s /usr/local/bin/docker-entrypoint.sh /entrypoint.sh # shortcut
HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=3 \
CMD mysqladmin ping -h 127.0.0.1 -p 3306 -u root || exit 1
ENTRYPOINT [ "entrypoint.sh" ]
COPY main.lua /opt/mysql-proxy/conf/main.lua COPY main.lua /opt/mysql-proxy/conf/main.lua
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/healthcheck.sh
CMD [ "/usr/local/bin/entrypoint.sh" ]
# For another derived image: HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=3 \
CMD /usr/local/bin/healthcheck.sh || exit 1
# --help-all USER mysql
# --proxy-backend-addresses=mysql:3306
# --proxy-skip-profiling
# --proxy-backend-addresses=host:port
# --proxy-read-only-backend-addresses=host:port
# --keepalive
# --admin-username=User
# --admin-password=Password
# --log-level=crititcal
# The log level to use when outputting error messages.
# Messages with that level (or lower) are output.
# For example, message level also outputs message with info, warning, and error levels.

41
mysql-proxy/README.md
View file

@ -1,10 +1,11 @@
# MySQL Proxy # MySQL Proxy
# Usage with docker-compose ## Usage with docker-compose
without without
```
version: '2' ```yaml
version: "2"
services: services:
db: db:
@ -22,8 +23,9 @@ services:
``` ```
within within
```
version: '2' ```yaml
version: "2"
services: services:
mysql: mysql:
@ -58,9 +60,11 @@ services:
- mysql - mysql
``` ```
# Query to stdout ## Query to stdout
For `docker-compose up` without `-d` (`../mysql-proxy/main.lua`) For `docker-compose up` without `-d` (`../mysql-proxy/main.lua`)
```
```lua
function read_query(packet) function read_query(packet)
if string.byte(packet) == proxy.COM_QUERY then if string.byte(packet) == proxy.COM_QUERY then
print(string.sub(packet, 2)) print(string.sub(packet, 2))
@ -68,10 +72,9 @@ function read_query(packet)
end end
``` ```
# Query logging for mysql-proxy ## Query logging for mysql-proxy
``` ```yaml
...
volumes: volumes:
- ../mysql-proxy-conf:/opt/mysql-proxy/conf - ../mysql-proxy-conf:/opt/mysql-proxy/conf
- ../mysql-proxy-logs:/opt/mysql-proxy/logs - ../mysql-proxy-logs:/opt/mysql-proxy/logs
@ -81,11 +84,11 @@ end
REMOTE_DB_PORT: 3306 REMOTE_DB_PORT: 3306
LUA_SCRIPT: "/opt/mysql-proxy/conf/log.lua" LUA_SCRIPT: "/opt/mysql-proxy/conf/log.lua"
LOG_FILE: "/opt/mysql-proxy/logs/mysql.log" LOG_FILE: "/opt/mysql-proxy/logs/mysql.log"
...
``` ```
`/mysql-proxy-conf/log.lua` https://gist.github.com/simonw/1039751 `/mysql-proxy-conf/log.lua` https://gist.github.com/simonw/1039751
```
```lua
local log_file = os.getenv("LOG_FILE") local log_file = os.getenv("LOG_FILE")
local fh = io.open(log_file, "a+") local fh = io.open(log_file, "a+")
@ -101,16 +104,18 @@ function read_query( packet )
end end
end end
``` ```
# thanks
## thanks
https://hub.docker.com/r/zwxajh/mysql-proxy https://hub.docker.com/r/zwxajh/mysql-proxy
https://hub.docker.com/r/gediminaspuksmys/mysqlproxy/ https://hub.docker.com/r/gediminaspuksmys/mysqlproxy/
# logrotate ## logrotate
The image can be expand with `logrotate` The image can be expand with `logrotate`
Config file `/etc/logrotate.d/mysql-proxy` (approximate) Config file `/etc/logrotate.d/mysql-proxy` (approximate)
``` ```text
/opt/mysql-proxy/mysql.log { /opt/mysql-proxy/mysql.log {
weekly weekly
missingok missingok
@ -125,10 +130,12 @@ Config file `/etc/logrotate.d/mysql-proxy` (approximate)
} }
``` ```
# troubleshooting ## troubleshooting
If you can't create the chain `mysql` -> `mysql-proxy` -> `external client liten 0.0.0.0:3308` If you can't create the chain `mysql` -> `mysql-proxy` -> `external client liten 0.0.0.0:3308`
check extends ports on the `mysql` service and/or add `expose` directly check extends ports on the `mysql` service and/or add `expose` directly
```
```yaml
expose: expose:
- "3306" #for service mysql-proxy - "3306" #for service mysql-proxy
``` ```

38
mysql-proxy/docker-compose.yml Normal file
View file

@ -0,0 +1,38 @@
version: "3"
services:
mysql:
image: mysql:8.0.0
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: dbuser
MYSQL_USER: dbuser
MYSQL_PASSWORD: password
healthcheck:
test:
[
"CMD",
"mysqladmin",
"ping",
"-h",
"127.0.0.1",
"-u",
"dbuser",
"-ppassword",
]
interval: 5s
timeout: 20s
retries: 5
proxy:
build: .
restart: always
environment:
PROXY_DB_PORT: 3306
REMOTE_DB_HOST: mysql
REMOTE_DB_PORT: 3306
MYSQL_USER: dbuser
MYSQL_PASSWORD: password
depends_on:
mysql:
condition: service_healthy

12
mysql-proxy/entrypoint.sh Normal file
View file

@ -0,0 +1,12 @@
#!/bin/bash
echo "Starting MySQL Proxy..."
echo "Configured to listen as ${PROXY_DB_HOST}:${PROXY_DB_PORT}"
echo "Configured to forward to ${REMOTE_DB_HOST}:${REMOTE_DB_PORT}"
exec /opt/mysql-proxy/bin/mysql-proxy \
--keepalive \
--log-level=error \
--plugins=proxy \
--proxy-address="${PROXY_DB_HOST}":"${PROXY_DB_PORT}" \
--proxy-backend-addresses="${REMOTE_DB_HOST}":"${REMOTE_DB_PORT}" \
--proxy-lua-script=/opt/mysql-proxy/conf/main.lua

6
mysql-proxy/healthcheck.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
export MYSQL_PWD="${MYSQL_PASSWORD}"
mysqladmin ping \
-h "${PROXY_DB_HOST:-"127.0.0.1"}" \
-P "${PROXY_DB_PORT}" \
-u "${MYSQL_USER}"

23
node/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here. This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements # Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._ - **Be friendly and patient.**
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._ - **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour # Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological. - Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. - Threats of violence, both physical and psycological.
* Continued communication after requests to cease. - Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions # Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work. - Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible. - Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

26
node/Dockerfile
View file

@ -1,12 +1,12 @@
# hadolint ignore=DL3007 FROM marshall:build AS nodejs
FROM benzine/marshall:latest AS nodejs
ARG NODE_VERSION ARG NODE_VERSION
ARG YARN_VERSION ARG YARN_VERSION
ARG PATH="/app/node_modules/.bin:${PATH}" ARG PATH="/app/node_modules/.bin:${PATH}"
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN mkdir ~/.gnupg && \ RUN adduser node && \
mkdir ~/.gnupg && \
echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf && \ echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf && \
apt-get -qq update && \ apt-get -qq update && \
apt-get -yqq install --no-install-recommends \ apt-get -yqq install --no-install-recommends \
@ -58,21 +58,27 @@ RUN mkdir ~/.gnupg && \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done \ done \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://github.com/yarnpkg/yarn/releases/download/v$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& mkdir -p /opt \ && mkdir -p /opt \
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && rm yarn-v$YARN_VERSION.tar.gz \
\ \
&& apt-get autoremove -y \ && apt-get autoremove -y \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log
# Healthcheck is nonsensical for this container.
HEALTHCHECK NONE
# Back to userland
USER node
FROM nodejs AS nodejs-compiler FROM nodejs AS nodejs-compiler
# Install dependencies
USER root
RUN apt-get -qq update && \ RUN apt-get -qq update && \
apt-get -yqq install --no-install-recommends \ apt-get -yqq install --no-install-recommends \
python \ python \
@ -81,3 +87,9 @@ RUN apt-get -qq update && \
apt-get autoremove -y && \ apt-get autoremove -y && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log
# Healthcheck is nonsensical for this container.
HEALTHCHECK NONE
# Back to userland
USER node

23
php/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here. This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements # Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._ - **Be friendly and patient.**
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._ - **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour # Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological. - Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. - Threats of violence, both physical and psycological.
* Continued communication after requests to cease. - Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions # Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work. - Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible. - Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

84
php/Dockerfile.Flavours → php/Dockerfile
View file

@ -1,10 +1,68 @@
ARG PHP_CORE_VERSION # checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
# hadolint ignore=DL3024 FROM marshall:build AS php-core
FROM ${PHP_CORE_VERSION} AS php-cli
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker" org.opencontainers.image.source="https://github.com/benzine-framework/docker"
ARG PHP_PACKAGES
ARG COMPOSER_VERSION
ENV COMPOSER_ALLOW_SUPERUSER=1
COPY core/install-report.sh /usr/bin/install-report
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN echo "Acquire::Retries \"5\";" > /etc/apt/apt.conf.d/80-retries && \
echo "Acquire::http::No-Cache=true;" > /etc/apt/apt.conf.d/80-no-cache && \
echo "Acquire::http::Pipeline-Depth=0;" > /etc/apt/apt.conf.d/80-no-pipeline && \
apt-get -qq update && \
apt-get -yqq upgrade && \
apt-get -yqq install --no-install-recommends \
python3-software-properties \
software-properties-common \
&& \
echo "PHP packages to install:" && echo $PHP_PACKAGES && \
add-apt-repository -y ppa:ondrej/php && \
apt-get -qq update && \
apt-get -yqq install --no-install-recommends $PHP_PACKAGES &&\
apt-get remove -yqq \
software-properties-common \
python-apt-common \
python3-software-properties \
python3.5 python3.5-minimal libpython3.5-minimal \
&& \
apt-get autoremove -yqq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log && \
rm -rf /usr/bin/mariabackup \
/usr/bin/mysql_embedded \
/usr/bin/mysql_find_rows \
/usr/bin/mysql_fix_extensions \
/usr/bin/mysql_waitpid \
/usr/bin/mysqlaccess \
/usr/bin/mysqlanalyze \
/usr/bin/mysqlcheck \
/usr/bin/mysqldump \
/usr/bin/mysqldumpslow \
/usr/bin/mysqlimport \
/usr/bin/mysqloptimize \
/usr/bin/mysqlrepair \
/usr/bin/mysqlreport \
/usr/bin/mysqlshow \
/usr/bin/mysqlslap \
/usr/bin/mytop
RUN chmod +x /usr/bin/install-report && \
/usr/bin/install-report
RUN curl https://getcomposer.org/download/$COMPOSER_VERSION/composer.phar --output /usr/local/bin/composer && \
chmod +x /usr/local/bin/composer /usr/bin/install-report && \
composer self-update
# Healthcheck is nonsensical for this container.
HEALTHCHECK NONE
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM php-core AS php-cli
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
# Install a funky cool repl. # Install a funky cool repl.
RUN composer global require -q psy/psysh:@stable && \ RUN composer global require -q psy/psysh:@stable && \
@ -14,8 +72,11 @@ RUN composer global require -q psy/psysh:@stable && \
COPY cli/psysh-config.php /root/.config/psysh/config.php COPY cli/psysh-config.php /root/.config/psysh/config.php
ARG PHP_CORE_VERSION RUN composer --version && \
FROM ${PHP_CORE_VERSION} AS php-nginx repl --version
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM php-cli AS php-nginx
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker" org.opencontainers.image.source="https://github.com/benzine-framework/docker"
@ -26,10 +87,10 @@ ENV PHPFPM_MAX_CHILDREN=25
COPY nginx /conf COPY nginx /conf
COPY self-signed-certificates /certs COPY self-signed-certificates /certs
# ts:skip=AC_DOCKER_0002 Mis-detecting usage of apt instead of apt-get
RUN apt-get -qq update && \ RUN apt-get -qq update && \
# Install pre-dependencies to use apt-key. # Install pre-dependencies to use apt-key.
apt-get -yqq install --no-install-recommends \ apt-get -yqq install --no-install-recommends \
sudo \
lsb-core \ lsb-core \
gnupg \ gnupg \
&& \ && \
@ -101,13 +162,15 @@ RUN apt-get -qq update && \
mv /conf/php-fpm.runit /etc/service/php-fpm/run && \ mv /conf/php-fpm.runit /etc/service/php-fpm/run && \
mv /conf/letsencrypt.runit /etc/service/letsencrypt/run && \ mv /conf/letsencrypt.runit /etc/service/letsencrypt/run && \
#mv /conf/logs-letsencrypt.runit /etc/service/logs-letsencrypt/run && \ #mv /conf/logs-letsencrypt.runit /etc/service/logs-letsencrypt/run && \
#mv /conf/logs-letsencrypt.finish /etc/service/logs-letsencrypt/finish && \
mv /conf/logs-nginx-access.runit /etc/service/logs-nginx-access/run && \ mv /conf/logs-nginx-access.runit /etc/service/logs-nginx-access/run && \
mv /conf/logs-nginx-error.runit /etc/service/logs-nginx-error/run && \ mv /conf/logs-nginx-error.runit /etc/service/logs-nginx-error/run && \
mv /conf/logs-phpfpm-error.runit /etc/service/logs-phpfpm-error/run && \ mv /conf/logs-phpfpm-error.runit /etc/service/logs-phpfpm-error/run && \
mv /conf/logs-phpfpm-error.finish /etc/service/logs-phpfpm-error/finish && \
# Make sure all our new services are using unix line endings # Make sure all our new services are using unix line endings
dos2unix -q /etc/service/*/run && \ dos2unix -q /etc/service/*/run /etc/service/*/finish && \
# Make sure all our new services are executable # Make sure all our new services are executable
chmod +x /etc/service/*/run && \ chmod +x /etc/service/*/run /etc/service/*/finish && \
# Cleanup the /conf dir # Cleanup the /conf dir
rm -R /conf && \ rm -R /conf && \
# Write the PHP version into some template locations # Write the PHP version into some template locations
@ -133,12 +196,13 @@ VOLUME /etc/letsencrypt
HEALTHCHECK --interval=30s --timeout=3s \ HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost/ || exit 1 CMD curl -f http://localhost/ || exit 1
ARG PHP_CORE_VERSION # checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM ${PHP_CORE_VERSION} AS php-apache FROM php-cli AS php-apache
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \ LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \ org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker" org.opencontainers.image.source="https://github.com/benzine-framework/docker"
ARG PHP_VERSION ARG PHP_VERSION
# ts:skip=AC_DOCKER_0002 Mis-detecting usage of apt instead of apt-get
RUN apt-get -qq update && \ RUN apt-get -qq update && \
apt-get -yqq install --no-install-recommends \ apt-get -yqq install --no-install-recommends \
apache2 \ apache2 \

56
php/Dockerfile.Core
View file

@ -1,56 +0,0 @@
# hadolint ignore=DL3007
FROM benzine/marshall:latest AS php-core
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
ARG PHP_PACKAGES
ARG COMPOSER_UPDATE_FLAGS
ENV COMPOSER_ALLOW_SUPERUSER=1
COPY core/install-report.sh /usr/bin/install-report
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN echo "APT::Acquire::Retries \"5\";" > /etc/apt/apt.conf.d/80-retries && \
echo "Acquire::http::No-Cache=true;" > /etc/apt/apt.conf.d/80-no-cache && \
echo "Acquire::http::Pipeline-Depth=0;" > /etc/apt/apt.conf.d/80-no-pipeline && \
apt-get -qq update && \
apt-get -yqq upgrade && \
apt-get -yqq install --no-install-recommends \
python3-software-properties \
software-properties-common \
&& \
echo "PHP packages to install:" && echo $PHP_PACKAGES && \
add-apt-repository -y ppa:ondrej/php && \
apt-get -qq update && \
apt-get -yqq install --no-install-recommends $PHP_PACKAGES &&\
apt-get remove -yqq \
software-properties-common \
python-apt-common \
python3-software-properties \
python3.5 python3.5-minimal libpython3.5-minimal \
&& \
apt-get autoremove -yqq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log && \
rm -rf /usr/bin/mariabackup \
/usr/bin/mysql_embedded \
/usr/bin/mysql_find_rows \
/usr/bin/mysql_fix_extensions \
/usr/bin/mysql_waitpid \
/usr/bin/mysqlaccess \
/usr/bin/mysqlanalyze \
/usr/bin/mysqlcheck \
/usr/bin/mysqldump \
/usr/bin/mysqldumpslow \
/usr/bin/mysqlimport \
/usr/bin/mysqloptimize \
/usr/bin/mysqlrepair \
/usr/bin/mysqlreport \
/usr/bin/mysqlshow \
/usr/bin/mysqlslap \
/usr/bin/mytop
RUN chmod +x /usr/bin/install-report && \
/usr/bin/install-report
RUN curl https://getcomposer.org/composer-stable.phar --output /usr/local/bin/composer && \
chmod +x /usr/local/bin/composer /usr/bin/install-report && \
composer self-update ${COMPOSER_UPDATE_FLAGS}

38
php/Makefile
View file

@ -1,38 +0,0 @@
BUILD:=docker build
docker-marshall:
$(BUILD) \
--tag benzine/marshall:latest \
../marshall
docker-php-core:
$(BUILD) \
--build-arg PHP_PACKAGES="git htop mariadb-client php${PHP_VERSION}-apcu php${PHP_VERSION}-bcmath php${PHP_VERSION}-bz2 php${PHP_VERSION}-cli php${PHP_VERSION}-curl php${PHP_VERSION}-gd php${PHP_VERSION}-imap php${PHP_VERSION}-imagick php${PHP_VERSION}-intl php${PHP_VERSION}-ldap php${PHP_VERSION}-mailparse php${PHP_VERSION}-mbstring php${PHP_VERSION}-memcache php${PHP_VERSION}-mongodb php${PHP_VERSION}-mysql php${PHP_VERSION}-opcache php${PHP_VERSION}-pgsql php${PHP_VERSION}-phpdbg php${PHP_VERSION}-pspell php${PHP_VERSION}-redis php${PHP_VERSION}-soap php${PHP_VERSION}-sqlite php${PHP_VERSION}-xdebug php${PHP_VERSION}-xml php${PHP_VERSION}-zip postgresql-client" \
--build-arg PHP_VERSION=${PHP_VERSION} \
--tag benzine/php:core-${PHP_VERSION} \
--target php-core \
--file Dockerfile.Core \
.
docker-php-flavour:
$(BUILD) \
--build-arg PHP_CORE_VERSION=benzine/php:core-${PHP_VERSION} \
--build-arg PHP_VERSION=${PHP_VERSION} \
--tag benzine/php:${FLAVOUR}-${PHP_VERSION} \
--target php-${FLAVOUR} \
--file Dockerfile.Flavours \
.
bake-flavours:
$(MAKE) docker-php-flavour FLAVOUR=cli
$(MAKE) docker-php-flavour FLAVOUR=nginx
#$(MAKE) docker-php-flavour FLAVOUR=apache
bake:
$(MAKE) docker-marshall
#$(MAKE) docker-php-core bake-flavours PHP_VERSION=7.3
#$(MAKE) docker-php-core bake-flavours PHP_VERSION=7.4
#$(MAKE) docker-php-core bake-flavours PHP_VERSION=8.0
$(MAKE) docker-php-core bake-flavours PHP_VERSION=8.1
all: bake

46
php/README.md
View file

@ -1,46 +0,0 @@
```bash
▄▄▄▄ ▓█████ ███▄ █ ▒███████▒ ██▓ ███▄ █ ▓█████
▓█████▄ ▓█ ▀ ██ ▀█ █ ▒ ▒ ▒ ▄▀░▓██▒ ██ ▀█ █ ▓█ ▀
▒██▒ ▄██▒███ ▓██ ▀█ ██▒░ ▒ ▄▀▒░ ▒██▒▓██ ▀█ ██▒▒███
▒██░█▀ ▒▓█ ▄ ▓██▒ ▐▌██▒ ▄▀▒ ░░██░▓██▒ ▐▌██▒▒▓█ ▄
░▓█ ▀█▓░▒████▒▒██░ ▓██░▒███████▒░██░▒██░ ▓██░░▒████▒
░▒▓███▀▒░░ ▒░ ░░ ▒░ ▒ ▒ ░▒▒ ▓░▒░▒░▓ ░ ▒░ ▒ ▒ ░░ ▒░ ░
▒░▒ ░ ░ ░ ░░ ░░ ░ ▒░░░▒ ▒ ░ ▒ ▒ ░░ ░░ ░ ▒░ ░ ░ ░
░▄▄▄▄ ░ ░▄▄▄░ ▒░ ░ ░██████░▓█████ ░ ░ ██▓ ███▄░▄███▓ ▄▄▄ ▄████ ▓█████
▓█████▄ ▒████▄░ ▒██ ▒░▓█ ▀ ░ ▓██▒▓██▒▀█▀ ██▒▒████▄ ██▒ ▀█▒▓█ ▀
▒██▒ ▄██▒██ ▀█▄ ░ ▓██▄ ▒███ ▒██▒▓██ ▓██░▒██ ▀█▄ ▒██░▄▄▄░▒███
▒██░█▀ ░██▄▄▄▄██ ▒ ██▒▒▓█ ▄ ░██░▒██ ▒██ ░██▄▄▄▄██ ░▓█ ██▓▒▓█ ▄
░▓█ ▀█▓ ▓█ ▓██▒▒██████▒▒░▒████▒ ░██░▒██▒ ░██▒ ▓█ ▓██▒░▒▓███▀▒░▒████▒
░▒▓███▀▒ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░░░ ▒░ ░ ░▓ ░ ▒░ ░ ░ ▒▒ ▓▒█░ ░▒ ▒ ░░ ▒░ ░
▒░▒ ░ ▒ ▒▒ ░░ ░▒ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ▒▒ ░ ░ ░ ░ ░ ░
░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
```
[![Build](https://github.com/benzine-framework/docker-php/actions/workflows/build.yml/badge.svg)](https://github.com/benzine-framework/docker-php/actions/workflows/build.yml)
Docker PHP Base kit based on lessons learned from phusion/baseimage using runit to allow for multiple processes, featuring multiple versions of PHP and NodeJS.
| Name | Architecture | Size | Last Updated | Microbadger |
|----------------------|--------------|----------------------------------------------------------------------------------------------------:|--------------------:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
| benzine/marshall:latest | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/49.04MB-green.svg)](https://hub.docker.com/r/benzine/marshall) | 2021-02-16 13:04:48 | [![](https://images.microbadger.com/badges/image/benzine/marshall:latest.svg)](https://microbadger.com/images/benzine/marshall:latest "Get your own image badge on microbadger.com") |
| benzine/php:apache | AMD64 | [![Layers](https://img.shields.io/badge/127.09MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:35 | [![](https://images.microbadger.com/badges/image/benzine/php:apache.svg)](https://microbadger.com/images/benzine/php:apache "Get your own image badge on microbadger.com") |
| benzine/php:cli | AMD64 | [![Layers](https://img.shields.io/badge/123.56MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:35 | [![](https://images.microbadger.com/badges/image/benzine/php:cli.svg)](https://microbadger.com/images/benzine/php:cli "Get your own image badge on microbadger.com") |
| benzine/php:nginx | AMD64 | [![Layers](https://img.shields.io/badge/133.72MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:33 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx.svg)](https://microbadger.com/images/benzine/php:nginx "Get your own image badge on microbadger.com") |
| benzine/php:nginx-8.0 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/133.65MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:02 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-8.0.svg)](https://microbadger.com/images/benzine/php:nginx-8.0 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.0 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.31MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:18:58 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.0.svg)](https://microbadger.com/images/benzine/php:nginx-7.0 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.4 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/133.72MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:18:52 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.4.svg)](https://microbadger.com/images/benzine/php:nginx-7.4 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.1 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.55MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:18:16 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.1.svg)](https://microbadger.com/images/benzine/php:nginx-7.1 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.3 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.95MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:53 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.3.svg)](https://microbadger.com/images/benzine/php:nginx-7.3 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.2 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.96MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:45 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.2.svg)](https://microbadger.com/images/benzine/php:nginx-7.2 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.0 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/126.67MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:25 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.0.svg)](https://microbadger.com/images/benzine/php:apache-7.0 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.4 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/127.09MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:01 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.4.svg)](https://microbadger.com/images/benzine/php:apache-7.4 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.3 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/127.32MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:16:19 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.3.svg)](https://microbadger.com/images/benzine/php:apache-7.3 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.1 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/126.91MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:16:18 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.1.svg)](https://microbadger.com/images/benzine/php:apache-7.1 "Get your own image badge on microbadger.com") |
| benzine/php:apache-8.0 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/127.02MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:16:12 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-8.0.svg)](https://microbadger.com/images/benzine/php:apache-8.0 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.2 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/123.78MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:15:47 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.2.svg)](https://microbadger.com/images/benzine/php:cli-7.2 "Get your own image badge on microbadger.com") |
| benzine/php:cli-8.0 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/123.44MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:14:58 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-8.0.svg)](https://microbadger.com/images/benzine/php:cli-8.0 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.2 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/127.34MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:14:06 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.2.svg)](https://microbadger.com/images/benzine/php:apache-7.2 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.4 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/123.56MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:13:56 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.4.svg)](https://microbadger.com/images/benzine/php:cli-7.4 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.0 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/123.27MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:13:12 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.0.svg)](https://microbadger.com/images/benzine/php:cli-7.0 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.3 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/123.80MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:12:44 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.3.svg)](https://microbadger.com/images/benzine/php:cli-7.3 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.1 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/123.36MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:12:11 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.1.svg)](https://microbadger.com/images/benzine/php:cli-7.1 "Get your own image badge on microbadger.com") |

23
php/README.template
View file

@ -1,23 +0,0 @@
```bash
▄▄▄▄ ▓█████ ███▄ █ ▒███████▒ ██▓ ███▄ █ ▓█████
▓█████▄ ▓█ ▀ ██ ▀█ █ ▒ ▒ ▒ ▄▀░▓██▒ ██ ▀█ █ ▓█ ▀
▒██▒ ▄██▒███ ▓██ ▀█ ██▒░ ▒ ▄▀▒░ ▒██▒▓██ ▀█ ██▒▒███
▒██░█▀ ▒▓█ ▄ ▓██▒ ▐▌██▒ ▄▀▒ ░░██░▓██▒ ▐▌██▒▒▓█ ▄
░▓█ ▀█▓░▒████▒▒██░ ▓██░▒███████▒░██░▒██░ ▓██░░▒████▒
░▒▓███▀▒░░ ▒░ ░░ ▒░ ▒ ▒ ░▒▒ ▓░▒░▒░▓ ░ ▒░ ▒ ▒ ░░ ▒░ ░
▒░▒ ░ ░ ░ ░░ ░░ ░ ▒░░░▒ ▒ ░ ▒ ▒ ░░ ░░ ░ ▒░ ░ ░ ░
░▄▄▄▄ ░ ░▄▄▄░ ▒░ ░ ░██████░▓█████ ░ ░ ██▓ ███▄░▄███▓ ▄▄▄ ▄████ ▓█████
▓█████▄ ▒████▄░ ▒██ ▒░▓█ ▀ ░ ▓██▒▓██▒▀█▀ ██▒▒████▄ ██▒ ▀█▒▓█ ▀
▒██▒ ▄██▒██ ▀█▄ ░ ▓██▄ ▒███ ▒██▒▓██ ▓██░▒██ ▀█▄ ▒██░▄▄▄░▒███
▒██░█▀ ░██▄▄▄▄██ ▒ ██▒▒▓█ ▄ ░██░▒██ ▒██ ░██▄▄▄▄██ ░▓█ ██▓▒▓█ ▄
░▓█ ▀█▓ ▓█ ▓██▒▒██████▒▒░▒████▒ ░██░▒██▒ ░██▒ ▓█ ▓██▒░▒▓███▀▒░▒████▒
░▒▓███▀▒ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░░░ ▒░ ░ ░▓ ░ ▒░ ░ ░ ▒▒ ▓▒█░ ░▒ ▒ ░░ ▒░ ░
▒░▒ ░ ▒ ▒▒ ░░ ░▒ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ▒▒ ░ ░ ░ ░ ░ ░
░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
```
[![Build](https://github.com/goneio/base-image/actions/workflows/build.yml/badge.svg)](https://github.com/goneio/base-image/actions/workflows/build.yml)
Docker PHP Base kit based on lessons learned from phusion/baseimage using runit to allow for multiple processes, featuring multiple versions of PHP and NodeJS.
{{TABLE}}

9
php/apache/apache.runit
View file

@ -1,9 +1,10 @@
#!/bin/bash #!/bin/bash
# Ignore not following /etc/apache2/envvars
# shellcheck disable=SC1091
source /etc/apache2/envvars source /etc/apache2/envvars
echo "ServerName $HOSTNAME" > /etc/apache2/conf-available/fqdn.conf echo "ServerName ${HOSTNAME}" >/etc/apache2/conf-available/fqdn.conf
echo "*** Setting Apache's ServerName directive to \"$HOSTNAME\":"; echo "*** Setting Apache's ServerName directive to \"${HOSTNAME}\":"
a2enconf fqdn >/dev/null a2enconf fqdn >/dev/null
sleep 3; sleep 3
exec /usr/sbin/apache2 -D FOREGROUND exec /usr/sbin/apache2 -D FOREGROUND

49
php/core/install-report.sh
View file

@ -1,45 +1,44 @@
#!/bin/bash #!/bin/bash
UBUNTU_VERSION=$(cat /etc/os-release | grep VERSION= | cut -d'=' -f2 | sed -e 's/\"//g') # shellcheck disable=SC1091,SC2312
PHP_VERSION=$(/usr/bin/php --version | head -n 1 | cut -d' ' -f2 | cut -d'-' -f1); source /usr/local/lib/marshall_installer
COMPOSER_VERSION=$(/usr/local/bin/composer --version | cut -d' ' -f 3); printf "Executing: %b%s%b\n" "${COLOUR_SUCCESS}" "Install Report" "${COLOUR_RESET}"
PROJECT_CODE_SIZE=$(du -cBM /app | grep total | cut -f1);
PROJECT_CODE_SIZE_BYTES=$(du -c /app | grep total | cut -f1); PHP_VERSION=$(/usr/bin/php --version | head -n 1 | cut -f2 -d' ' | cut -f1 -d'-')
COMPOSER_VERSION=$(/usr/local/bin/composer --version | cut -f3 -d' ')
GIT_VERSION=$(git --version | sed 's|git version ||')
PROJECT_CODE_SIZE=$(du -cBM /app | grep total | cut -f1)
PROJECT_CODE_SIZE_BYTES=$(du -c /app | grep total | cut -f1)
PHP_MODULES=$(/usr/bin/php -m) PHP_MODULES=$(/usr/bin/php -m)
MAX_CODE_SIZE_BYTES=100000000; MAX_CODE_SIZE_BYTES=100000000
MODULES_COLUMNS=6 MODULES_COLUMNS=6
COLOUR_FAIL='\e[31m' [[ ${PROJECT_CODE_SIZE_BYTES} -gt ${MAX_CODE_SIZE_BYTES} ]] && COLOUR_CODE_SIZE="${COLOUR_FAIL}" || COLOUR_CODE_SIZE="${COLOUR_SUCCESS}"
COLOUR_SUCCESS='\e[32m'
COLOUR_RESET='\e[0m'
[[ $PROJECT_CODE_SIZE_BYTES -gt $MAX_CODE_SIZE_BYTES ]] && COLOUR_CODE_SIZE="${COLOUR_FAIL}" || COLOUR_CODE_SIZE="${COLOUR_SUCCESS}";
MODULES=("SimpleXML" "dom" "mcrypt" "sodium" "Reflection" "xml" "xsl" "Xdebug" "PDO" "pdo_mysql" "pdo_pgsql" "pdo_sqlite" "mysqlnd" "mysqli" "pgsql" "sqlite3" "tokenizer" "bz2" "zip" "zlib" "apcu" "redis" "mongodb" "memcached" "gd" "exif" "imap" "bcmath" "intl" "json" "ldap" "mbstring" "curl" "soap") MODULES=("SimpleXML" "dom" "mcrypt" "sodium" "Reflection" "xml" "xsl" "Xdebug" "PDO" "pdo_mysql" "pdo_pgsql" "pdo_sqlite" "mysqlnd" "mysqli" "pgsql" "sqlite3" "tokenizer" "bz2" "zip" "zlib" "apcu" "redis" "mongodb" "memcached" "gd" "exif" "imap" "bcmath" "intl" "json" "ldap" "mbstring" "curl" "soap")
echo -e "Marshall Build: ${COLOUR_SUCCESS}${MARSHALL_VERSION}${COLOUR_RESET} at ${COLOUR_SUCCESS}${MARSHALL_BUILD_DATE}${COLOUR_RESET} on ${COLOUR_SUCCESS}${MARSHALL_BUILD_HOST}${COLOUR_RESET}" echo -e "Ubuntu Version installed: ${COLOUR_BRIGHT_BLUE}${UBUNTU_VERSION}${COLOUR_RESET}"
echo -e "Ubuntu Version installed: ${COLOUR_SUCCESS}${UBUNTU_VERSION}${COLOUR_RESET}" echo -e "PHP Version installed: ${COLOUR_BRIGHT_BLUE}${PHP_VERSION}${COLOUR_RESET}"
echo -e "PHP Version installed: ${COLOUR_SUCCESS}${PHP_VERSION}${COLOUR_RESET}" echo -e "Composer Version installed: ${COLOUR_BRIGHT_BLUE}${COMPOSER_VERSION}${COLOUR_RESET}"
echo -e "Composer Version installed: ${COLOUR_SUCCESS}${COMPOSER_VERSION}${COLOUR_RESET}" echo -e "Git Version installed: ${COLOUR_BRIGHT_BLUE}${GIT_VERSION}${COLOUR_RESET}"
echo -e "Application Size: ${COLOUR_CODE_SIZE}${PROJECT_CODE_SIZE}${COLOUR_RESET}" echo -e "Application Size: ${COLOUR_CODE_SIZE}${PROJECT_CODE_SIZE}${COLOUR_RESET}"
echo -e "PHP Modules installed:" echo -e "PHP Modules installed:"
i=1; i=1
for module in "${MODULES[@]}" for module in "${MODULES[@]}"; do
do (
([[ $PHP_MODULES =~ "${module}" ]] && \ [[ ${PHP_MODULES} =~ ${module} ]] &&
printf "%b%s%b %-14s " $COLOUR_SUCCESS '✓' $COLOUR_RESET "${module}" \ printf "%b%s%b %-14s " "${COLOUR_SUCCESS}" "✓" "${COLOUR_RESET}" "${module}" ||
|| \ printf "%b%s%b %-14s " "${COLOUR_FAIL}" "✕" "${COLOUR_RESET}" "${module}"
printf "%b%s%b %-14s " $COLOUR_FAIL '✕' $COLOUR_RESET "${module}" \
) )
if ! (( i % $MODULES_COLUMNS )); then if ! ((i % MODULES_COLUMNS)); then
echo "" echo ""
fi fi
i=$((i+1)); i=$((i + 1))
done done
echo echo
# @todo This bombs out if it can't read from a restricted repo. Revise later. # @todo This bombs out if it can't read from a restricted repo. Revise later.
#if [ -f /app/composer.json ]; then #if [ -f /app/composer.json ]; then
# if [ -f /app/composer.lock ]; then # if [ -f /app/composer.lock ]; then
# echo -e "Outdated ${COLOUR_FAIL}Composer${COLOUR_RESET} packages:" # echo -e "Outdated ${COLOUR_FAIL}Composer${COLOUR_NONE} packages:"
# /usr/local/bin/composer outdated # /usr/local/bin/composer outdated
# fi # fi
#fi #fi

22
php/nginx/letsencrypt.runit
View file

@ -1,19 +1,19 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [ -z "$LETSENCRYPT_DOMAINS" ]; then if [[ -z ${LETSENCRYPT_DOMAINS} ]]; then
echo "LetsEncrypt not enabled" echo "LetsEncrypt not enabled"
while true; do while true; do
sleep infinity sleep infinity
done done
fi fi
if [ -z "$LETSENCRYPT_EMAIL" ]; then if [[ -z ${LETSENCRYPT_EMAIL} ]]; then
echo "LetsEncrypt not enabled - You must set LETSENCRYPT_EMAIL" echo "LetsEncrypt not enabled - You must set LETSENCRYPT_EMAIL"
while true; do while true; do
sleep infinity sleep infinity
done done
fi fi
if [ "${LETSENCRYPT_MODE,,}" = "production" ]; then if [[ ${LETSENCRYPT_MODE,,} == "production" ]]; then
echo -e "LetsEncrypt is running against the \e[32mPRODUCTION\e[0m servers." echo -e "LetsEncrypt is running against the \e[32mPRODUCTION\e[0m servers."
LETSENCRYPT_MODE="" LETSENCRYPT_MODE=""
else else
@ -23,25 +23,25 @@ fi
echo -e "To change this, change the value of LETSENCRYPT_MODE" echo -e "To change this, change the value of LETSENCRYPT_MODE"
# Give Nginx a moment to start before we kill it again. # Give Nginx a moment to start before we kill it again.
sleep 30; sleep 30
echo -e "Certbot is running for \e[33m${LETSENCRYPT_EMAIL}\e[0m / \e[33m${LETSENCRYPT_DOMAINS}\e[0m..." echo -e "Certbot is running for \e[33m${LETSENCRYPT_EMAIL}\e[0m / \e[33m${LETSENCRYPT_DOMAINS}\e[0m..."
( \ (
set -x; \ set -x
certbot \ certbot \
certonly \ certonly \
--nginx \ --nginx \
$LETSENCRYPT_MODE \ "${LETSENCRYPT_MODE}" \
-d $LETSENCRYPT_DOMAINS \ -d "${LETSENCRYPT_DOMAINS}" \
-n \ -n \
-m $LETSENCRYPT_EMAIL \ -m "${LETSENCRYPT_EMAIL}" \
--agree-tos \ --agree-tos
) )
echo -e "Certbot complete!" echo -e "Certbot complete!"
# replace the self-certs with these lovely new certs. # replace the self-certs with these lovely new certs.
if [ -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem" ]; then if [[ -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem" ]]; then
sed -i "s|ssl_certificate .*|ssl_certificate /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem;|g" /etc/nginx/sites-enabled/default-ssl sed -i "s|ssl_certificate .*|ssl_certificate /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem;|g" /etc/nginx/sites-enabled/default-ssl
sed -i "s|ssl_certificate_key .*|ssl_certificate_key /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/privkey.pem;|g" /etc/nginx/sites-enabled/default-ssl sed -i "s|ssl_certificate_key .*|ssl_certificate_key /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/privkey.pem;|g" /etc/nginx/sites-enabled/default-ssl

2
php/nginx/logs-letsencrypt.finish Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
sleep 1

2
php/nginx/logs-letsencrypt.runit
View file

@ -1,6 +1,4 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [[ -f /var/log/letsencrypt/letsencrypt.log ]]; then if [[ -f /var/log/letsencrypt/letsencrypt.log ]]; then
tail -f /var/log/letsencrypt/letsencrypt.log tail -f /var/log/letsencrypt/letsencrypt.log
else
sleep 1
fi fi

2
php/nginx/logs-nginx-access.runit
View file

@ -1,2 +1,2 @@
#!/usr/bin/env bash #!/usr/bin/env bash
tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping || true

2
php/nginx/logs-phpfpm-error.finish Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
sleep 1

10
php/nginx/logs-phpfpm-error.runit
View file

@ -1,6 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [[ -f /var/log/php*-fpm.log ]]; then # for each php-fpm log file, tail it
tail -f /var/log/php*-fpm.log # if there are no php-fpm log files, sleep for a second
else for i in /var/log/php*-fpm.log; do
sleep 1 if [[ -f ${i} ]]; then
tail -f "${i}" &
fi fi
done

5
php/nginx/nginx.runit
View file

@ -1,10 +1,10 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [ -z "${SSL_CERTIFICATE}" ]; then if [[ -z ${SSL_CERTIFICATE} ]]; then
echo "No certificate set, using defaults" echo "No certificate set, using defaults"
else else
echo "Setting /certs/example.crt and /certs/example.key" echo "Setting /certs/example.crt and /certs/example.key"
echo "${SSL_CERTIFICATE}" >/certs/example.crt echo "${SSL_CERTIFICATE}" >/certs/example.crt
if [ -n "${SSL_CERTIFICATE_CA}" ]; then if [[ -n ${SSL_CERTIFICATE_CA} ]]; then
echo "Adding CA to /certs/example.crt" echo "Adding CA to /certs/example.crt"
echo "${SSL_CERTIFICATE_CA}" >>/certs/example.crt echo "${SSL_CERTIFICATE_CA}" >>/certs/example.crt
fi fi
@ -12,4 +12,3 @@ else
fi fi
/usr/sbin/nginx /usr/sbin/nginx

10
php/nginx/php-fpm.runit
View file

@ -1,8 +1,10 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Load envs into PHP-fpm's env.conf.
# shellcheck disable=SC1083,SC2312
env | sed "s/\(.*\)=\(.*\)/env[\1]='\2'/" >/etc/php/{{PHP}}/fpm/conf.d/env.conf env | sed "s/\(.*\)=\(.*\)/env[\1]='\2'/" >/etc/php/{{PHP}}/fpm/conf.d/env.conf
if [ "${DEBUG_MODE,,}" = "on" ]; then if [[ ${DEBUG_MODE,,} == "on" ]]; then
ENABLE_DEBUG_MODE=true ENABLE_DEBUG_MODE=true
PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-1024M}" PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-1024M}"
else else
@ -10,13 +12,13 @@ else
PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-128M}" PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-128M}"
fi fi
PHP_CLI_MEMORY_LIMIT="${PHP_CLI_MEMORY_LIMIT:-$PHP_MEMORY_LIMIT}" PHP_CLI_MEMORY_LIMIT="${PHP_CLI_MEMORY_LIMIT:-${PHP_MEMORY_LIMIT}}"
sed -i "s|memory_limit = .*|memory_limit = ${PHP_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/fpm/php.ini sed -i "s|memory_limit = .*|memory_limit = ${PHP_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/fpm/php.ini
sed -i "s|\[memory_limit\] = .*|\[memory_limit\] = ${PHP_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/fpm/pool.d/www.conf sed -i "s|\[memory_limit\] = .*|\[memory_limit\] = ${PHP_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/fpm/pool.d/www.conf
sed -i "s|memory_limit = .*|memory_limit = ${PHP_CLI_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/cli/php.ini sed -i "s|memory_limit = .*|memory_limit = ${PHP_CLI_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/cli/php.ini
if [ $ENABLE_DEBUG_MODE = true ]; then if [[ ${ENABLE_DEBUG_MODE} == true ]]; then
echo -e "#Controlled via DEBUG_MODE environment variable\nzend_extension=xdebug.so\n[xdebug]\n\ echo -e "#Controlled via DEBUG_MODE environment variable\nzend_extension=xdebug.so\n[xdebug]\n\
xdebug.mode=debug\n\ xdebug.mode=debug\n\
xdebug.discover_client_host=true\n\ xdebug.discover_client_host=true\n\
@ -32,5 +34,5 @@ else
fi fi
echo "To change this, change the value of DEBUG_MODE to either 'on' or 'off'" echo "To change this, change the value of DEBUG_MODE to either 'on' or 'off'"
# shellcheck disable=SC2288
/usr/sbin/php-fpm{{PHP}} -F -R /usr/sbin/php-fpm{{PHP}} -F -R

23
redis/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here. This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements # Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._ - **Be friendly and patient.**
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._ - **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour # Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological. - Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm. - Threats of violence, both physical and psycological.
* Continued communication after requests to cease. - Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions # Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work. - Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible. - Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

Some files were not shown because too many files have changed in this diff Show more