Benzine/Docker-Swarm-Loadbalancer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions1

Trunk linter ()

Browse source 
* linting is fun

* mis-detection of missing healthcheck staements.

* typo

* disable tagging vanity tags on non-main branch

* Unbugger node build?

* Add gitleaks detector, remove an expired secret.

* More linting-derived cleanup

* Fiddle with trivy

* Fiddle with trivy

* add a readme

* Fix build bug with php flavours

* Marshall should build other flavours of ubuntu.

* Fiddle with act cache location.

* Add concurrency checks

* Composer version gubbins for 7.0/7.1

* ubuntu is just a label, and injected over the top of.

* Composer version gubbins for 7.0/7.1

* Run when workflow is altered too please.

* Hopefully fix composer stage.

* setup tooling meta-tooling.

* Add trunk

* Disable mirror mode, its being problematic, and increase retries to 5.

* Revisit how ghcr login works.

* Add trunk checks.

* All hail the linter

* Heavilly revise workflow

* Fettling

* Fettling

* Fettling

* Fettling

* Fettling

* Cleanup

* Cleanup

* Fettling.. Why does mitm build but not redis?

* Fettling.. Why does mitm build but not redis?

* Debuggin

* Fettling.

* Fix build?

* Permissions are a pain

* Switch around some should_push logic because envs aren't available that early.

* Permissionssssss

* Trivy, bane of my life

* Fix merge?

* Fix labels

* Help node along, among other things

* Redis 6.1 & 7.1 aren't a thing any more.

* Ffff USER nonsense

* latest-openssl doesn't exist.

* fixup mysqlproxy.

* Fix labels

* uurrgh

* uurrgh

* Didn't need to add the mitmproxy user, it exists

* Missing ghcr login

* Missing backtick

* Fix build?

* Add validate build step to bouncer.

* Fix bouncer build

* Disable laravel build

* Missing env

* Fix swarm mon build

* Scout just doesn't seem to work.
This commit is contained in:
Greyscale 2024-02-07 16:21:14 +01:00 committed by GitHub
parent 73c3900f75
commit 6db6395f66
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
126 changed files with 2925 additions and 2442 deletions
.actrc
.github
cache
act
artifacts
.gitkeep
cache
.gitkeep
docker
.gitkeep
workflows
bouncer.ymlbuild.ymllaravel.ymllint.ymlmarshall.ymlmitm-proxy.ymlmqtt.ymlmysql-proxy.ymlnode.ymloctoprint.ymlphp-flavours.ymlphp-vanity-tags.ymlphp.ymlredis.ymlswarm-monitor.ymltrunk.cache.ymltrunk.check.ymlwordpress.yml
.gitignore.gitleaksignore.trivyignore
.trunk
.gitignore
configs
.gitleaksignore.hadolint.yaml.markdownlint.yaml.shellcheck.shellcheckrc.trivyignore.yamllint.yaml
trunk.yaml
Readme.md
bouncer
DockerfileReadme.mdbouncer.finishcomposer.lockdocker-compose.ymlgrey-ooo-test.ymllogs-nginx-access.runitlogs.finishlogs.runit
public
index.html
laravel
CODE_OF_CONDUCT.mdDockerfilelaravel-horizon.finishlaravel-horizon.runitlaravel-scheduler.runitlaravel.runitmigrate.runitnginx.runitwait-for-mysql
marshall
CODE_OF_CONDUCT.mdDockerfile
etc/service
logrotate
logrotate.runit
rsyslog
rsyslog.finishrsyslog.runit
installers
000_apt.sh001_bash.sh002_timezone.sh003_dos2unix.sh004_gpgagent.sh050_runit.sh100_cron.sh101_rsyslog.sh900_utils.sh999_cleanup.shconfiginstall
usr/bin
package-report
mitm-proxy
CODE_OF_CONDUCT.mdDockerfile
mqtt
Dockerfile
mysql-proxy
.hadolint.yamlDockerfileREADME.mddocker-compose.ymlentrypoint.shhealthcheck.sh
node
CODE_OF_CONDUCT.mdDockerfile
php
CODE_OF_CONDUCT.mdDockerfileDockerfile.CoreMakefileREADME.mdREADME.template
apache
apache.runit
core
install-report.sh
nginx
letsencrypt.runitlogs-letsencrypt.finishlogs-letsencrypt.runitlogs-nginx-access.runitlogs-phpfpm-error.finishlogs-phpfpm-error.runitnginx.runitphp-fpm.runit
redis
CODE_OF_CONDUCT.md
Show more

14
.actrc
View file

@ -1,9 +1,11 @@
--secret-file .act-secrets
--bind
--action-cache-path .github/cache/act/actions
--artifact-server-path .github/cache/act/artifacts
--artifact-server-port 34566
--cache-server-path .github/cache/act/cache
-P self-hosted=ghcr.io/catthehacker/ubuntu:act-latest
-P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
-P ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
-P ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
-P ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04
--use-new-action-cache
--platform self-hosted=ghcr.io/catthehacker/ubuntu:act-latest
--platform ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
--platform ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
--platform ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
--platform ubuntu-18.04=ghcr.io/catthehacker/ubuntu:act-18.04

0
.github/cache/act/artifacts/.gitkeep vendored
View file

0
.github/cache/act/cache/.gitkeep vendored
View file

0
.github/cache/docker/.gitkeep vendored
View file

50
.github/workflows/bouncer.yml vendored
View file

@ -1,24 +1,25 @@
name: Build Nginx + LetsEncrypt Bouncer
permissions:
contents: read
packages: write
on:
push:
paths:
- '.github/workflows/bouncer.yml'
- 'bouncer/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Flavours
branches: [ 'master', 'feature/**' ]
types:
- completed
- main
paths:
- bouncer/**
- .github/workflows/bouncer.yml
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
bouncer-build:
name: "Bake Bouncer Container"
name: Bake Bouncer Container
runs-on: ubuntu-latest
steps:
- name: "Setup: Get Date"
@ -48,17 +49,16 @@ jobs:
uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }}
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Setup: Checkout Source"
@ -86,6 +86,7 @@ jobs:
target: bouncer
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
#push: ${{ env.should_push && !env.ACT }}
push: true
build-args: |
GIT_SHA=${{ github.sha }}
@ -94,5 +95,16 @@ jobs:
tags: |
${{ !env.ACT && 'benzine/bouncer:latest' || '' }}
${{ !env.ACT && 'ghcr.io/benzine-framework/bouncer:latest' || 'ghcr.io/benzine-framework/bouncer:devel' }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=/tmp' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=/tmp' }}
build-contexts: |
php:cli=docker-image://ghcr.io/benzine-framework/php:cli-8.2
- name: "Validate build"
shell: bash
run: |
docker \
run \
--rm \
ghcr.io/benzine-framework/bouncer:latest \
/usr/bin/install-report

121
.github/workflows/build.yml vendored Normal file
View file

@ -0,0 +1,121 @@
name: Build
on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- main
workflow_dispatch:
concurrency:
group: build-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions: read-all
jobs:
qc-before:
name: QC Trunk
uses: ./.github/workflows/trunk.check.yml
secrets: inherit
permissions: write-all
marshall:
needs: qc-before
name: Marshall
uses: ./.github/workflows/marshall.yml
secrets: inherit
permissions:
contents: read
packages: write
php:
needs: marshall
name: PHP Core
uses: ./.github/workflows/php.yml
secrets: inherit
permissions:
contents: read
packages: write
#laravel:
# needs: php
# name: PHP Vanity Tags
# uses: ./.github/workflows/laravel.yml
# secrets: inherit
# permissions:
# contents: read
# packages: write
bouncer:
needs: php
name: Nginx Load Balancer (Bouncer)
uses: ./.github/workflows/bouncer.yml
secrets: inherit
permissions:
contents: read
packages: write
mitm-proxy:
needs: qc-before
name: Man-in-the-middle proxy w/Healthchecks
uses: ./.github/workflows/mitm-proxy.yml
secrets: inherit
permissions:
contents: read
packages: write
mqtt:
needs: qc-before
name: MQTT w/Healthchecks
uses: ./.github/workflows/mqtt.yml
secrets: inherit
permissions:
contents: read
packages: write
mysql-proxy:
needs: qc-before
name: MySQL Proxy
uses: ./.github/workflows/mysql-proxy.yml
secrets: inherit
permissions:
contents: read
packages: write
#node:
# needs: marshall
# name: Node
# uses: ./.github/workflows/node.yml
# secrets: inherit
# permissions:
# contents: read
# packages: write
redis:
needs: qc-before
name: Redis w/Healthchecks
uses: ./.github/workflows/redis.yml
secrets: inherit
permissions:
contents: read
packages: write
swarm-monitor:
needs: php
name: Swarm Monitor
uses: ./.github/workflows/swarm-monitor.yml
secrets: inherit
permissions:
contents: read
packages: write
wordpress:
needs: php
name: Wordpress
uses: ./.github/workflows/wordpress.yml
secrets: inherit
permissions:
contents: read
packages: write

44
.github/workflows/laravel.yml vendored
View file

@ -1,23 +1,18 @@
name: Build Laravel Container
permissions:
contents: read
packages: write
on:
push:
paths:
- 'laravel/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Vanity Tags
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
laravel-build:
name: "Bake Laravel Container"
name: "Build: Laravel Container"
runs-on: ubuntu-latest
strategy:
fail-fast: false
@ -36,7 +31,7 @@ jobs:
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
- uses: docker/login-action@v3
name: Login to Docker Hub
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -48,27 +43,32 @@ jobs:
context: laravel
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ !env.ACT && true || false }}
push: ${{ env.should_push && !env.ACT }}
build-args: |
PHP_VERSION=${{ matrix.version }}
tags: |
ghcr.io/benzine-framework/laravel:php-${{ matrix.version }}
benzine/laravel:php-${{ matrix.version }}
matthewbaggett/laravel:${{ matrix.version }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=/tmp' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=/tmp' }}
build-contexts: |
php:nginx=docker-image://ghcr.io/benzine-framework/php:nginx-8.2
laravel-tag-latest:
name: "Bake Laravel Container"
name: "Tag: Laravel Container"
runs-on: ubuntu-latest
needs: [laravel-build]
steps:
- uses: docker/login-action@v2
- uses: docker/login-action@v3
name: Login to Docker Hub
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Retag matthewbaggett/laravel:${{ matrix.version }} to matthewbaggett/laravel:latest"
- name: "Retag matthewbaggett/laravel:8.3 to matthewbaggett/laravel:latest"
if: ${{ !env.ACT }}
run: |
docker pull matthewbaggett/laravel:8.2
docker tag matthewbaggett/laravel:8.2 matthewbaggett/laravel:latest
docker pull matthewbaggett/laravel:8.3
docker tag matthewbaggett/laravel:8.3 matthewbaggett/laravel:latest
docker push matthewbaggett/laravel:latest

31
.github/workflows/lint.yml vendored
View file

@ -1,31 +0,0 @@
name: Lint Docker Files
on:
schedule:
- cron: '0 4 * * TUE'
workflow_dispatch:
push:
jobs:
lint:
name: Lint Docker Files
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
dockerfile:
- marshall/Dockerfile
- php/Dockerfile.Core
- php/Dockerfile.Flavours
- laravel/Dockerfile
- wordpress/Dockerfile
- mqtt/Dockerfile
- node/Dockerfile
- redis/Dockerfile
- bouncer/Dockerfile
- mitm-proxy/Dockerfile
steps:
- uses: actions/checkout@v3
- uses: hadolint/hadolint-action@v3.1.0 # Yes you have to be version-specific, because they don't publish v3
with:
dockerfile: ./${{ matrix.dockerfile }}

218
.github/workflows/marshall.yml vendored
View file

@ -1,25 +1,37 @@
name: Build Marshall
permissions:
contents: read
packages: write
on:
push:
paths:
- 'marshall/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
jobs:
env:
latest-stable-version: "focal"
ghcr_image: "ghcr.io/benzine-framework/marshall"
docker_hub_image: "benzine/marshall"
jobs:
marshall-build:
name: "Build Marshall"
name: "Build"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ubuntu:
- focal
- jammy
- lunar
- mantic
- noble
- devel
- rolling
- latest
platform:
- linux/amd64
- linux/arm64
steps:
- name: "Build: Prepare Environment Variables"
id: environment
@ -34,6 +46,11 @@ jobs:
echo "marshall_build_host=$(hostname)"
} >> "$GITHUB_OUTPUT"
{
platform=${{ matrix.platform }}
echo "platform_pair=${platform//\//-}"
} >> "$GITHUB_ENV"
- uses: actions/checkout@v4
with:
sparse-checkout: |
@ -41,34 +58,177 @@ jobs:
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/setup-buildx-action@v3
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v5
name: Build & Push
- name: "Setup: Docker meta"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.ghcr_image }}
${{ env.docker_hub_image }}
labels: |
org.opencontainers.image.title=Marshall
org.opencontainers.image.description=Multi-thread (marshalling..) docker base image built atop Ubuntu ${{ matrix.ubuntu }} & Runit
org.opencontainers.image.vendor=Matthew Baggett
flavor: |
latest=auto
tags: |
${{ matrix.ubuntu }}
- name: "Build: Build Marshall for ${{ matrix.ubuntu }} on ${{ matrix.platform }}"
uses: docker/build-push-action@v5
id: build
with:
context: marshall
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ !env.ACT && true || false }}
tags: |
ghcr.io/benzine-framework/marshall:latest
benzine/marshall:latest
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
MARSHALL_VERSION=${{ steps.environment.outputs.marshall_version }}
MARSHALL_BUILD_DATE=${{ steps.environment.outputs.marshall_build_date }}
MARSHALL_BUILD_HOST=${{ steps.environment.outputs.marshall_build_host }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}
cache-from: ${{ !env.ACT && 'type=gha,scope=marshall-${{ matrix.ubuntu }}' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max,scope=marshall-${{ matrix.ubuntu }}' || '' }}
build-contexts: ubuntu:version=docker-image://ubuntu:${{ matrix.ubuntu }}
outputs: |
type=image,name=${{ env.ghcr_image }},push-by-digest=true,name-canonical=true,push=true
- name: "Build: Export digest"
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: "Build: Upload digest"
uses: actions/upload-artifact@v3
with:
name: digests-${{ matrix.ubuntu }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
marshall-merge:
runs-on: ubuntu-latest
name: "Merge"
needs: [marshall-build]
strategy:
fail-fast: false
matrix:
ubuntu:
- focal
- jammy
- lunar
- mantic
- noble
- devel
- rolling
- latest
steps:
- uses: docker/setup-buildx-action@v3
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Merge: Docker meta"
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.ghcr_image }}
${{ env.docker_hub_image }}
labels: |
org.opencontainers.image.title=Marshall
org.opencontainers.image.description=Multi-thread (marshalling..) docker base image built atop Ubuntu ${{ matrix.ubuntu }} & Runit
org.opencontainers.image.vendor=Matthew Baggett
flavor: |
latest=auto
tags: |
${{ matrix.ubuntu }}
- uses: hmarr/debug-action@v3
- name: "Setup: Download ${{ matrix.ubuntu }} digests"
uses: actions/download-artifact@v3
with:
path: /tmp/digests
name: digests-${{ matrix.ubuntu }}
- name: "Merge: Create ${{ matrix.ubuntu }} manifest list and push"
working-directory: /tmp/digests
shell: bash
run: |
set -o xtrace
pwd
ls -lah
docker buildx imagetools \
create \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.ghcr_image }}@sha256:%s ' *)
- name: "Merge: Inspect image"
run: |
docker buildx imagetools inspect ${{ env.ghcr_image }}:${{ steps.meta.outputs.version }}
marshall-tag-latest:
name: "Tag Latest"
runs-on: ubuntu-latest
needs: [marshall-merge]
strategy:
fail-fast: false
matrix:
output_tag:
- "benzine/marshall"
- "gone/marshall"
- "ghcr.io/benzine-framework/marshall"
steps:
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Retag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:bleeding"
shell: bash
run: |
docker pull ${{ env.ghcr_image }}:${{ env.latest-stable-version }}
docker tag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} ${{ matrix.output_tag }}:bleeding
docker push ${{ matrix.output_tag }}:bleeding
- name: "Retag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:latest"
if: ${{ github.ref == 'refs/heads/main' }}
shell: bash
run: |
docker pull ${{ env.ghcr_image }}:${{ env.latest-stable-version }}
docker tag ${{ env.ghcr_image }}:${{ env.latest-stable-version }} ${{ matrix.output_tag }}:latest
docker push ${{ matrix.output_tag }}:latest

40
.github/workflows/mitm-proxy.yml vendored
View file

@ -1,20 +1,16 @@
name: Build mitmproxy
permissions:
contents: read
packages: write
on:
push:
paths:
- 'mitmproxy/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
mitmproxy-build:
name: "MITM proxy with Healthchecks"
@ -55,7 +51,6 @@ jobs:
- 5.1.0
- 5.0.1
- 5.0.0
steps:
- name: "Setup: Setup QEMU"
uses: docker/setup-qemu-action@v2
@ -73,17 +68,16 @@ jobs:
mitm-proxy
- name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }}
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Build: Build MITM proxy with healthchecks"
@ -91,18 +85,16 @@ jobs:
with:
context: mitm-proxy
build-contexts: |
mitmproxy/mitmproxy=docker-image://mitmproxy/mitmproxy:${{ matrix.mitmproxy }}
mitmproxy:version=docker-image://mitmproxy/mitmproxy:${{ matrix.mitmproxy }}
build-args: |
MITMPROXY_VERSION=${{ matrix.mitmproxy }}
GIT_SHA=${{ github.sha }}
BUILD_DATE=${{ github.event.repository.pushed_at }}
platforms: ${{ (!env.ACT && !(startsWith('6.',matrix.mitmproxy) || startsWith('5.', matrix.mitmproxy))) && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: |
${{ !env.ACT && format('benzine/mitmproxy:{0}',matrix.mitmproxy) || '' }}
${{ format('ghcr.io/benzine-framework/mitmproxy:{0}', matrix.mitmproxy) }}
${{ format('benzine/mitmproxy:{0}', matrix.mitmproxy) }}
${{ env.should_push && format('ghcr.io/benzine-framework/mitmproxy:{0}', matrix.mitmproxy) }}
cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}

66
.github/workflows/mqtt.yml vendored
View file

@ -1,39 +1,65 @@
name: Build MQTT
name: Mosquitto
permissions:
contents: read
packages: write
on:
push:
paths:
- 'mqtt/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
mqtt-build:
name: "MQTT"
name: "Build"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
version:
- latest
- 2
- 2.0.18
- 2.0.14
- 1.6
openssl:
- ""
- "-openssl"
exclude:
- version: latest
openssl: "-openssl"
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
name: Login to Docker Hub
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- uses: docker/build-push-action@v3
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v4
name: Build & Push
with:
context: mqtt
platforms: linux/amd64,linux/arm64
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: |
benzine/mqtt
gone/mqtt:${{ matrix.version }}${{ matrix.openssl }}
benzine/mqtt:${{ matrix.version }}${{ matrix.openssl }}
ghcr.io/benzine-framework/mqtt:${{ matrix.version }}${{ matrix.openssl }}
build-contexts: |
eclipse-mosquitto:injected-version=docker-image://eclipse-mosquitto:${{ matrix.version }}${{ matrix.openssl }}

45
.github/workflows/mysql-proxy.yml vendored
View file

@ -1,27 +1,25 @@
name: Build MySQL Proxy
permissions:
contents: read
packages: write
on:
push:
paths:
- '.github/workflows/mysql-proxy.yml'
- 'mysql-proxy/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Flavours
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
concurrency:
group: mysql-proxy-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
mysql-proxy-build:
name: "Build MySQL Proxy"
name: "Build"
runs-on: ubuntu-latest
steps:
- name: "Setup: Setup QEMU"
uses: docker/setup-qemu-action@v2
@ -32,17 +30,16 @@ jobs:
uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }}
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Setup: Checkout Source"
@ -58,9 +55,11 @@ jobs:
target: mysql-proxy
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: |
${{ !env.ACT && 'benzine/mysql-proxy:latest' || '' }}
${{ !env.ACT && 'ghcr.io/benzine-framework/mysql-proxy:latest' || 'ghcr.io/benzine-framework/mysql-proxy:devel' }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}
cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}
build-contexts: |
marshall:version=docker-image://ghcr.io/benzine-framework/marshall:focal

63
.github/workflows/node.yml vendored
View file

@ -1,40 +1,61 @@
name: Build NodeJS Flavours
permissions:
contents: read
packages: write
on:
push:
paths:
- 'node/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build Marshall
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
concurrency:
group: nodejs-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
node-flavours-build:
name: "Build Node Flavours"
name: "Build"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
yarn:
- "3.0.2"
- latest
- "1.22.21"
- "1.22.20"
- "1.22.0"
- "1.21.0"
- "1.20.0"
node:
- "v16.13.0"
- latest
- "16.13.0"
- "16.20.2"
- "17.9.1"
- "18.19.0"
- "19.9.0"
- "20.9.0"
- "21.6.1"
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
name: Login to Docker Hub
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v3
name: Build & Push
with:
@ -43,11 +64,13 @@ jobs:
target: nodejs
platforms: linux/amd64,linux/arm64
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: |
gone/node:${{ matrix.node }}-${{ matrix.yarn }}
benzine/node:${{ matrix.node }}-${{ matrix.yarn }}
ghcr.io/benzine-framework/node:${{ matrix.node }}-${{ matrix.yarn }}
build-args: |
NODE_VERSION=${{ matrix.node }}
YARN_VERSION=${{ matrix.yarn }}
build-contexts: |
marshall:build=docker-image://ghcr.io/benzine-framework/marshall:focal

23
.github/workflows/octoprint.yml vendored
View file

@ -1,14 +1,16 @@
name: Build Octoprint
permissions:
contents: read
packages: write
on:
push:
paths:
- 'octoprint/**'
pull_request:
branches:
- '!dependabot/**'
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
octoprint-build:
name: "Bake Octoprint"
@ -17,7 +19,7 @@ jobs:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
- uses: docker/login-action@v3
name: Login to Docker Hub
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -29,8 +31,9 @@ jobs:
target: octoprint
platforms: linux/amd64,linux/arm64,linux/arm/v7
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: matthewbaggett/octoprint:latest
octoprint-mjpg-build:
name: "Bake Octoprint for yuvu cameras"
runs-on: ubuntu-latest
@ -38,7 +41,7 @@ jobs:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
- uses: docker/login-action@v3
name: Login to Docker Hub
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -50,5 +53,5 @@ jobs:
target: octoprint-mjpg-streamer
platforms: linux/amd64,linux/arm64,linux/arm/v7
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: matthewbaggett/octoprint:mjpg-streamer-yu12

100
.github/workflows/php-flavours.yml vendored
View file

@ -1,100 +0,0 @@
name: Build PHP Flavours
on:
push:
paths:
- 'php/apache/**'
- 'php/cli/**'
- 'php/nginx/**'
- 'php/Dockerfile.Flavours'
pull_request:
branches:
- '!dependabot/**'
workflow_dispatch:
workflow_run:
workflows:
- Build PHP Core
branches: [ 'master', 'feature/**' ]
types:
- completed
jobs:
php-flavours-build:
name: "Build PHP Flavours"
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 15
matrix:
variant:
- cli
- nginx
- apache
version:
- "7.0"
- "7.1"
- "7.2"
- "7.3"
- "7.4"
- "8.0"
- "8.1"
- "8.2"
- "8.3"
steps:
- name: Mangle Envs
id: vars
run: |
VERSION=$(echo "${{ matrix.version }}" | tr -d '.')
PACKAGE_LIST=PHP_PACKAGES_$VERSION
echo ::set-output name=php_packages::${!PACKAGE_LIST}
- name: Show mangled envs
run: |
echo "Packages to be installed:"
echo ${{ steps.vars.outputs.php_packages }}
- uses: actions/github-script@v3
name: Build Args
id: build_args
with:
result-encoding: string
script: return `PHP_VERSION=${{ matrix.version }}\nPHP_CORE_VERSION=benzine/php:core-${{ matrix.version }}`
- uses: actions/checkout@v4
with:
sparse-checkout: php
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PASSWORD }}
- uses: docker/build-push-action@v5
name: "Build: Build & Push"
with:
context: php
file: php/Dockerfile.Flavours
target: php-${{ matrix.variant }}
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ !env.ACT && true || false }}
tags: |
ghcr.io/benzine-framework/php:${{ matrix.variant }}-${{ matrix.version }}
gone/php:${{ matrix.variant }}-${{ matrix.version }}
benzine/php:${{ matrix.variant }}-${{ matrix.version }}
build-args: |
${{ steps.build_args.outputs.result }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}

49
.github/workflows/php-vanity-tags.yml vendored
View file

@ -1,49 +0,0 @@
name: Build PHP Vanity Tags
on:
workflow_dispatch:
workflow_run:
workflows:
- Build PHP Flavours
branches: [ 'master', 'feature/**' ]
types:
- completed
jobs:
php-vanity-tags:
name: Vanity Tags
runs-on: ubuntu-latest
env:
latest-stable-version: "8.3"
base_tag: "benzine/php"
strategy:
fail-fast: false
matrix:
variant:
- cli
- nginx
- apache
output_tag:
- "benzine/php"
- "gone/php"
- "ghcr.io/benzine-framework/php"
steps:
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Retag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:${{ matrix.variant }}"
run: |
docker pull ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }}
docker tag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} ${{ matrix.output_tag }}:${{ matrix.variant }}
docker push ${{ matrix.output_tag }}:${{ matrix.variant }}

135
.github/workflows/php-core.yml → .github/workflows/php.yml vendored
View file

@ -1,30 +1,28 @@
name: Build PHP Core
on:
push:
paths:
- 'php/core/**'
- 'php/Dockerfile.Core'
pull_request:
branches:
- '!dependabot/**'
workflow_call:
workflow_dispatch:
workflow_run:
workflows:
- Build Marshall
branches: [ 'master', 'feature/**' ]
types:
- completed
permissions:
contents: read
packages: write
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
php-core-build:
name: "Build PHP Core"
php-flavours-build:
name: "Build PHP Flavours"
runs-on: ubuntu-latest
strategy:
max-parallel: 15
fail-fast: false
max-parallel: 15
matrix:
variant:
- cli
- nginx
- apache
version:
- "7.0"
- "7.1"
@ -45,17 +43,19 @@ jobs:
PHP_PACKAGES_81: git htop mariadb-client php8.1-apcu php8.1-bcmath php8.1-bz2 php8.1-cli php8.1-curl php8.1-gd php8.1-imap php8.1-imagick php8.1-intl php8.1-ldap php8.1-mailparse php8.1-mbstring php8.1-memcache php8.1-mongodb php8.1-mysql php8.1-opcache php8.1-pgsql php8.1-phpdbg php8.1-pspell php8.1-redis php8.1-soap php8.1-sqlite php8.1-xdebug php8.1-xml php8.1-zip postgresql-client
PHP_PACKAGES_82: git htop mariadb-client php8.2-apcu php8.2-bcmath php8.2-bz2 php8.2-cli php8.2-curl php8.2-gd php8.2-imap php8.2-imagick php8.2-intl php8.2-ldap php8.2-mailparse php8.2-mbstring php8.2-memcache php8.2-mongodb php8.2-mysql php8.2-opcache php8.2-pgsql php8.2-phpdbg php8.2-pspell php8.2-redis php8.2-soap php8.2-sqlite php8.2-xdebug php8.2-xml php8.2-zip postgresql-client
PHP_PACKAGES_83: git htop mariadb-client php8.3-apcu php8.3-bcmath php8.3-bz2 php8.3-cli php8.3-curl php8.3-gd php8.3-imap php8.3-imagick php8.3-intl php8.3-ldap php8.3-mailparse php8.3-mbstring php8.3-memcache php8.3-mongodb php8.3-mysql php8.3-opcache php8.3-pgsql php8.3-phpdbg php8.3-pspell php8.3-redis php8.3-soap php8.3-sqlite php8.3-xdebug php8.3-xml php8.3-zip postgresql-client
COMPOSER_UPDATE_FLAGS_70: --2.2
COMPOSER_UPDATE_FLAGS_71: --2.2
COMPOSER_VERSION_70: 2.2.22
COMPOSER_VERSION_71: 2.2.22
steps:
- name: Mangle Envs
- name: Interpolate Envs
id: vars
run: |
{
VERSION=$(echo "${{ matrix.version }}" | tr -d '.')
PACKAGE_LIST=PHP_PACKAGES_$VERSION
echo ::set-output name=php_packages::${!PACKAGE_LIST}
COMPOSER_UPDATE_FLAGS=COMPOSER_UPDATE_FLAGS_$VERSION
echo ::set-output name=composer_update_flags::${!COMPOSER_UPDATE_FLAGS}
echo php_packages=${!PACKAGE_LIST}
COMPOSER_VERSION=COMPOSER_VERSION_$VERSION
echo composer_version=${!COMPOSER_VERSION:-"latest-stable"}
} >> "$GITHUB_OUTPUT"
- name: Show mangled envs
run: |
@ -67,43 +67,94 @@ jobs:
id: build_args
with:
result-encoding: string
script: return `PHP_PACKAGES=${{ steps.vars.outputs.php_packages }}\nPHP_VERSION=${{ matrix.version }}\nPHP_CORE_VERSION=benzine/php:core-${{ matrix.version }}\nCOMPOSER_UPDATE_FLAGS=${{ steps.vars.outputs.composer_update_flags }}`
- uses: actions/checkout@v4
with:
sparse-checkout: php
script: return `PHP_PACKAGES=${{ steps.vars.outputs.php_packages }}\nPHP_VERSION=${{ matrix.version }}\nCOMPOSER_VERSION=${{ steps.vars.outputs.composer_version }}`
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Build: Build & Push"
uses: docker/build-push-action@v5
- uses: actions/checkout@v4
with:
sparse-checkout: php
- uses: docker/build-push-action@v5
name: "Build: Build & Push"
with:
context: php
file: php/Dockerfile.Core
target: php-core
target: php-${{ matrix.variant }}
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ !env.ACT && true || false }}
push: ${{ env.should_push && !env.ACT }}
tags: |
ghcr.io/benzine-framework/php:core-${{ matrix.version }}
gone/php:core-${{ matrix.version }}
benzine/php:core-${{ matrix.version }}
ghcr.io/benzine-framework/php:${{ matrix.variant }}-${{ matrix.version }}
gone/php:${{ matrix.variant }}-${{ matrix.version }}
benzine/php:${{ matrix.variant }}-${{ matrix.version }}
build-args: |
${{ steps.build_args.outputs.result }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}
cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}
build-contexts: |
marshall:build=docker-image://ghcr.io/benzine-framework/marshall:focal
- name: "Validate build"
shell: bash
run: |
docker \
run \
--rm \
ghcr.io/benzine-framework/php:${{ matrix.variant }}-${{ matrix.version }} \
/usr/bin/install-report
php-vanity-tags:
name: Vanity Tags
runs-on: ubuntu-latest
needs:
- php-flavours-build
env:
latest-stable-version: "8.3"
base_tag: "ghcr.io/benzine-framework/php"
strategy:
fail-fast: false
matrix:
variant:
- cli
- nginx
- apache
output_tag:
- "benzine/php"
- "gone/php"
- "ghcr.io/benzine-framework/php"
steps:
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Retag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} to ${{ matrix.output_tag }}:${{ matrix.variant }}"
if: ${{ github.ref == 'refs/heads/main' }}
shell: bash
run: |
docker pull ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }}
docker tag ${{ env.base_tag }}:${{ matrix.variant }}-${{ env.latest-stable-version }} ${{ matrix.output_tag }}:${{ matrix.variant }}
docker push ${{ matrix.output_tag }}:${{ matrix.variant }}

48
.github/workflows/redis.yml vendored
View file

@ -1,25 +1,22 @@
name: Build Redis
permissions:
contents: read
packages: write
on:
push:
paths:
- 'redis/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Lint Docker Files
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
redis-build:
name: "Redis with Healthchecks"
name: "Build"
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 15
matrix:
redis:
@ -30,13 +27,11 @@ jobs:
- 6-alpine
- 6-buster
- 6.0
- 6.1
- 6.2
- 7
- 7-alpine
- 7-bookworm
- 7.0
- 7.1
- 7.2
- latest
steps:
@ -56,17 +51,16 @@ jobs:
redis
- name: "Setup: Login to Docker Hub"
if: ${{ !env.ACT }}
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Build: Build Redis with Healthchecks"
@ -74,14 +68,14 @@ jobs:
with:
context: redis
build-contexts: |
redis=docker-image://redis:${{ matrix.redis }}
redis:version=docker-image://redis:${{ matrix.redis }}
build-args: |
HEALTH_INTERVAL=10s
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ !env.ACT && true || false }}
push: ${{ env.should_push && !env.ACT }}
tags: |
${{ !env.ACT && format('benzine/redis:{0}',matrix.redis) || '' }}
${{ format('ghcr.io/benzine-framework/redis:{0}', matrix.redis) }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=.github/cache/docker' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=.github/cache/docker' }}
${{ env.should_push && format('benzine/redis:{0}',matrix.redis) || '' }}
cache-from: ${{ !env.ACT && 'type=gha' || '' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || '' }}

85
.github/workflows/swarm-monitor.yml vendored
View file

@ -1,24 +1,85 @@
name: Build Swarm Monitor
permissions:
contents: read
packages: write
on:
push:
paths:
- 'swarm-monitor/**'
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
swarm-monitor-build:
name: Build Swarm Monitor
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
component:
- agent
- stats
steps:
- name: Git Checkout
uses: actions/checkout@v3
- uses: docker/login-action@v2
name: Login to Docker Hub
- name: "Setup: PHP"
uses: shivammathur/setup-php@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Bake
working-directory: swarm-monitor
run: docker buildx bake --push
php-version: 8.1
env:
runner: self-hosted
- name: "Setup: Setup QEMU"
uses: docker/setup-qemu-action@v2
- name: "Setup: Expose GitHub Runtime"
uses: crazy-max/ghaction-github-runtime@v3
- name: "Setup: Setup Docker Buildx"
uses: docker/setup-buildx-action@v2
- name: "Setup: Login to Docker Hub"
uses: docker/login-action@v3
with:
username: matthewbaggett
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "Setup: Login to GHCR"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: matthewbaggett
password: ${{ secrets.GHCR_PASSWORD }}
- name: "Setup: Checkout Source"
uses: actions/checkout@v4
with:
sparse-checkout: |
swarm-monitor
- name: "Setup: Configure Cache"
uses: actions/cache@v4
with:
path: swarm-monitor
key: ${{ runner.os }}-swarm-monitor-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-swarm-monitor-composer-
- name: "Dependencies: Composer Install"
working-directory: swarm-monitor
run: composer install --ignore-platform-reqs
- name: "Build: Build & Push Image"
uses: docker/build-push-action@v5
with:
context: swarm-monitor
target: swarm-${{ matrix.component }}
platforms: ${{ !env.ACT && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
pull: true
push: ${{ env.should_push && !env.ACT }}
tags: |
matthewbaggett/swarm-agent:${{ matrix.component }}
cache-from: ${{ !env.ACT && 'type=gha' || 'type=local,src=/tmp' }}
cache-to: ${{ !env.ACT && 'type=gha,mode=max' || 'type=local,dest=/tmp' }}
build-contexts: |
php:cli=docker-image://ghcr.io/benzine-framework/php:cli-8.2

24
.github/workflows/trunk.cache.yml vendored Normal file
View file

@ -0,0 +1,24 @@
name: Trunk Cache
on:
push:
branches: [main]
paths: [.trunk/trunk.yaml]
workflow_dispatch:
permissions: read-all
jobs:
trunk-cache:
name: Trunk Cache
runs-on: self-hosted
permissions:
actions: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Trunk Check
uses: trunk-io/trunk-action@v1
with:
check-mode: populate_cache_only

27
.github/workflows/trunk.check.yml vendored Normal file
View file

@ -0,0 +1,27 @@
name: Code Quality Check (Trunk)
on:
workflow_call:
workflow_dispatch:
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
trunk-check:
name: Trunk Check Runner
runs-on: self-hosted
permissions:
checks: write # For trunk to post annotations
contents: read # For repo checkout
steps:
- name: Checkout
if: ${{ !env.ACT }}
uses: actions/checkout@v4
- name: Trunk Check
if: ${{ !env.ACT }}
uses: trunk-io/trunk-action@v1

26
.github/workflows/wordpress.yml vendored
View file

@ -1,20 +1,16 @@
name: Build Wordpress Container
permissions:
contents: read
packages: write
on:
push:
paths:
- 'wordpress/**'
pull_request:
branches:
- '!dependabot/**'
workflow_run:
workflows:
- Build PHP Vanity Tags
branches: [ 'master', 'feature/**' ]
types:
- completed
workflow_call:
workflow_dispatch:
env:
should_push: ${{ github.ref == 'refs/heads/main' }}
jobs:
wordpress-build:
name: "Bake Wordpress Container"
@ -23,7 +19,7 @@ jobs:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
- uses: docker/login-action@v3
name: Login to Docker Hub
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
@ -34,6 +30,8 @@ jobs:
context: wordpress
platforms: linux/amd64,linux/arm64
pull: true
push: true
push: ${{ env.should_push && !env.ACT }}
tags: |
matthewbaggett/wordpress
build-contexts: |
php:nginx=docker-image://ghcr.io/benzine-framework/php:nginx-8.2

2
.gitignore vendored
View file

@ -1,4 +1,4 @@
.idea
/.php-cs-fixer.cache
/.github/cache
/.act-secrets
/.secrets

7
.gitleaksignore Normal file
View file

@ -0,0 +1,7 @@
948b6fc9559ec3be24a1200a246044d343efa86c:bouncer/grey-ooo-test.yml:generic-api-key:15
a1a6c22a080fe58f80183f3737972155fc9c8220:bouncer/grey-ooo-test.yml:generic-api-key:15
919a1b9eefe9291ab0d174c12eb80008da5dfe94:aio/docker-compose.yml:generic-api-key:15
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/grey-ooo-test.yml:generic-api-key:13
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/self-signed-certificates/example.key:private-key:1
1b657b62e8a9036e608e3867cd0da4857f9478ca:php/self-signed-certificates/example.key:private-key:1
25fd34861ee2e2475b1c64de47e9aa54dea80a0e:php/self-signed-certificates/example.key:private-key:1

2
.trivyignore Normal file
View file

@ -0,0 +1,2 @@
AVD-DS-0001
AVD-DS-0002

9
.trunk/.gitignore vendored Normal file
View file

@ -0,0 +1,9 @@
*out
*logs
*actions
*notifications
*tools
plugins
user_trunk.yaml
user.yaml
tmp

7
.trunk/configs/.gitleaksignore Normal file
View file

@ -0,0 +1,7 @@
948b6fc9559ec3be24a1200a246044d343efa86c:bouncer/grey-ooo-test.yml:generic-api-key:15
a1a6c22a080fe58f80183f3737972155fc9c8220:bouncer/grey-ooo-test.yml:generic-api-key:15
919a1b9eefe9291ab0d174c12eb80008da5dfe94:aio/docker-compose.yml:generic-api-key:15
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/grey-ooo-test.yml:generic-api-key:13
2fd5c6207464dba39701548ab5a6339f334418fe:bouncer/self-signed-certificates/example.key:private-key:1
1b657b62e8a9036e608e3867cd0da4857f9478ca:php/self-signed-certificates/example.key:private-key:1
25fd34861ee2e2475b1c64de47e9aa54dea80a0e:php/self-signed-certificates/example.key:private-key:1

1
.hadolint.yaml → .trunk/configs/.hadolint.yaml
View file

@ -2,3 +2,4 @@ ignored:
- DL3006
- DL3008
- SC2043
- SC2312

10
.trunk/configs/.markdownlint.yaml Normal file
View file

@ -0,0 +1,10 @@
# Autoformatter friendly markdownlint config (all formatting rules disabled)
default: true
blank_lines: false
bullet: false
html: false
indentation: false
line_length: false
spaces: false
url: false
whitespace: false

0
.github/cache/act/actions/.gitkeep → .trunk/configs/.shellcheck
View file

7
.trunk/configs/.shellcheckrc Normal file
View file

@ -0,0 +1,7 @@
enable=all
source-path=SCRIPTDIR
disable=SC2154
# If you're having issues with shellcheck following source, disable the errors via:
# disable=SC1090
# disable=SC1091

2
.trunk/configs/.trivyignore Normal file
View file

@ -0,0 +1,2 @@
AVD-DS-0001
AVD-DS-0002

8
.trunk/configs/.yamllint.yaml Normal file
View file

@ -0,0 +1,8 @@
---
extends: relaxed
rules:
empty-values:
ignore:
- .github/workflows/*.yml
document-start: disable
line-length: disable

96
.trunk/trunk.yaml Normal file
View file

@ -0,0 +1,96 @@
# This file controls the behavior of Trunk: https://docs.trunk.io/cli
# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
version: 0.1
cli:
version: 1.19.0
shell_hooks:
enforce: true
# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
plugins:
sources:
- id: trunk
ref: v1.4.2
uri: https://github.com/trunk-io/plugins
# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
runtimes:
enabled:
- go@1.21.0
- node@18.12.1
- python@3.10.8
# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
lint:
disabled:
- terrascan
enabled:
- gitleaks@8.18.1
- actionlint@1.6.26
- checkov@3.2.2
- git-diff-check
- hadolint@2.12.0
- markdownlint@0.39.0
- osv-scanner@1.6.2
- prettier@3.2.4
- shellcheck@0.9.0
- shfmt@3.6.0
- trivy@0.48.3
- trufflehog@3.66.2
- yamllint@1.33.0
ignore:
- linters: [markdownlint]
paths:
- "**/LICENCE.md"
- "**/LICENSE.md"
- "**/CODE_OF_CONDUCT.md"
actions:
enabled:
- trunk-announce
- trunk-check-pre-push
- trunk-fmt-pre-commit
- trunk-upgrade-available
tools:
enabled:
- jq@jq-1.7.1
- gh@2.43.1
- act@0.2.59
- terraform@1.7.2
definitions:
- name: gh
download: gh
known_good_version: 2.27.0
environment:
- name: PATH
list: ["${tool}/bin"]
shims: [gh]
downloads:
- name: gh
downloads:
- os:
linux: linux
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.tar.gz
strip_components: 1
- os:
windows: windows
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.zip
strip_components: 1
# macOS releases since 2.28.0 started using .zip instead of .tar.gz
- os:
macos: macOS
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.zip
strip_components: 1
version: ">=2.28.0"
- os:
macos: macOS
cpu:
x86_64: amd64
arm_64: arm64
url: https://github.com/cli/cli/releases/download/v${version}/gh_${version}_${os}_${cpu}.tar.gz
strip_components: 1

18
Readme.md Normal file
View file

@ -0,0 +1,18 @@
# Benzine Docker Containers
This repository contains the Dockerfiles for the Benzine containers.
| Container | Tags | Build status | Description |
| -------------- | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
| PHP 8.3 CLI | <ul><li>benzine/php:cli-8.3</li><li>ghcr.io/benzine-framework/php:cli-8.3</li></ul> | [PHP 8.3 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.3 CLI container built atop Runit |
| PHP 8.2 CLI | <ul><li>benzine/php:cli-8.2</li><li>ghcr.io/benzine-framework/php:cli-8.2</li></ul> | [PHP 8.2 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.2 CLI container built atop Runit |
| PHP 8.1 CLI | <ul><li>benzine/php:cli-8.1</li><li>ghcr.io/benzine-framework/php:cli-8.1</li></ul> | [PHP 8.1 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.1 CLI container built atop Runit |
| PHP 7.4 CLI | <ul><li>benzine/php:cli-7.4</li><li>ghcr.io/benzine-framework/php:cli-7.4</li></ul> | [PHP 7.4 CLI Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 7.4 CLI container built atop Runit |
| PHP 8.3 NGINX | <ul><li>benzine/php:nginx-8.3</li><li>ghcr.io/benzine-framework/php:nginx-8.3</li></ul> | [PHP 8.3 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.3 NGINX container built atop Runit |
| PHP 8.2 NGINX | <ul><li>benzine/php:nginx-8.2</li><li>ghcr.io/benzine-framework/php:nginx-8.2</li></ul> | [PHP 8.2 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.2 NGINX container built atop Runit |
| PHP 8.1 NGINX | <ul><li>benzine/php:nginx-8.1</li><li>ghcr.io/benzine-framework/php:nginx-8.1</li></ul> | [PHP 8.1 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.1 NGINX container built atop Runit |
| PHP 7.4 NGINX | <ul><li>benzine/php:nginx-7.4</li><li>ghcr.io/benzine-framework/php:nginx-7.4</li></ul> | [PHP 7.4 NGINX Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 7.4 NGINX container built atop Runit |
| PHP 8.3 Apache | <ul><li>benzine/php:apache-8.3</li><li>ghcr.io/benzine-framework/php:apache-8.3</li></ul> | [PHP 8.3 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.3 Apache container built atop Runit |
| PHP 8.2 Apache | <ul><li>benzine/php:apache-8.2</li><li>ghcr.io/benzine-framework/php:apache-8.2</li></ul> | [PHP 8.2 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.2 Apache container built atop Runit |
| PHP 8.1 Apache | <ul><li>benzine/php:apache-8.1</li><li>ghcr.io/benzine-framework/php:apache-8.1</li></ul> | [PHP 8.1 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 8.1 Apache container built atop Runit |
| PHP 7.4 Apache | <ul><li>benzine/php:apache-7.4</li><li>ghcr.io/benzine-framework/php:apache-7.4</li></ul> | [PHP 7.4 Apache Build Status](https://github.com/benzine-framework/docker/actions/workflows/php-flavours.yml/badge.svg) | Multi-thread PHP 7.4 Apache container built atop Runit |

28
bouncer/Dockerfile
View file

@ -1,10 +1,13 @@
FROM benzine/php:cli-8.1 as bouncer
FROM php:cli as bouncer
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
USER root
# ts:skip=AC_DOCKER_0002 Mis-detecting usage of apt instead of apt-get
# Install nginx, certbot
RUN apt-get -qq update && \
RUN adduser bouncer && \
apt-get -qq update && \
# Install pre-dependencies to use apt-key.
apt-get -yqq install --no-install-recommends \
lsb-core \
@ -38,6 +41,7 @@ COPY self-signed-certificates /certs
# Install runits for services
COPY nginx.runit /etc/service/nginx/run
COPY logs.runit /etc/service/nginx-logs/run
COPY logs.finish /etc/service/nginx-logs/finish
COPY bouncer.runit /etc/service/bouncer/run
COPY bouncer.finish /etc/service/bouncer/finish
COPY logs-nginx-access.runit /etc/service/logs-nginx-access/run
@ -70,6 +74,20 @@ RUN chmod +x /app/bin/bouncer
VOLUME /etc/letsencrypt
VOLUME /var/log/bouncer
# Expose ports
EXPOSE 80
EXPOSE 443
# Down-privelege to bouncer
USER bouncer
# Install Composer dependencies even though we don't need to, it should be done in the build process
RUN composer install
# Set a healthcheck to curl the bouncer and expect a 200
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1
# stuff some envs from build
ARG BUILD_DATE
ARG GIT_SHA
@ -80,10 +98,16 @@ ENV BUILD_DATE=${BUILD_DATE} \
FROM benzine/php:nginx-8.1 as test-app-a
COPY ./test/public-web-a /app/public
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1
FROM benzine/php:nginx-8.1 as test-app-b
COPY ./test/public-web-b /app/public
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1
FROM benzine/php:nginx-8.1 as test-app-c
COPY ./test/public-web-c /app/public
HEALTHCHECK --start-period=30s \
CMD curl -s -o /dev/null -w "200" http://localhost:80/ || exit 1

15
bouncer/Readme.md
View file

@ -1,13 +1,16 @@
# Automatic Swarm Nginx Load Balancer
## Environment variables
This container has its own environment variables, AS WELL AS scanning for some environment variables associated with your services.
These should not be confused.
### Load Balancer Configuration
#### Main configuration
| Key | Default | Options | Behaviour |
|-----------------------------------------------|-------------------------------------------------|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| --------------------------------------------- | ----------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- |
| DOCKER_HOST | false | | Define a http endpoint representing your docker socket. If this is null, it connects to /var/lib/docker.sock |
| GLOBAL_CERT | false | Contents of an ssl certificate | If you want to provide a single cert for all endpoints, perhaps with a catch-all that may be later overriden, you can provide the whole contents of a certificates file here. |
| GLOBAL_CERT_KEY | false | Contents of an ssl certificates private key | The private key related to GLOBAL CERT. These must be provided in tandem. |
@ -21,14 +24,16 @@ These should not be confused.
| LOG_COLOUR | true | true, false | Whether to colourise the log output sent to stdout. | |
#### For using with Lets Encrypt:tm:
| Key | Default | Options | Behaviour |
|---------------------------|-----------|---------------------------|--------------------------------------------------------------------------------------|
| ------------------------- | --------- | ------------------------- | ------------------------------------------------------------------------------------ |
| BOUNCER_LETSENCRYPT_MODE | 'staging' | 'staging' or 'production' | Determine if this is going to connect to a production or staging Lets Encrypt server |
| BOUNCER_LETSENCRYPT_EMAIL | | 'bob@example.com' | Email address to associate with lets encrypt |
#### For using S3-compatable storage for generated cert synchronisation with Lets Encrypt
| Key | Default | Options | Behaviour |
|------------------------------------|---------|-----------------|---------------------------------------------------------------------------------------|
| ---------------------------------- | ------- | --------------- | ------------------------------------------------------------------------------------- | --- |
| BOUNCER_S3_BUCKET | false | | enable S3 behaviour to store lets-encrypt generated certs |
| BOUNCER_S3_ENDPOINT | false | | define s3 endpoint to override default AWS s3 implementation, for example, with minio |
| BOUNCER_S3_KEY_ID | false | | S3 API Key ID | |
@ -38,10 +43,11 @@ These should not be confused.
| BOUNCER_S3_PREFIX | false | | Prefix file path in s3 bucket |
### Served Instance Configuration
These environment variables need to be applied to the CONSUMING SERVICE and not the loadbalancer container itself.
| Key | Example | Behaviour |
|--------------------------------|-------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ------------------------------ | ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| BOUNCER_DOMAIN | "a.example.com" | The domain that should be directed to this container |
| BOUNCER_LABEL | "MyService" | The label that should be directed to this container |
| BOUNCER_AUTH | "username:password" e.g "root:toor" | Add a HTTP BASIC auth requirement to this hostname. |
@ -54,4 +60,5 @@ These environment variables need to be applied to the CONSUMING SERVICE and not
| BOUNCER_MAX_PAYLOADS_MEGABYTES | numbers | Size of max payload to allow, in megabytes. Requires BOUNCER_ALLOW_LARGE_PAYLOADS to be enabled |
## Security considerations
If you're putting this behind access control to the docker socket, it will need access to the /swarm /services and /containers endpoints of the docker api.

4
bouncer/bouncer.finish Normal file → Executable file
View file

@ -1,2 +1,2 @@
#!/bin/bash
sleep 5;
#!/usr/bin/env bash
sleep 5

134
bouncer/composer.lock generated
View file

@ -107,16 +107,16 @@
},
{
"name": "aws/aws-sdk-php",
"version": "3.297.0",
"version": "3.298.0",
"source": {
"type": "git",
"url": "https://github.com/aws/aws-sdk-php.git",
"reference": "ad1f7be78d74d48628a6fe345818ce53bae64169"
"reference": "55536f81006d8721c51e342d638e7ccc3529e754"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/ad1f7be78d74d48628a6fe345818ce53bae64169",
"reference": "ad1f7be78d74d48628a6fe345818ce53bae64169",
"url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/55536f81006d8721c51e342d638e7ccc3529e754",
"reference": "55536f81006d8721c51e342d638e7ccc3529e754",
"shasum": ""
},
"require": {
@ -196,9 +196,9 @@
"support": {
"forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
"issues": "https://github.com/aws/aws-sdk-php/issues",
"source": "https://github.com/aws/aws-sdk-php/tree/3.297.0"
"source": "https://github.com/aws/aws-sdk-php/tree/3.298.0"
},
"time": "2024-01-24T19:09:39+00:00"
"time": "2024-01-31T19:06:05+00:00"
},
{
"name": "bramus/ansi-php",
@ -921,16 +921,16 @@
},
{
"name": "league/mime-type-detection",
"version": "1.14.0",
"version": "1.15.0",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/mime-type-detection.git",
"reference": "b6a5854368533df0295c5761a0253656a2e52d9e"
"reference": "ce0f4d1e8a6f4eb0ddff33f57c69c50fd09f4301"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/mime-type-detection/zipball/b6a5854368533df0295c5761a0253656a2e52d9e",
"reference": "b6a5854368533df0295c5761a0253656a2e52d9e",
"url": "https://api.github.com/repos/thephpleague/mime-type-detection/zipball/ce0f4d1e8a6f4eb0ddff33f57c69c50fd09f4301",
"reference": "ce0f4d1e8a6f4eb0ddff33f57c69c50fd09f4301",
"shasum": ""
},
"require": {
@ -961,7 +961,7 @@
"description": "Mime-type detection for Flysystem",
"support": {
"issues": "https://github.com/thephpleague/mime-type-detection/issues",
"source": "https://github.com/thephpleague/mime-type-detection/tree/1.14.0"
"source": "https://github.com/thephpleague/mime-type-detection/tree/1.15.0"
},
"funding": [
{
@ -973,7 +973,7 @@
"type": "tidelift"
}
],
"time": "2023-10-17T14:13:20+00:00"
"time": "2024-01-28T23:22:08+00:00"
},
{
"name": "monolog/monolog",
@ -1144,16 +1144,16 @@
},
{
"name": "nesbot/carbon",
"version": "2.72.2",
"version": "2.72.3",
"source": {
"type": "git",
"url": "https://github.com/briannesbitt/Carbon.git",
"reference": "3e7edc41b58d65509baeb0d4a14c8fa41d627130"
"reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/3e7edc41b58d65509baeb0d4a14c8fa41d627130",
"reference": "3e7edc41b58d65509baeb0d4a14c8fa41d627130",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/0c6fd108360c562f6e4fd1dedb8233b423e91c83",
"reference": "0c6fd108360c562f6e4fd1dedb8233b423e91c83",
"shasum": ""
},
"require": {
@ -1247,7 +1247,7 @@
"type": "tidelift"
}
],
"time": "2024-01-19T00:21:53+00:00"
"time": "2024-01-25T10:35:09+00:00"
},
{
"name": "phpspec/php-diff",
@ -1975,16 +1975,16 @@
},
{
"name": "symfony/translation",
"version": "v6.4.2",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/translation.git",
"reference": "a2ab2ec1a462e53016de8e8d5e8912bfd62ea681"
"reference": "637c51191b6b184184bbf98937702bcf554f7d04"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/translation/zipball/a2ab2ec1a462e53016de8e8d5e8912bfd62ea681",
"reference": "a2ab2ec1a462e53016de8e8d5e8912bfd62ea681",
"url": "https://api.github.com/repos/symfony/translation/zipball/637c51191b6b184184bbf98937702bcf554f7d04",
"reference": "637c51191b6b184184bbf98937702bcf554f7d04",
"shasum": ""
},
"require": {
@ -2007,7 +2007,7 @@
"symfony/translation-implementation": "2.3|3.0"
},
"require-dev": {
"nikic/php-parser": "^4.13",
"nikic/php-parser": "^4.18|^5.0",
"psr/log": "^1|^2|^3",
"symfony/config": "^5.4|^6.0|^7.0",
"symfony/console": "^5.4|^6.0|^7.0",
@ -2050,7 +2050,7 @@
"description": "Provides tools to internationalize your application",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/translation/tree/v6.4.2"
"source": "https://github.com/symfony/translation/tree/v6.4.3"
},
"funding": [
{
@ -2066,7 +2066,7 @@
"type": "tidelift"
}
],
"time": "2023-12-18T09:25:29+00:00"
"time": "2024-01-29T13:11:52+00:00"
},
{
"name": "symfony/translation-contracts",
@ -2148,16 +2148,16 @@
},
{
"name": "symfony/yaml",
"version": "v6.4.0",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/yaml.git",
"reference": "4f9237a1bb42455d609e6687d2613dde5b41a587"
"reference": "d75715985f0f94f978e3a8fa42533e10db921b90"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/4f9237a1bb42455d609e6687d2613dde5b41a587",
"reference": "4f9237a1bb42455d609e6687d2613dde5b41a587",
"url": "https://api.github.com/repos/symfony/yaml/zipball/d75715985f0f94f978e3a8fa42533e10db921b90",
"reference": "d75715985f0f94f978e3a8fa42533e10db921b90",
"shasum": ""
},
"require": {
@ -2200,7 +2200,7 @@
"description": "Loads and dumps YAML files",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/yaml/tree/v6.4.0"
"source": "https://github.com/symfony/yaml/tree/v6.4.3"
},
"funding": [
{
@ -2216,7 +2216,7 @@
"type": "tidelift"
}
],
"time": "2023-11-06T11:00:25+00:00"
"time": "2024-01-23T14:51:35+00:00"
},
{
"name": "twig/twig",
@ -2773,16 +2773,16 @@
},
{
"name": "symfony/console",
"version": "v6.4.2",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "0254811a143e6bc6c8deea08b589a7e68a37f625"
"reference": "2aaf83b4de5b9d43b93e4aec6f2f8b676f7c567e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/0254811a143e6bc6c8deea08b589a7e68a37f625",
"reference": "0254811a143e6bc6c8deea08b589a7e68a37f625",
"url": "https://api.github.com/repos/symfony/console/zipball/2aaf83b4de5b9d43b93e4aec6f2f8b676f7c567e",
"reference": "2aaf83b4de5b9d43b93e4aec6f2f8b676f7c567e",
"shasum": ""
},
"require": {
@ -2847,7 +2847,7 @@
"terminal"
],
"support": {
"source": "https://github.com/symfony/console/tree/v6.4.2"
"source": "https://github.com/symfony/console/tree/v6.4.3"
},
"funding": [
{
@ -2863,20 +2863,20 @@
"type": "tidelift"
}
],
"time": "2023-12-10T16:15:48+00:00"
"time": "2024-01-23T14:51:35+00:00"
},
{
"name": "symfony/event-dispatcher",
"version": "v6.4.2",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/event-dispatcher.git",
"reference": "e95216850555cd55e71b857eb9d6c2674124603a"
"reference": "ae9d3a6f3003a6caf56acd7466d8d52378d44fef"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/e95216850555cd55e71b857eb9d6c2674124603a",
"reference": "e95216850555cd55e71b857eb9d6c2674124603a",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/ae9d3a6f3003a6caf56acd7466d8d52378d44fef",
"reference": "ae9d3a6f3003a6caf56acd7466d8d52378d44fef",
"shasum": ""
},
"require": {
@ -2927,7 +2927,7 @@
"description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/event-dispatcher/tree/v6.4.2"
"source": "https://github.com/symfony/event-dispatcher/tree/v6.4.3"
},
"funding": [
{
@ -2943,7 +2943,7 @@
"type": "tidelift"
}
],
"time": "2023-12-27T22:16:42+00:00"
"time": "2024-01-23T14:51:35+00:00"
},
{
"name": "symfony/event-dispatcher-contracts",
@ -3023,16 +3023,16 @@
},
{
"name": "symfony/filesystem",
"version": "v6.4.0",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/filesystem.git",
"reference": "952a8cb588c3bc6ce76f6023000fb932f16a6e59"
"reference": "7f3b1755eb49297a0827a7575d5d2b2fd11cc9fb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/952a8cb588c3bc6ce76f6023000fb932f16a6e59",
"reference": "952a8cb588c3bc6ce76f6023000fb932f16a6e59",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/7f3b1755eb49297a0827a7575d5d2b2fd11cc9fb",
"reference": "7f3b1755eb49297a0827a7575d5d2b2fd11cc9fb",
"shasum": ""
},
"require": {
@ -3066,7 +3066,7 @@
"description": "Provides basic utilities for the filesystem",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/filesystem/tree/v6.4.0"
"source": "https://github.com/symfony/filesystem/tree/v6.4.3"
},
"funding": [
{
@ -3082,7 +3082,7 @@
"type": "tidelift"
}
],
"time": "2023-07-26T17:27:13+00:00"
"time": "2024-01-23T14:51:35+00:00"
},
{
"name": "symfony/finder",
@ -3461,16 +3461,16 @@
},
{
"name": "symfony/process",
"version": "v6.4.2",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/process.git",
"reference": "c4b1ef0bc80533d87a2e969806172f1c2a980241"
"reference": "31642b0818bfcff85930344ef93193f8c607e0a3"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/process/zipball/c4b1ef0bc80533d87a2e969806172f1c2a980241",
"reference": "c4b1ef0bc80533d87a2e969806172f1c2a980241",
"url": "https://api.github.com/repos/symfony/process/zipball/31642b0818bfcff85930344ef93193f8c607e0a3",
"reference": "31642b0818bfcff85930344ef93193f8c607e0a3",
"shasum": ""
},
"require": {
@ -3502,7 +3502,7 @@
"description": "Executes commands in sub-processes",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/process/tree/v6.4.2"
"source": "https://github.com/symfony/process/tree/v6.4.3"
},
"funding": [
{
@ -3518,7 +3518,7 @@
"type": "tidelift"
}
],
"time": "2023-12-22T16:42:54+00:00"
"time": "2024-01-23T14:51:35+00:00"
},
{
"name": "symfony/service-contracts",
@ -3604,16 +3604,16 @@
},
{
"name": "symfony/stopwatch",
"version": "v6.4.0",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/stopwatch.git",
"reference": "fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2"
"reference": "416596166641f1f728b0a64f5b9dd07cceb410c1"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/stopwatch/zipball/fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2",
"reference": "fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2",
"url": "https://api.github.com/repos/symfony/stopwatch/zipball/416596166641f1f728b0a64f5b9dd07cceb410c1",
"reference": "416596166641f1f728b0a64f5b9dd07cceb410c1",
"shasum": ""
},
"require": {
@ -3646,7 +3646,7 @@
"description": "Provides a way to profile code",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/stopwatch/tree/v6.4.0"
"source": "https://github.com/symfony/stopwatch/tree/v6.4.3"
},
"funding": [
{
@ -3662,20 +3662,20 @@
"type": "tidelift"
}
],
"time": "2023-02-16T10:14:28+00:00"
"time": "2024-01-23T14:35:58+00:00"
},
{
"name": "symfony/string",
"version": "v6.4.2",
"version": "v6.4.3",
"source": {
"type": "git",
"url": "https://github.com/symfony/string.git",
"reference": "7cb80bc10bfcdf6b5492741c0b9357dac66940bc"
"reference": "7a14736fb179876575464e4658fce0c304e8c15b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/string/zipball/7cb80bc10bfcdf6b5492741c0b9357dac66940bc",
"reference": "7cb80bc10bfcdf6b5492741c0b9357dac66940bc",
"url": "https://api.github.com/repos/symfony/string/zipball/7a14736fb179876575464e4658fce0c304e8c15b",
"reference": "7a14736fb179876575464e4658fce0c304e8c15b",
"shasum": ""
},
"require": {
@ -3732,7 +3732,7 @@
"utf8"
],
"support": {
"source": "https://github.com/symfony/string/tree/v6.4.2"
"source": "https://github.com/symfony/string/tree/v6.4.3"
},
"funding": [
{
@ -3748,7 +3748,7 @@
"type": "tidelift"
}
],
"time": "2023-12-10T16:15:48+00:00"
"time": "2024-01-25T09:26:29+00:00"
}
],
"aliases": [],
@ -3763,5 +3763,5 @@
"ext-openssl": "*"
},
"platform-dev": [],
"plugin-api-version": "2.3.0"
"plugin-api-version": "2.6.0"
}

3
bouncer/docker-compose.yml
View file

@ -30,6 +30,7 @@ services:
- ./test/public-web-a:/app/public
environment:
- BOUNCER_DOMAIN=a.web.grey.ooo
- BOUNCER_TARGET_PORT=80
# - BOUNCER_LETSENCRYPT=true
web-b:
@ -41,5 +42,5 @@ services:
- ./test/public-web-b:/app/public
environment:
- BOUNCER_DOMAIN=b.web.grey.ooo
- BOUNCER_TARGET_PORT=80
# - BOUNCER_LETSENCRYPT=true

57
bouncer/grey-ooo-test.yml
View file

@ -1,57 +0,0 @@
version: "3.4"
services:
bouncer:
build:
context: .
target: bouncer
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# environment:
# - BOUNCER_LETSENCRYPT_MODE=production
# - BOUNCER_LETSENCRYPT_EMAIL=matthew@baggett.me
# - BOUNCER_S3_ENDPOINT=http://grey.ooo:9000
# - BOUNCER_S3_KEY_ID=geusebio
# - BOUNCER_S3_KEY_SECRET=teblE0neTf2NQcVFaZIRkSF44RscyQ3G
# - BOUNCER_S3_BUCKET=bouncer-certificates
# - BOUNCER_S3_USE_PATH_STYLE_ENDPOINT="yes"
ports:
- 127.0.0.5:80:80
- 127.0.0.5:443:443
depends_on:
- web-a
- web-b
- web-c
web-a:
build:
context: .
target: test-app-a
environment:
- BOUNCER_DOMAIN=a.web.grey.ooo
- BOUNCER_LETSENCRYPT=false
- BOUNCER_TARGET_PORT=80
ports:
- 127.0.0.5:81:80
web-b:
build:
context: .
target: test-app-b
environment:
- BOUNCER_DOMAIN=b.web.grey.ooo
- BOUNCER_LETSENCRYPT=false
- BOUNCER_TARGET_PORT=80
ports:
- 127.0.0.5:82:80
web-c:
build:
context: .
target: test-app-c
environment:
- BOUNCER_DOMAIN=c.web.grey.ooo
- BOUNCER_LETSENCRYPT=false
- BOUNCER_TARGET_PORT=80
ports:
- 127.0.0.5:83:80

1
bouncer/logs-nginx-access.runit
View file

@ -1,2 +1,3 @@
#!/usr/bin/env bash
# shellcheck disable=SC2312
tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping

2
bouncer/logs.finish Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
sleep infinity

8
bouncer/logs.runit
View file

@ -1,6 +1,4 @@
#!/usr/bin/env bash
if [[ -f /var/log/bouncer/*.log ]]; then
tail -f /var/log/bouncer/*.log
else
sleep 1
fi
#if [[ -f /var/log/bouncer/bouncer.log ]]; then
# tail -f /var/log/bouncer/bouncer.log
#fi

4
bouncer/public/index.html
View file

@ -1,5 +1,7 @@
<html>
<head><title>👻 Nothing to see here!</title></head>
<head>
<title>👻 Nothing to see here!</title>
</head>
<body>
<h1>Oops!</h1>
<p>There's nothing here.</p>

23
laravel/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
- **Be friendly and patient.**
- **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
* Continued communication after requests to cease.
- Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
- Threats of violence, both physical and psycological.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.
- Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
- Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

8
laravel/Dockerfile
View file

@ -1,5 +1,4 @@
ARG PHP_VERSION
FROM benzine/php:nginx-${PHP_VERSION}
FROM php:nginx
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
@ -20,3 +19,8 @@ COPY laravel-scheduler.runit /etc/service/scheduler/run
COPY migrate.runit /etc/service/migrate/run
COPY wait-for-mysql /usr/bin/wait-for-mysql
RUN chmod +x /etc/service/*/run /etc/service/*/finish /usr/bin/wait-for-mysql
HEALTHCHECK --interval=10s --timeout=3s \
CMD curl -f http://localhost/ || exit 1
RUN adduser laravel
USER laravel

2
laravel/laravel-horizon.finish
View file

@ -1,2 +1,2 @@
#!/bin/bash
sleep 20;
sleep 20

9
laravel/laravel-horizon.runit
View file

@ -2,17 +2,16 @@
rm -f /var/lock/laravel_horizon_started
# If horizon is present, publish the frontend assets, if HORIZON_UI is set to "on"
if [ "${HORIZON_ENABLE,,}" = "on" ]; then
if [[ ${HORIZON_ENABLE,,} == "on" ]]; then
if [[ -f "/app/config/horizon.php" ]]; then
if [ "${MIGRATE_ENABLE}" = "on" ]; then
if [[ ${MIGRATE_ENABLE} == "on" ]]; then
echo "[HORIZON] Waiting until Migration Complete."
until [ -f /var/lock/laravel_migration_complete ]
do
until [[ -f /var/lock/laravel_migration_complete ]]; do
sleep 1
done
echo "[HORIZON] Migration is complete, running Horizon."
fi
if [ "${HORIZON_UI,,}" = "on" ]; then
if [[ ${HORIZON_UI,,} == "on" ]]; then
echo "[HORIZON] Publishing horizon frontend assets"
php /app/artisan horizon:publish
fi

11
laravel/laravel-scheduler.runit
View file

@ -1,17 +1,16 @@
#!/bin/bash
cd /app
if [ "${SCHEDULER_ENABLE,,}" = "on" ]; then
if [ "${MIGRATE_ENABLE}" = "on" ]; then
cd /app || exit
if [[ ${SCHEDULER_ENABLE,,} == "on" ]]; then
if [[ ${MIGRATE_ENABLE} == "on" ]]; then
echo "[SCHEDULER] Waiting until Migration Complete."
until [ -f /var/lock/laravel_migration_complete ]
do
until [[ -f /var/lock/laravel_migration_complete ]]; do
sleep 1
done
echo "[SCHEDULER] Migrations complete, starting scheduler"
fi
while true; do
php /app/artisan schedule:run
sleep 59;
sleep 59
done
else
echo "[SCHEDULER] Not enabled. To enable this feature, set SCHEDULER_ENABLE = on."

2
laravel/laravel.runit
View file

@ -12,7 +12,7 @@ chmod 777 -R /app/storage
chmod +x /app/artisan
php /app/artisan package:discover
if [ "${REGENERATE_KEYS,,}" = "on" ]; then
if [[ ${REGENERATE_KEYS,,} == "on" ]]; then
php /app/artisan key:generate
php /app/artisan passport:keys --force
fi

13
laravel/migrate.runit
View file

@ -2,23 +2,22 @@
rm -f /var/lock/laravel_migration_underway \
/var/lock/laravel_migration_complete
if [ "${MIGRATE_ENABLE,,}" = "on" ]; then
if [[ ${MIGRATE_ENABLE,,} == "on" ]]; then
# Give a moment for services to wake up
echo "[MIGRATION] Waiting until Laravel Ready."
sleep 3
until [ -f /var/lock/laravel_ready ]
do
until [[ -f /var/lock/laravel_ready ]]; do
sleep 1
done
echo "[MIGRATION] Laravel is ready, running migrations..."
cd /app
cd /app || exit
# Run migration
touch /var/lock/laravel_migration_underway
if [ "${MIGRATE_CLEAN,,}" = "on" ]; then
if [[ ${MIGRATE_CLEAN,,} == "on" ]]; then
php /app/artisan migrate:fresh --force
php /app/artisan migrate --force # First run will fail due to permissions. We can ignore, but need to migrate again to finish.
else
@ -26,13 +25,13 @@ if [ "${MIGRATE_ENABLE,,}" = "on" ]; then
php /app/artisan migrate --force || php /app/artisan migrate --force
fi
if [ "${SEEDERS,,}" = "on" ]; then
if [[ ${SEEDERS,,} == "on" ]]; then
php /app/artisan db:seed -q
fi
rm /var/lock/laravel_migration_underway
touch /var/lock/laravel_migration_complete
echo "[MIGRATION] Migration complete!";
echo "[MIGRATION] Migration complete!"
else
echo "[MIGRATION] Not enabled. Set MIGRATE_ENABLE = on to enable."

4
laravel/nginx.runit
View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash
if [ -z "${SSL_CERTIFICATE}" ]; then
if [[ -z ${SSL_CERTIFICATE} ]]; then
echo "No certificate set, using defaults"
else
echo "Setting /certs/example.crt and /certs/example.key"
@ -8,7 +8,7 @@ else
echo "${SSL_CERTIFICATE_KEY}" >/certs/example.key
fi
if [ "${HTTP_ENABLE,,}" = "on" ]; then
if [[ ${HTTP_ENABLE,,} == "on" ]]; then
echo "[NGINX] Starting Nginx"
/usr/sbin/nginx
else

6
laravel/wait-for-mysql
View file

@ -2,12 +2,12 @@
MYSQL_HOST=${MYSQL_HOST:-"localhost"}
MYSQL_PORT=${MYSQL_PORT:-3306}
echo -n "Waiting for MySQL..."
while ! mysqladmin ping -h"$MYSQL_HOST" -P"$MYSQL_PORT" --silent; do
while ! mysqladmin ping -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" --silent; do
sleep 1
echo -n "."
done
sleep 1;
while ! mysqladmin ping -h"$MYSQL_HOST" -P"$MYSQL_PORT" --silent; do
sleep 1
while ! mysqladmin ping -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" --silent; do
sleep 1
echo -n "."
done

23
marshall/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
- **Be friendly and patient.**
- **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
* Continued communication after requests to cease.
- Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
- Threats of violence, both physical and psycological.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.
- Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
- Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

8
marshall/Dockerfile
View file

@ -1,4 +1,5 @@
FROM ubuntu:focal
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM ubuntu:version
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
@ -15,7 +16,7 @@ ENV DEBIAN_FRONTEND="teletype" \
MARSHALL_BUILD_HOST=${MARSHALL_BUILD_HOST}
WORKDIR /app
SHELL ["/bin/bash", "-c"]
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV PATH="/app:/app/bin:/app/vendor/bin:${PATH}"
ENV PS1="\[\e[31m\][\[\e[m\]\[\e[38;5;172m\]\u\[\e[m\]@\[\e[38;5;153m\]\h\[\e[m\] \[\e[38;5;214m\]\W\[\e[m\]\[\e[31m\]]\[\e[m\]\\$ "
@ -28,3 +29,6 @@ CMD ["/usr/bin/marshall"]
RUN /installers/install && \
rm -rf /marshall /installers && \
chmod +x /usr/bin/marshall
# Disable healthcheck, as healthcheck is nonsensical for this container.
HEALTHCHECK NONE

1
marshall/etc/service/logrotate/logrotate.runit
View file

@ -1,2 +1 @@
#!/bin/bash

2
marshall/etc/service/rsyslog/rsyslog.finish Normal file
View file

@ -0,0 +1,2 @@
#!/bin/bash
echo "Oh no! rsyslog has crashed!"

10
marshall/etc/service/rsyslog/rsyslog.runit
View file

@ -1,11 +1,11 @@
#!/bin/sh
SYSLOG_LOCATION=/var/log/syslog
if [ ! -f $SYSLOG_LOCATION ]; then
touch $SYSLOG_LOCATION
if [ ! -f "${SYSLOG_LOCATION}" ]; then
touch "${SYSLOG_LOCATION}"
fi
chmod 777 $SYSLOG_LOCATION
chmod 777 "${SYSLOG_LOCATION}"
service rsyslog start;
service rsyslog start
sleep 5
tail -f $SYSLOG_LOCATION | sed --unbuffered 's|.*\[.*\]: ||g'
tail -f "${SYSLOG_LOCATION}" | sed --unbuffered 's|.*\[.*\]: ||g'

25
marshall/installers/000_apt.sh
View file

@ -1,18 +1,19 @@
#!/bin/bash
# shellcheck disable=SC1091,SC2312
source /installers/config
echo "force-unsafe-io" >/etc/dpkg/dpkg.cfg.d/force-unsafe-io
# We're gonna move the sources to .d/ubuntu.list, then copy it, then manipulate it for a mirror list.
(
cat /etc/apt/sources.list;
cat /etc/apt/sources.list \
| sed 's/http\:\/\/archive\.ubuntu\.com\/ubuntu\//mirror\:\/\/mirrors.ubuntu.com\/mirrors.txt/g' \
| sed "s|deb http://security.ubuntu.com|# deb http://security.ubuntu.com|g"
) \
| sed '/^#/d' \
| sed '/^$/d' \
> /etc/apt/sources.list.d/ubuntu.list
rm /etc/apt/sources.list; touch /etc/apt/sources.list;
#(
# cat /etc/apt/sources.list
# sed 's/http\:\/\/archive\.ubuntu\.com\/ubuntu\//mirror\:\/\/mirrors.ubuntu.com\/mirrors.txt/g' </etc/apt/sources.list |
# sed "s|deb http://security.ubuntu.com|# deb http://security.ubuntu.com|g"
#) |
# sed '/^#/d' |
# sed '/^$/d' \
# >/etc/apt/sources.list.d/ubuntu.list
#rm /etc/apt/sources.list
#touch /etc/apt/sources.list
# Remove duplicate sources
sort /etc/apt/sources.list.d/ubuntu.list | uniq >/etc/apt/sources.list.d/ubuntu.list.uniq
@ -25,5 +26,5 @@ apt-get -qq update
apt-get -yq upgrade
# Install apt-utils & ca-certificates to prevent some screaming.
$APT_GET ca-certificates
$APT_GET apt apt-utils
${APT_GET} ca-certificates
${APT_GET} apt apt-utils

3
marshall/installers/001_bash.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET bash
${APT_GET} bash

5
marshall/installers/002_timezone.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET tzdata
echo $DEFAULT_TZ > /etc/timezone
${APT_GET} tzdata
echo "${DEFAULT_TZ}" >/etc/timezone

3
marshall/installers/003_dos2unix.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET dos2unix
${APT_GET} dos2unix

3
marshall/installers/004_gpgagent.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET gpg-agent
${APT_GET} gpg-agent

3
marshall/installers/050_runit.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET \
${APT_GET} \
runit

3
marshall/installers/100_cron.sh
View file

@ -1,6 +1,7 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET cron
${APT_GET} cron
chmod 600 /etc/crontab

6
marshall/installers/101_rsyslog.sh
View file

@ -1,7 +1,9 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET rsyslog
${APT_GET} rsyslog
mkdir -p /etc/service/rsyslog
mv /etc/service/rsyslog/rsyslog.runit /etc/service/rsyslog/run
chmod +x /etc/service/rsyslog/run
mv /etc/service/rsyslog/rsyslog.finish /etc/service/rsyslog/finish
chmod +x /etc/service/rsyslog/run /etc/service/rsyslog/finish

3
marshall/installers/900_utils.sh
View file

@ -1,7 +1,8 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
$APT_GET \
${APT_GET} \
inetutils-ping \
nano \
host \

1
marshall/installers/999_cleanup.sh
View file

@ -1,4 +1,5 @@
#!/bin/bash
# shellcheck disable=SC1091
source /installers/config
cd /
apt-get remove -yqq \

10
marshall/installers/config
View file

@ -1,10 +1,10 @@
#!/bin/bash
set -e
COLOUR_FAIL='\e[31m'
COLOUR_SUCCESS='\e[32m'
COLOUR_RESET='\e[0m'
printf 'Running: %b%s%b\n' $COLOUR_SUCCESS "${0##*/}" $COLOUR_RESET
export COLOUR_FAIL='\e[31m'
export COLOUR_SUCCESS='\e[32m'
export COLOUR_RESET='\e[0m'
printf 'Running: %b%s%b\n' "${COLOUR_SUCCESS}" "${0##*/}" "${COLOUR_RESET}"
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive
APT_GET='apt-get install -yqq --no-install-recommends '
export APT_GET='apt-get install -yqq --no-install-recommends '

2
marshall/installers/install
View file

@ -3,5 +3,5 @@ set -e
cd "$(dirname "$0")"
for file in *.sh; do
/bin/bash $file
/bin/bash "${file}"
done

8
marshall/usr/bin/package-report
View file

@ -1,5 +1,5 @@
#!/bin/bash
echo "Packages installed:":
echo " KiloBytes\tPackage";
#!/usr/bin/env bash
printf "Packages installed:\n KiloBytes\tPackage\n"
dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n | tac
# shellcheck disable=SC2312
dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n | tac | head -n 5

23
mitm-proxy/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
- **Be friendly and patient.**
- **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
* Continued communication after requests to cease.
- Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
- Threats of violence, both physical and psycological.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.
- Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
- Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

6
mitm-proxy/Dockerfile
View file

@ -1,6 +1,4 @@
# From upstream redis
# hadolint ignore=DL3007
FROM mitmproxy/mitmproxy
FROM mitmproxy:version
ARG BUILD_DATE
ARG GIT_SHA
ARG MITM_VERSION
@ -38,6 +36,8 @@ RUN os=$(grep "^ID=" < /etc/os-release | cut -f2 -d'=') && \
exit 1; \
fi
USER mitmproxy
# Add healthcheck
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -I -x http://localhost:8080 -k https://www.google.com || exit 1

9
mqtt/Dockerfile
View file

@ -1,4 +1,9 @@
# hadolint ignore=DL3007
FROM eclipse-mosquitto:latest
FROM eclipse-mosquitto:injected-version
COPY mosquitto.conf /mosquitto/config/mosquitto.conf
RUN adduser -D mqtt
USER mqtt
HEALTHCHECK --interval=15s --timeout=3s --start-period=10s --retries=5 \
CMD mosquitto_sub -h localhost -t '$SYS/#' -C 1 -W 3

3
mysql-proxy/.hadolint.yaml
View file

@ -1,3 +0,0 @@
ignored:
- DL3005
- DL3008

46
mysql-proxy/Dockerfile
View file

@ -1,4 +1,4 @@
FROM benzine/marshall:latest AS mysql-proxy
FROM marshall:version AS mysql-proxy
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
@ -8,13 +8,14 @@ ENV MYSQL_PROXY_VERSION 0.8.5
ENV MYSQL_PROXY_TAR_NAME mysql-proxy-$MYSQL_PROXY_VERSION-linux-debian6.0-x86-64bit
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
RUN adduser mysql && \
apt-get update && \
apt-get upgrade -y ca-certificates tzdata && \
apt-get -y install --no-install-recommends \
wget \
mysql-client \
&& \
wget https://downloads.mysql.com/archives/get/p/21/file/$MYSQL_PROXY_TAR_NAME.tar.gz && \
wget -q https://downloads.mysql.com/archives/get/p/21/file/$MYSQL_PROXY_TAR_NAME.tar.gz && \
tar -xzvf $MYSQL_PROXY_TAR_NAME.tar.gz && \
mv $MYSQL_PROXY_TAR_NAME /opt/mysql-proxy && \
rm $MYSQL_PROXY_TAR_NAME.tar.gz && \
@ -22,38 +23,15 @@ RUN apt-get update && \
apt-get autoremove -yqq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/ && \
chown -R root:root /opt/mysql-proxy && \
printf "#!/bin/bash\n\
\n\
exec /opt/mysql-proxy/bin/mysql-proxy \\\\\n\
--keepalive \\\\\n\
--log-level=error \\\\\n\
--plugins=proxy \\\\\n\
--proxy-address=\${PROXY_DB_HOST}:\${PROXY_DB_PORT} \\\\\n\
--proxy-backend-addresses=\${REMOTE_DB_HOST}:\${REMOTE_DB_PORT} \\\\\n\
--proxy-lua-script=/opt/mysql-proxy/conf/main.lua\n\
" >> /usr/local/bin//entrypoint.sh && \
chmod u+x /usr/local/bin/entrypoint.sh && \
ln -s /usr/local/bin/docker-entrypoint.sh /entrypoint.sh # shortcut
HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=3 \
CMD mysqladmin ping -h 127.0.0.1 -p 3306 -u root || exit 1
ENTRYPOINT [ "entrypoint.sh" ]
chown -R mysql:mysql /opt/mysql-proxy
COPY main.lua /opt/mysql-proxy/conf/main.lua
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/healthcheck.sh
CMD [ "/usr/local/bin/entrypoint.sh" ]
# For another derived image:
HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=3 \
CMD /usr/local/bin/healthcheck.sh || exit 1
# --help-all
# --proxy-backend-addresses=mysql:3306
# --proxy-skip-profiling
# --proxy-backend-addresses=host:port
# --proxy-read-only-backend-addresses=host:port
# --keepalive
# --admin-username=User
# --admin-password=Password
# --log-level=crititcal
# The log level to use when outputting error messages.
# Messages with that level (or lower) are output.
# For example, message level also outputs message with info, warning, and error levels.
USER mysql

41
mysql-proxy/README.md
View file

@ -1,10 +1,11 @@
# MySQL Proxy
# Usage with docker-compose
## Usage with docker-compose
without
```
version: '2'
```yaml
version: "2"
services:
db:
@ -22,8 +23,9 @@ services:
```
within
```
version: '2'
```yaml
version: "2"
services:
mysql:
@ -58,9 +60,11 @@ services:
- mysql
```
# Query to stdout
## Query to stdout
For `docker-compose up` without `-d` (`../mysql-proxy/main.lua`)
```
```lua
function read_query(packet)
if string.byte(packet) == proxy.COM_QUERY then
print(string.sub(packet, 2))
@ -68,10 +72,9 @@ function read_query(packet)
end
```
# Query logging for mysql-proxy
## Query logging for mysql-proxy
```
...
```yaml
volumes:
- ../mysql-proxy-conf:/opt/mysql-proxy/conf
- ../mysql-proxy-logs:/opt/mysql-proxy/logs
@ -81,11 +84,11 @@ end
REMOTE_DB_PORT: 3306
LUA_SCRIPT: "/opt/mysql-proxy/conf/log.lua"
LOG_FILE: "/opt/mysql-proxy/logs/mysql.log"
...
```
`/mysql-proxy-conf/log.lua` https://gist.github.com/simonw/1039751
```
```lua
local log_file = os.getenv("LOG_FILE")
local fh = io.open(log_file, "a+")
@ -101,16 +104,18 @@ function read_query( packet )
end
end
```
# thanks
## thanks
https://hub.docker.com/r/zwxajh/mysql-proxy
https://hub.docker.com/r/gediminaspuksmys/mysqlproxy/
# logrotate
## logrotate
The image can be expand with `logrotate`
Config file `/etc/logrotate.d/mysql-proxy` (approximate)
```
```text
/opt/mysql-proxy/mysql.log {
weekly
missingok
@ -125,10 +130,12 @@ Config file `/etc/logrotate.d/mysql-proxy` (approximate)
}
```
# troubleshooting
## troubleshooting
If you can't create the chain `mysql` -> `mysql-proxy` -> `external client liten 0.0.0.0:3308`
check extends ports on the `mysql` service and/or add `expose` directly
```
```yaml
expose:
- "3306" #for service mysql-proxy
```

38
mysql-proxy/docker-compose.yml Normal file
View file

@ -0,0 +1,38 @@
version: "3"
services:
mysql:
image: mysql:8.0.0
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: dbuser
MYSQL_USER: dbuser
MYSQL_PASSWORD: password
healthcheck:
test:
[
"CMD",
"mysqladmin",
"ping",
"-h",
"127.0.0.1",
"-u",
"dbuser",
"-ppassword",
]
interval: 5s
timeout: 20s
retries: 5
proxy:
build: .
restart: always
environment:
PROXY_DB_PORT: 3306
REMOTE_DB_HOST: mysql
REMOTE_DB_PORT: 3306
MYSQL_USER: dbuser
MYSQL_PASSWORD: password
depends_on:
mysql:
condition: service_healthy

12
mysql-proxy/entrypoint.sh Normal file
View file

@ -0,0 +1,12 @@
#!/bin/bash
echo "Starting MySQL Proxy..."
echo "Configured to listen as ${PROXY_DB_HOST}:${PROXY_DB_PORT}"
echo "Configured to forward to ${REMOTE_DB_HOST}:${REMOTE_DB_PORT}"
exec /opt/mysql-proxy/bin/mysql-proxy \
--keepalive \
--log-level=error \
--plugins=proxy \
--proxy-address="${PROXY_DB_HOST}":"${PROXY_DB_PORT}" \
--proxy-backend-addresses="${REMOTE_DB_HOST}":"${REMOTE_DB_PORT}" \
--proxy-lua-script=/opt/mysql-proxy/conf/main.lua

6
mysql-proxy/healthcheck.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
export MYSQL_PWD="${MYSQL_PASSWORD}"
mysqladmin ping \
-h "${PROXY_DB_HOST:-"127.0.0.1"}" \
-P "${PROXY_DB_PORT}" \
-u "${MYSQL_USER}"

23
node/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
- **Be friendly and patient.**
- **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
* Continued communication after requests to cease.
- Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
- Threats of violence, both physical and psycological.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.
- Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
- Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

26
node/Dockerfile
View file

@ -1,12 +1,12 @@
# hadolint ignore=DL3007
FROM benzine/marshall:latest AS nodejs
FROM marshall:build AS nodejs
ARG NODE_VERSION
ARG YARN_VERSION
ARG PATH="/app/node_modules/.bin:${PATH}"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN mkdir ~/.gnupg && \
RUN adduser node && \
mkdir ~/.gnupg && \
echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf && \
apt-get -qq update && \
apt-get -yqq install --no-install-recommends \
@ -58,21 +58,27 @@ RUN mkdir ~/.gnupg && \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& curl -fsSLO --compressed "https://github.com/yarnpkg/yarn/releases/download/v$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& mkdir -p /opt \
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& rm yarn-v$YARN_VERSION.tar.gz \
\
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log
# Healthcheck is nonsensical for this container.
HEALTHCHECK NONE
# Back to userland
USER node
FROM nodejs AS nodejs-compiler
# Install dependencies
USER root
RUN apt-get -qq update && \
apt-get -yqq install --no-install-recommends \
python \
@ -81,3 +87,9 @@ RUN apt-get -qq update && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log
# Healthcheck is nonsensical for this container.
HEALTHCHECK NONE
# Back to userland
USER node

23
php/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
- **Be friendly and patient.**
- **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
* Continued communication after requests to cease.
- Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
- Threats of violence, both physical and psycological.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.
- Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
- Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

84
php/Dockerfile.Flavours → php/Dockerfile
View file

@ -1,10 +1,68 @@
ARG PHP_CORE_VERSION
# hadolint ignore=DL3024
FROM ${PHP_CORE_VERSION} AS php-cli
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM marshall:build AS php-core
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
ARG PHP_PACKAGES
ARG COMPOSER_VERSION
ENV COMPOSER_ALLOW_SUPERUSER=1
COPY core/install-report.sh /usr/bin/install-report
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN echo "Acquire::Retries \"5\";" > /etc/apt/apt.conf.d/80-retries && \
echo "Acquire::http::No-Cache=true;" > /etc/apt/apt.conf.d/80-no-cache && \
echo "Acquire::http::Pipeline-Depth=0;" > /etc/apt/apt.conf.d/80-no-pipeline && \
apt-get -qq update && \
apt-get -yqq upgrade && \
apt-get -yqq install --no-install-recommends \
python3-software-properties \
software-properties-common \
&& \
echo "PHP packages to install:" && echo $PHP_PACKAGES && \
add-apt-repository -y ppa:ondrej/php && \
apt-get -qq update && \
apt-get -yqq install --no-install-recommends $PHP_PACKAGES &&\
apt-get remove -yqq \
software-properties-common \
python-apt-common \
python3-software-properties \
python3.5 python3.5-minimal libpython3.5-minimal \
&& \
apt-get autoremove -yqq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log && \
rm -rf /usr/bin/mariabackup \
/usr/bin/mysql_embedded \
/usr/bin/mysql_find_rows \
/usr/bin/mysql_fix_extensions \
/usr/bin/mysql_waitpid \
/usr/bin/mysqlaccess \
/usr/bin/mysqlanalyze \
/usr/bin/mysqlcheck \
/usr/bin/mysqldump \
/usr/bin/mysqldumpslow \
/usr/bin/mysqlimport \
/usr/bin/mysqloptimize \
/usr/bin/mysqlrepair \
/usr/bin/mysqlreport \
/usr/bin/mysqlshow \
/usr/bin/mysqlslap \
/usr/bin/mytop
RUN chmod +x /usr/bin/install-report && \
/usr/bin/install-report
RUN curl https://getcomposer.org/download/$COMPOSER_VERSION/composer.phar --output /usr/local/bin/composer && \
chmod +x /usr/local/bin/composer /usr/bin/install-report && \
composer self-update
# Healthcheck is nonsensical for this container.
HEALTHCHECK NONE
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM php-core AS php-cli
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
# Install a funky cool repl.
RUN composer global require -q psy/psysh:@stable && \
@ -14,8 +72,11 @@ RUN composer global require -q psy/psysh:@stable && \
COPY cli/psysh-config.php /root/.config/psysh/config.php
ARG PHP_CORE_VERSION
FROM ${PHP_CORE_VERSION} AS php-nginx
RUN composer --version && \
repl --version
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM php-cli AS php-nginx
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
@ -26,10 +87,10 @@ ENV PHPFPM_MAX_CHILDREN=25
COPY nginx /conf
COPY self-signed-certificates /certs
# ts:skip=AC_DOCKER_0002 Mis-detecting usage of apt instead of apt-get
RUN apt-get -qq update && \
# Install pre-dependencies to use apt-key.
apt-get -yqq install --no-install-recommends \
sudo \
lsb-core \
gnupg \
&& \
@ -101,13 +162,15 @@ RUN apt-get -qq update && \
mv /conf/php-fpm.runit /etc/service/php-fpm/run && \
mv /conf/letsencrypt.runit /etc/service/letsencrypt/run && \
#mv /conf/logs-letsencrypt.runit /etc/service/logs-letsencrypt/run && \
#mv /conf/logs-letsencrypt.finish /etc/service/logs-letsencrypt/finish && \
mv /conf/logs-nginx-access.runit /etc/service/logs-nginx-access/run && \
mv /conf/logs-nginx-error.runit /etc/service/logs-nginx-error/run && \
mv /conf/logs-phpfpm-error.runit /etc/service/logs-phpfpm-error/run && \
mv /conf/logs-phpfpm-error.finish /etc/service/logs-phpfpm-error/finish && \
# Make sure all our new services are using unix line endings
dos2unix -q /etc/service/*/run && \
dos2unix -q /etc/service/*/run /etc/service/*/finish && \
# Make sure all our new services are executable
chmod +x /etc/service/*/run && \
chmod +x /etc/service/*/run /etc/service/*/finish && \
# Cleanup the /conf dir
rm -R /conf && \
# Write the PHP version into some template locations
@ -133,12 +196,13 @@ VOLUME /etc/letsencrypt
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost/ || exit 1
ARG PHP_CORE_VERSION
FROM ${PHP_CORE_VERSION} AS php-apache
# checkov:skip=CKV_DOCKER_3 user cannot be determined at this stage.
FROM php-cli AS php-apache
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
ARG PHP_VERSION
# ts:skip=AC_DOCKER_0002 Mis-detecting usage of apt instead of apt-get
RUN apt-get -qq update && \
apt-get -yqq install --no-install-recommends \
apache2 \

56
php/Dockerfile.Core
View file

@ -1,56 +0,0 @@
# hadolint ignore=DL3007
FROM benzine/marshall:latest AS php-core
LABEL maintainer="Matthew Baggett <matthew@baggett.me>" \
org.label-schema.vcs-url="https://github.com/benzine-framework/docker" \
org.opencontainers.image.source="https://github.com/benzine-framework/docker"
ARG PHP_PACKAGES
ARG COMPOSER_UPDATE_FLAGS
ENV COMPOSER_ALLOW_SUPERUSER=1
COPY core/install-report.sh /usr/bin/install-report
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN echo "APT::Acquire::Retries \"5\";" > /etc/apt/apt.conf.d/80-retries && \
echo "Acquire::http::No-Cache=true;" > /etc/apt/apt.conf.d/80-no-cache && \
echo "Acquire::http::Pipeline-Depth=0;" > /etc/apt/apt.conf.d/80-no-pipeline && \
apt-get -qq update && \
apt-get -yqq upgrade && \
apt-get -yqq install --no-install-recommends \
python3-software-properties \
software-properties-common \
&& \
echo "PHP packages to install:" && echo $PHP_PACKAGES && \
add-apt-repository -y ppa:ondrej/php && \
apt-get -qq update && \
apt-get -yqq install --no-install-recommends $PHP_PACKAGES &&\
apt-get remove -yqq \
software-properties-common \
python-apt-common \
python3-software-properties \
python3.5 python3.5-minimal libpython3.5-minimal \
&& \
apt-get autoremove -yqq && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/lib/dpkg/status.old /var/cache/debconf/templates.dat /var/log/dpkg.log /var/log/lastlog /var/log/apt/*.log && \
rm -rf /usr/bin/mariabackup \
/usr/bin/mysql_embedded \
/usr/bin/mysql_find_rows \
/usr/bin/mysql_fix_extensions \
/usr/bin/mysql_waitpid \
/usr/bin/mysqlaccess \
/usr/bin/mysqlanalyze \
/usr/bin/mysqlcheck \
/usr/bin/mysqldump \
/usr/bin/mysqldumpslow \
/usr/bin/mysqlimport \
/usr/bin/mysqloptimize \
/usr/bin/mysqlrepair \
/usr/bin/mysqlreport \
/usr/bin/mysqlshow \
/usr/bin/mysqlslap \
/usr/bin/mytop
RUN chmod +x /usr/bin/install-report && \
/usr/bin/install-report
RUN curl https://getcomposer.org/composer-stable.phar --output /usr/local/bin/composer && \
chmod +x /usr/local/bin/composer /usr/bin/install-report && \
composer self-update ${COMPOSER_UPDATE_FLAGS}

38
php/Makefile
View file

@ -1,38 +0,0 @@
BUILD:=docker build
docker-marshall:
$(BUILD) \
--tag benzine/marshall:latest \
../marshall
docker-php-core:
$(BUILD) \
--build-arg PHP_PACKAGES="git htop mariadb-client php${PHP_VERSION}-apcu php${PHP_VERSION}-bcmath php${PHP_VERSION}-bz2 php${PHP_VERSION}-cli php${PHP_VERSION}-curl php${PHP_VERSION}-gd php${PHP_VERSION}-imap php${PHP_VERSION}-imagick php${PHP_VERSION}-intl php${PHP_VERSION}-ldap php${PHP_VERSION}-mailparse php${PHP_VERSION}-mbstring php${PHP_VERSION}-memcache php${PHP_VERSION}-mongodb php${PHP_VERSION}-mysql php${PHP_VERSION}-opcache php${PHP_VERSION}-pgsql php${PHP_VERSION}-phpdbg php${PHP_VERSION}-pspell php${PHP_VERSION}-redis php${PHP_VERSION}-soap php${PHP_VERSION}-sqlite php${PHP_VERSION}-xdebug php${PHP_VERSION}-xml php${PHP_VERSION}-zip postgresql-client" \
--build-arg PHP_VERSION=${PHP_VERSION} \
--tag benzine/php:core-${PHP_VERSION} \
--target php-core \
--file Dockerfile.Core \
.
docker-php-flavour:
$(BUILD) \
--build-arg PHP_CORE_VERSION=benzine/php:core-${PHP_VERSION} \
--build-arg PHP_VERSION=${PHP_VERSION} \
--tag benzine/php:${FLAVOUR}-${PHP_VERSION} \
--target php-${FLAVOUR} \
--file Dockerfile.Flavours \
.
bake-flavours:
$(MAKE) docker-php-flavour FLAVOUR=cli
$(MAKE) docker-php-flavour FLAVOUR=nginx
#$(MAKE) docker-php-flavour FLAVOUR=apache
bake:
$(MAKE) docker-marshall
#$(MAKE) docker-php-core bake-flavours PHP_VERSION=7.3
#$(MAKE) docker-php-core bake-flavours PHP_VERSION=7.4
#$(MAKE) docker-php-core bake-flavours PHP_VERSION=8.0
$(MAKE) docker-php-core bake-flavours PHP_VERSION=8.1
all: bake

46
php/README.md
View file

@ -1,46 +0,0 @@
```bash
▄▄▄▄ ▓█████ ███▄ █ ▒███████▒ ██▓ ███▄ █ ▓█████
▓█████▄ ▓█ ▀ ██ ▀█ █ ▒ ▒ ▒ ▄▀░▓██▒ ██ ▀█ █ ▓█ ▀
▒██▒ ▄██▒███ ▓██ ▀█ ██▒░ ▒ ▄▀▒░ ▒██▒▓██ ▀█ ██▒▒███
▒██░█▀ ▒▓█ ▄ ▓██▒ ▐▌██▒ ▄▀▒ ░░██░▓██▒ ▐▌██▒▒▓█ ▄
░▓█ ▀█▓░▒████▒▒██░ ▓██░▒███████▒░██░▒██░ ▓██░░▒████▒
░▒▓███▀▒░░ ▒░ ░░ ▒░ ▒ ▒ ░▒▒ ▓░▒░▒░▓ ░ ▒░ ▒ ▒ ░░ ▒░ ░
▒░▒ ░ ░ ░ ░░ ░░ ░ ▒░░░▒ ▒ ░ ▒ ▒ ░░ ░░ ░ ▒░ ░ ░ ░
░▄▄▄▄ ░ ░▄▄▄░ ▒░ ░ ░██████░▓█████ ░ ░ ██▓ ███▄░▄███▓ ▄▄▄ ▄████ ▓█████
▓█████▄ ▒████▄░ ▒██ ▒░▓█ ▀ ░ ▓██▒▓██▒▀█▀ ██▒▒████▄ ██▒ ▀█▒▓█ ▀
▒██▒ ▄██▒██ ▀█▄ ░ ▓██▄ ▒███ ▒██▒▓██ ▓██░▒██ ▀█▄ ▒██░▄▄▄░▒███
▒██░█▀ ░██▄▄▄▄██ ▒ ██▒▒▓█ ▄ ░██░▒██ ▒██ ░██▄▄▄▄██ ░▓█ ██▓▒▓█ ▄
░▓█ ▀█▓ ▓█ ▓██▒▒██████▒▒░▒████▒ ░██░▒██▒ ░██▒ ▓█ ▓██▒░▒▓███▀▒░▒████▒
░▒▓███▀▒ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░░░ ▒░ ░ ░▓ ░ ▒░ ░ ░ ▒▒ ▓▒█░ ░▒ ▒ ░░ ▒░ ░
▒░▒ ░ ▒ ▒▒ ░░ ░▒ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ▒▒ ░ ░ ░ ░ ░ ░
░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
```
[![Build](https://github.com/benzine-framework/docker-php/actions/workflows/build.yml/badge.svg)](https://github.com/benzine-framework/docker-php/actions/workflows/build.yml)
Docker PHP Base kit based on lessons learned from phusion/baseimage using runit to allow for multiple processes, featuring multiple versions of PHP and NodeJS.
| Name | Architecture | Size | Last Updated | Microbadger |
|----------------------|--------------|----------------------------------------------------------------------------------------------------:|--------------------:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
| benzine/marshall:latest | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/49.04MB-green.svg)](https://hub.docker.com/r/benzine/marshall) | 2021-02-16 13:04:48 | [![](https://images.microbadger.com/badges/image/benzine/marshall:latest.svg)](https://microbadger.com/images/benzine/marshall:latest "Get your own image badge on microbadger.com") |
| benzine/php:apache | AMD64 | [![Layers](https://img.shields.io/badge/127.09MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:35 | [![](https://images.microbadger.com/badges/image/benzine/php:apache.svg)](https://microbadger.com/images/benzine/php:apache "Get your own image badge on microbadger.com") |
| benzine/php:cli | AMD64 | [![Layers](https://img.shields.io/badge/123.56MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:35 | [![](https://images.microbadger.com/badges/image/benzine/php:cli.svg)](https://microbadger.com/images/benzine/php:cli "Get your own image badge on microbadger.com") |
| benzine/php:nginx | AMD64 | [![Layers](https://img.shields.io/badge/133.72MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:33 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx.svg)](https://microbadger.com/images/benzine/php:nginx "Get your own image badge on microbadger.com") |
| benzine/php:nginx-8.0 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/133.65MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:19:02 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-8.0.svg)](https://microbadger.com/images/benzine/php:nginx-8.0 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.0 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.31MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:18:58 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.0.svg)](https://microbadger.com/images/benzine/php:nginx-7.0 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.4 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/133.72MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:18:52 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.4.svg)](https://microbadger.com/images/benzine/php:nginx-7.4 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.1 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.55MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:18:16 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.1.svg)](https://microbadger.com/images/benzine/php:nginx-7.1 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.3 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.95MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:53 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.3.svg)](https://microbadger.com/images/benzine/php:nginx-7.3 "Get your own image badge on microbadger.com") |
| benzine/php:nginx-7.2 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/133.96MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:45 | [![](https://images.microbadger.com/badges/image/benzine/php:nginx-7.2.svg)](https://microbadger.com/images/benzine/php:nginx-7.2 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.0 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/126.67MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:25 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.0.svg)](https://microbadger.com/images/benzine/php:apache-7.0 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.4 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/127.09MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:17:01 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.4.svg)](https://microbadger.com/images/benzine/php:apache-7.4 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.3 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/127.32MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:16:19 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.3.svg)](https://microbadger.com/images/benzine/php:apache-7.3 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.1 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/126.91MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:16:18 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.1.svg)](https://microbadger.com/images/benzine/php:apache-7.1 "Get your own image badge on microbadger.com") |
| benzine/php:apache-8.0 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/127.02MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:16:12 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-8.0.svg)](https://microbadger.com/images/benzine/php:apache-8.0 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.2 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/123.78MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:15:47 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.2.svg)](https://microbadger.com/images/benzine/php:cli-7.2 "Get your own image badge on microbadger.com") |
| benzine/php:cli-8.0 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/123.44MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:14:58 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-8.0.svg)](https://microbadger.com/images/benzine/php:cli-8.0 "Get your own image badge on microbadger.com") |
| benzine/php:apache-7.2 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/127.34MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:14:06 | [![](https://images.microbadger.com/badges/image/benzine/php:apache-7.2.svg)](https://microbadger.com/images/benzine/php:apache-7.2 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.4 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/123.56MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:13:56 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.4.svg)](https://microbadger.com/images/benzine/php:cli-7.4 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.0 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/123.27MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:13:12 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.0.svg)](https://microbadger.com/images/benzine/php:cli-7.0 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.3 | AMD64, ARM64 | [![Layers](https://img.shields.io/badge/123.80MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:12:44 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.3.svg)](https://microbadger.com/images/benzine/php:cli-7.3 "Get your own image badge on microbadger.com") |
| benzine/php:cli-7.1 | ARM64, AMD64 | [![Layers](https://img.shields.io/badge/123.36MB-green.svg)](https://hub.docker.com/r/benzine/php) | 2021-02-16 13:12:11 | [![](https://images.microbadger.com/badges/image/benzine/php:cli-7.1.svg)](https://microbadger.com/images/benzine/php:cli-7.1 "Get your own image badge on microbadger.com") |

23
php/README.template
View file

@ -1,23 +0,0 @@
```bash
▄▄▄▄ ▓█████ ███▄ █ ▒███████▒ ██▓ ███▄ █ ▓█████
▓█████▄ ▓█ ▀ ██ ▀█ █ ▒ ▒ ▒ ▄▀░▓██▒ ██ ▀█ █ ▓█ ▀
▒██▒ ▄██▒███ ▓██ ▀█ ██▒░ ▒ ▄▀▒░ ▒██▒▓██ ▀█ ██▒▒███
▒██░█▀ ▒▓█ ▄ ▓██▒ ▐▌██▒ ▄▀▒ ░░██░▓██▒ ▐▌██▒▒▓█ ▄
░▓█ ▀█▓░▒████▒▒██░ ▓██░▒███████▒░██░▒██░ ▓██░░▒████▒
░▒▓███▀▒░░ ▒░ ░░ ▒░ ▒ ▒ ░▒▒ ▓░▒░▒░▓ ░ ▒░ ▒ ▒ ░░ ▒░ ░
▒░▒ ░ ░ ░ ░░ ░░ ░ ▒░░░▒ ▒ ░ ▒ ▒ ░░ ░░ ░ ▒░ ░ ░ ░
░▄▄▄▄ ░ ░▄▄▄░ ▒░ ░ ░██████░▓█████ ░ ░ ██▓ ███▄░▄███▓ ▄▄▄ ▄████ ▓█████
▓█████▄ ▒████▄░ ▒██ ▒░▓█ ▀ ░ ▓██▒▓██▒▀█▀ ██▒▒████▄ ██▒ ▀█▒▓█ ▀
▒██▒ ▄██▒██ ▀█▄ ░ ▓██▄ ▒███ ▒██▒▓██ ▓██░▒██ ▀█▄ ▒██░▄▄▄░▒███
▒██░█▀ ░██▄▄▄▄██ ▒ ██▒▒▓█ ▄ ░██░▒██ ▒██ ░██▄▄▄▄██ ░▓█ ██▓▒▓█ ▄
░▓█ ▀█▓ ▓█ ▓██▒▒██████▒▒░▒████▒ ░██░▒██▒ ░██▒ ▓█ ▓██▒░▒▓███▀▒░▒████▒
░▒▓███▀▒ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░░░ ▒░ ░ ░▓ ░ ▒░ ░ ░ ▒▒ ▓▒█░ ░▒ ▒ ░░ ▒░ ░
▒░▒ ░ ▒ ▒▒ ░░ ░▒ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ▒▒ ░ ░ ░ ░ ░ ░
░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░░ ░ ░ ▒ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
```
[![Build](https://github.com/goneio/base-image/actions/workflows/build.yml/badge.svg)](https://github.com/goneio/base-image/actions/workflows/build.yml)
Docker PHP Base kit based on lessons learned from phusion/baseimage using runit to allow for multiple processes, featuring multiple versions of PHP and NodeJS.
{{TABLE}}

9
php/apache/apache.runit
View file

@ -1,9 +1,10 @@
#!/bin/bash
# Ignore not following /etc/apache2/envvars
# shellcheck disable=SC1091
source /etc/apache2/envvars
echo "ServerName $HOSTNAME" > /etc/apache2/conf-available/fqdn.conf
echo "*** Setting Apache's ServerName directive to \"$HOSTNAME\":";
echo "ServerName ${HOSTNAME}" >/etc/apache2/conf-available/fqdn.conf
echo "*** Setting Apache's ServerName directive to \"${HOSTNAME}\":"
a2enconf fqdn >/dev/null
sleep 3;
sleep 3
exec /usr/sbin/apache2 -D FOREGROUND

49
php/core/install-report.sh
View file

@ -1,45 +1,44 @@
#!/bin/bash
UBUNTU_VERSION=$(cat /etc/os-release | grep VERSION= | cut -d'=' -f2 | sed -e 's/\"//g')
PHP_VERSION=$(/usr/bin/php --version | head -n 1 | cut -d' ' -f2 | cut -d'-' -f1);
COMPOSER_VERSION=$(/usr/local/bin/composer --version | cut -d' ' -f 3);
PROJECT_CODE_SIZE=$(du -cBM /app | grep total | cut -f1);
PROJECT_CODE_SIZE_BYTES=$(du -c /app | grep total | cut -f1);
# shellcheck disable=SC1091,SC2312
source /usr/local/lib/marshall_installer
printf "Executing: %b%s%b\n" "${COLOUR_SUCCESS}" "Install Report" "${COLOUR_RESET}"
PHP_VERSION=$(/usr/bin/php --version | head -n 1 | cut -f2 -d' ' | cut -f1 -d'-')
COMPOSER_VERSION=$(/usr/local/bin/composer --version | cut -f3 -d' ')
GIT_VERSION=$(git --version | sed 's|git version ||')
PROJECT_CODE_SIZE=$(du -cBM /app | grep total | cut -f1)
PROJECT_CODE_SIZE_BYTES=$(du -c /app | grep total | cut -f1)
PHP_MODULES=$(/usr/bin/php -m)
MAX_CODE_SIZE_BYTES=100000000;
MAX_CODE_SIZE_BYTES=100000000
MODULES_COLUMNS=6
COLOUR_FAIL='\e[31m'
COLOUR_SUCCESS='\e[32m'
COLOUR_RESET='\e[0m'
[[ $PROJECT_CODE_SIZE_BYTES -gt $MAX_CODE_SIZE_BYTES ]] && COLOUR_CODE_SIZE="${COLOUR_FAIL}" || COLOUR_CODE_SIZE="${COLOUR_SUCCESS}";
[[ ${PROJECT_CODE_SIZE_BYTES} -gt ${MAX_CODE_SIZE_BYTES} ]] && COLOUR_CODE_SIZE="${COLOUR_FAIL}" || COLOUR_CODE_SIZE="${COLOUR_SUCCESS}"
MODULES=("SimpleXML" "dom" "mcrypt" "sodium" "Reflection" "xml" "xsl" "Xdebug" "PDO" "pdo_mysql" "pdo_pgsql" "pdo_sqlite" "mysqlnd" "mysqli" "pgsql" "sqlite3" "tokenizer" "bz2" "zip" "zlib" "apcu" "redis" "mongodb" "memcached" "gd" "exif" "imap" "bcmath" "intl" "json" "ldap" "mbstring" "curl" "soap")
echo -e "Marshall Build: ${COLOUR_SUCCESS}${MARSHALL_VERSION}${COLOUR_RESET} at ${COLOUR_SUCCESS}${MARSHALL_BUILD_DATE}${COLOUR_RESET} on ${COLOUR_SUCCESS}${MARSHALL_BUILD_HOST}${COLOUR_RESET}"
echo -e "Ubuntu Version installed: ${COLOUR_SUCCESS}${UBUNTU_VERSION}${COLOUR_RESET}"
echo -e "PHP Version installed: ${COLOUR_SUCCESS}${PHP_VERSION}${COLOUR_RESET}"
echo -e "Composer Version installed: ${COLOUR_SUCCESS}${COMPOSER_VERSION}${COLOUR_RESET}"
echo -e "Ubuntu Version installed: ${COLOUR_BRIGHT_BLUE}${UBUNTU_VERSION}${COLOUR_RESET}"
echo -e "PHP Version installed: ${COLOUR_BRIGHT_BLUE}${PHP_VERSION}${COLOUR_RESET}"
echo -e "Composer Version installed: ${COLOUR_BRIGHT_BLUE}${COMPOSER_VERSION}${COLOUR_RESET}"
echo -e "Git Version installed: ${COLOUR_BRIGHT_BLUE}${GIT_VERSION}${COLOUR_RESET}"
echo -e "Application Size: ${COLOUR_CODE_SIZE}${PROJECT_CODE_SIZE}${COLOUR_RESET}"
echo -e "PHP Modules installed:"
i=1;
for module in "${MODULES[@]}"
do
([[ $PHP_MODULES =~ "${module}" ]] && \
printf "%b%s%b %-14s " $COLOUR_SUCCESS '✓' $COLOUR_RESET "${module}" \
|| \
printf "%b%s%b %-14s " $COLOUR_FAIL '✕' $COLOUR_RESET "${module}" \
i=1
for module in "${MODULES[@]}"; do
(
[[ ${PHP_MODULES} =~ ${module} ]] &&
printf "%b%s%b %-14s " "${COLOUR_SUCCESS}" "✓" "${COLOUR_RESET}" "${module}" ||
printf "%b%s%b %-14s " "${COLOUR_FAIL}" "✕" "${COLOUR_RESET}" "${module}"
)
if ! (( i % $MODULES_COLUMNS )); then
if ! ((i % MODULES_COLUMNS)); then
echo ""
fi
i=$((i+1));
i=$((i + 1))
done
echo
# @todo This bombs out if it can't read from a restricted repo. Revise later.
#if [ -f /app/composer.json ]; then
# if [ -f /app/composer.lock ]; then
# echo -e "Outdated ${COLOUR_FAIL}Composer${COLOUR_RESET} packages:"
# echo -e "Outdated ${COLOUR_FAIL}Composer${COLOUR_NONE} packages:"
# /usr/local/bin/composer outdated
# fi
#fi

22
php/nginx/letsencrypt.runit
View file

@ -1,19 +1,19 @@
#!/usr/bin/env bash
if [ -z "$LETSENCRYPT_DOMAINS" ]; then
if [[ -z ${LETSENCRYPT_DOMAINS} ]]; then
echo "LetsEncrypt not enabled"
while true; do
sleep infinity
done
fi
if [ -z "$LETSENCRYPT_EMAIL" ]; then
if [[ -z ${LETSENCRYPT_EMAIL} ]]; then
echo "LetsEncrypt not enabled - You must set LETSENCRYPT_EMAIL"
while true; do
sleep infinity
done
fi
if [ "${LETSENCRYPT_MODE,,}" = "production" ]; then
if [[ ${LETSENCRYPT_MODE,,} == "production" ]]; then
echo -e "LetsEncrypt is running against the \e[32mPRODUCTION\e[0m servers."
LETSENCRYPT_MODE=""
else
@ -23,25 +23,25 @@ fi
echo -e "To change this, change the value of LETSENCRYPT_MODE"
# Give Nginx a moment to start before we kill it again.
sleep 30;
sleep 30
echo -e "Certbot is running for \e[33m${LETSENCRYPT_EMAIL}\e[0m / \e[33m${LETSENCRYPT_DOMAINS}\e[0m..."
( \
set -x; \
(
set -x
certbot \
certonly \
--nginx \
$LETSENCRYPT_MODE \
-d $LETSENCRYPT_DOMAINS \
"${LETSENCRYPT_MODE}" \
-d "${LETSENCRYPT_DOMAINS}" \
-n \
-m $LETSENCRYPT_EMAIL \
--agree-tos \
-m "${LETSENCRYPT_EMAIL}" \
--agree-tos
)
echo -e "Certbot complete!"
# replace the self-certs with these lovely new certs.
if [ -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem" ]; then
if [[ -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem" ]]; then
sed -i "s|ssl_certificate .*|ssl_certificate /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem;|g" /etc/nginx/sites-enabled/default-ssl
sed -i "s|ssl_certificate_key .*|ssl_certificate_key /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/privkey.pem;|g" /etc/nginx/sites-enabled/default-ssl

2
php/nginx/logs-letsencrypt.finish Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
sleep 1

2
php/nginx/logs-letsencrypt.runit
View file

@ -1,6 +1,4 @@
#!/usr/bin/env bash
if [[ -f /var/log/letsencrypt/letsencrypt.log ]]; then
tail -f /var/log/letsencrypt/letsencrypt.log
else
sleep 1
fi

2
php/nginx/logs-nginx-access.runit
View file

@ -1,2 +1,2 @@
#!/usr/bin/env bash
tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping
tail -f /var/log/nginx/access.log | sed --unbuffered 's|.*\[.*\] |[NGINX] |g' | grep -v /v1/ping || true

2
php/nginx/logs-phpfpm-error.finish Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
sleep 1

10
php/nginx/logs-phpfpm-error.runit
View file

@ -1,6 +1,8 @@
#!/usr/bin/env bash
if [[ -f /var/log/php*-fpm.log ]]; then
tail -f /var/log/php*-fpm.log
else
sleep 1
# for each php-fpm log file, tail it
# if there are no php-fpm log files, sleep for a second
for i in /var/log/php*-fpm.log; do
if [[ -f ${i} ]]; then
tail -f "${i}" &
fi
done

5
php/nginx/nginx.runit
View file

@ -1,10 +1,10 @@
#!/usr/bin/env bash
if [ -z "${SSL_CERTIFICATE}" ]; then
if [[ -z ${SSL_CERTIFICATE} ]]; then
echo "No certificate set, using defaults"
else
echo "Setting /certs/example.crt and /certs/example.key"
echo "${SSL_CERTIFICATE}" >/certs/example.crt
if [ -n "${SSL_CERTIFICATE_CA}" ]; then
if [[ -n ${SSL_CERTIFICATE_CA} ]]; then
echo "Adding CA to /certs/example.crt"
echo "${SSL_CERTIFICATE_CA}" >>/certs/example.crt
fi
@ -12,4 +12,3 @@ else
fi
/usr/sbin/nginx

10
php/nginx/php-fpm.runit
View file

@ -1,8 +1,10 @@
#!/usr/bin/env bash
# Load envs into PHP-fpm's env.conf.
# shellcheck disable=SC1083,SC2312
env | sed "s/\(.*\)=\(.*\)/env[\1]='\2'/" >/etc/php/{{PHP}}/fpm/conf.d/env.conf
if [ "${DEBUG_MODE,,}" = "on" ]; then
if [[ ${DEBUG_MODE,,} == "on" ]]; then
ENABLE_DEBUG_MODE=true
PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-1024M}"
else
@ -10,13 +12,13 @@ else
PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-128M}"
fi
PHP_CLI_MEMORY_LIMIT="${PHP_CLI_MEMORY_LIMIT:-$PHP_MEMORY_LIMIT}"
PHP_CLI_MEMORY_LIMIT="${PHP_CLI_MEMORY_LIMIT:-${PHP_MEMORY_LIMIT}}"
sed -i "s|memory_limit = .*|memory_limit = ${PHP_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/fpm/php.ini
sed -i "s|\[memory_limit\] = .*|\[memory_limit\] = ${PHP_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/fpm/pool.d/www.conf
sed -i "s|memory_limit = .*|memory_limit = ${PHP_CLI_MEMORY_LIMIT}|g" /etc/php/{{PHP}}/cli/php.ini
if [ $ENABLE_DEBUG_MODE = true ]; then
if [[ ${ENABLE_DEBUG_MODE} == true ]]; then
echo -e "#Controlled via DEBUG_MODE environment variable\nzend_extension=xdebug.so\n[xdebug]\n\
xdebug.mode=debug\n\
xdebug.discover_client_host=true\n\
@ -32,5 +34,5 @@ else
fi
echo "To change this, change the value of DEBUG_MODE to either 'on' or 'off'"
# shellcheck disable=SC2288
/usr/sbin/php-fpm{{PHP}} -F -R

23
redis/CODE_OF_CONDUCT.md
View file

@ -1,17 +1,20 @@
This code of conduct outlines our expectations for participants within the open source community. Anyone who violates this code of conduct may be banned from contributing here.
# Requirements
* __Be friendly and patient.__
* __Be welcoming__ _We strive to be a community that welcomes and supports people of all backgrounds and identities._
* __Be respectful__ _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
- **Be friendly and patient.**
- **Be welcoming** _We strive to be a community that welcomes and supports people of all backgrounds and identities._
- **Be respectful** _Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners._
# Unacceptable Behaviour
* Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
* Threats of violence, both physical and psycological.
* Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
* Continued communication after requests to cease.
- Offensive comments related to gender, sexual orientation, disability, mental illness, physical appearance, body size, race, age, regional discrimination, political or religious affiliation.
- Threats of violence, both physical and psycological.
- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm.
- Continued communication after requests to cease.
# Interactions
* Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
* Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
* We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.
- Don't just tell somebody they are wrong, or what they have done is wrong. You must always explain what is wrong, and why it is wrong.
- Don't reject contributions that are partially complete and then go and commit your own version. Try to work with the author to complete their work.
- We encourage everyone to participate and are committed to building a community for all, we seek to treat everyone both as fairly and equally as possible.

Some files were not shown because too many files have changed in this diff Show more