From 33c279b72545e732ac42716c6ee0c9c8e3413e3e Mon Sep 17 00:00:00 2001 From: Gilles Mouchet Date: Sat, 23 Nov 2024 18:43:03 +0100 Subject: [PATCH] vdg original --- .dockerignore | 19 ++ .env.dist | 3 + .gitignore | 13 ++ .gitlab-ci.yml | 84 ++++++++ README.md | 85 ++++++++ cacerts/adsubca.crt | 44 ++++ cacerts/ca-elastic.pem | 19 ++ cacerts/rootvdgca_ROOTVDG-CA.crt | 29 +++ docker.sh | 196 ++++++++++++++++++ src/drupal_php/8.1-fpm-alpine/Dockerfile | 39 ++++ .../8.1-fpm-alpine/Dockerfile-tests | 19 ++ src/drupal_php/8.1-fpm-alpine/php.ini | 21 ++ src/drupal_php/8.1-fpm-alpine/xdebug.ini | 9 + src/drupal_php/8.1-fpm-alpine3.18/Dockerfile | 41 ++++ .../8.1-fpm-alpine3.18/Dockerfile-tests | 19 ++ src/drupal_php/8.1-fpm-alpine3.18/php.ini | 21 ++ src/drupal_php/8.1-fpm-alpine3.18/xdebug.ini | 9 + src/vdg_php/8.3-fpm-alpine/Dockerfile | 26 +++ src/vdg_php/8.3-fpm-alpine/Dockerfile-tests | 18 ++ src/vdg_php/8.3-fpm-alpine/php.ini | 21 ++ src/vdg_php/8.3-fpm-alpine/xdebug.ini | 9 + 21 files changed, 744 insertions(+) create mode 100644 .dockerignore create mode 100644 .env.dist create mode 100644 .gitignore create mode 100644 .gitlab-ci.yml create mode 100644 README.md create mode 100644 cacerts/adsubca.crt create mode 100644 cacerts/ca-elastic.pem create mode 100644 cacerts/rootvdgca_ROOTVDG-CA.crt create mode 100755 docker.sh create mode 100644 src/drupal_php/8.1-fpm-alpine/Dockerfile create mode 100644 src/drupal_php/8.1-fpm-alpine/Dockerfile-tests create mode 100644 src/drupal_php/8.1-fpm-alpine/php.ini create mode 100644 src/drupal_php/8.1-fpm-alpine/xdebug.ini create mode 100644 src/drupal_php/8.1-fpm-alpine3.18/Dockerfile create mode 100644 src/drupal_php/8.1-fpm-alpine3.18/Dockerfile-tests create mode 100644 src/drupal_php/8.1-fpm-alpine3.18/php.ini create mode 100644 src/drupal_php/8.1-fpm-alpine3.18/xdebug.ini create mode 100644 src/vdg_php/8.3-fpm-alpine/Dockerfile create mode 100644 src/vdg_php/8.3-fpm-alpine/Dockerfile-tests create mode 100644 src/vdg_php/8.3-fpm-alpine/php.ini create mode 100644 src/vdg_php/8.3-fpm-alpine/xdebug.ini diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..c42f185 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,19 @@ +**/*.log +**/*.sw* +**/*.md +**/*.php~ +**/._* +**/.dockerignore +**/.DS_Store +**/.git/ +**/.gitattributes +**/.gitignore +**/.gitkeep +**/.gitmodules +**/Dockerfile +**/Thumbs.db +**/.editorconfig +**/.php_cs.cache +**/.travis.yml +**/*.env +**/*.gitlab-ci.yml diff --git a/.env.dist b/.env.dist new file mode 100644 index 0000000..4c6397a --- /dev/null +++ b/.env.dist @@ -0,0 +1,3 @@ +DOCKER_REGISTRY=registry-docker.ville-geneve.ch +DOCKER_REGISTRY_USER=k8s-user +DOCKER_REGISTRY_PASSWORD=TORETRIEVEFROMKEEPASS diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..952fab9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +# Ignore .env files as they are personal +**/.env +*.sql + +# Ignore ide files +.idea/ +.vscode/ + +# Ignore temps files +**/.DS_Store +**/*.sw* +**/*.php~ +**/Thumbs.db diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..df149fc --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,84 @@ +image: docker:24.0.6 +services: + - docker:24.0.6-dind + +#Global variables +variables: + GIT_STRATEGY: clone + FF_NETWORK_PER_BUILD: "true" # activate container-to-container networking. (don't define "network_mode" in docker runner config) + DOCKER_TLS_CERTDIR: "" + PROJECT_NAME: "DOCKER_IMAGE" + +# Pas de merge request pipeline +workflow: + rules: + - if: $CI_PIPELINE_SOURCE != 'merge_request_event' + +stages: + - Build + +############################################################################## +###### STAGE BUILD ########################################################### +############################################################################## +build_image: + stage: Build + tags: + - dind + script: + - | + apk update && apk add curl bash git grep jq + + # Install VDG CA + curl $IP_VDG_CERTIFICATE/certs/rootvdgca_ROOTVDG-CA.crt > /usr/local/share/ca-certificates/rootvdgca.crt + curl $IP_VDG_CERTIFICATE/certs/adsubca.crt > /usr/local/share/ca-certificates/adsubca.crt + update-ca-certificates + + # Vérification du format du tag lié au commit + if ! [[ "$CI_COMMIT_TAG" =~ @ ]] ; then echo -e "\e[1;31mERROR - Bad commit tag (missing @) $CI_COMMIT_TAG\e[0m" ; exit 1 ; fi + if ! [[ "$CI_COMMIT_TAG" =~ % ]] ; then echo -e "\e[1;31mERROR - Bad commit tag (missing %) $CI_COMMIT_TAG\e[0m" ; exit 1 ; fi + + # Traitement du tag - Supprime à partir du @xxx + IMG_TYPE_TAG="$(echo $CI_COMMIT_TAG | cut -f1 -d@)" + # Récupération du type d'image (p.ex drupal_php, musinfo_php,...) + IMG_TYPE="$(echo $IMG_TYPE_TAG | cut -f1 -d%)" + echo "$IMG_TYPE" + # Récupération du tag (p.ex 8.1-fpm-alpine, 8.1-fpm-alpine3.18, ...) + IMG_TAG="$(echo $IMG_TYPE_TAG | cut -f2 -d%)" + echo "$IMG_TAG" + + # Vérification des formats pour que le nom de l'image soit correct + if ! [[ "$(echo "$IMG_TYPE" | grep -s -E '^[a-z]+_[a-z]+([a-z_-]+)?$')" ]] ; then echo -e "\e[1;31mERROR - Bad format for type $IMG_TYPE\e[0m" ; exit 1 ; fi + if ! [[ "$(echo "$IMG_TAG" | grep -s -E '^[0-9]+\.[0-9]+(\.[0-9]+)?-fpm-alpine([0-9]+\.[0-9]+)?$')" ]] ; then echo -e "\e[1;31mERROR - Bad format for tag $IMG_TAG\e[0m" ; exit 1 ; fi + if [ ! -d "src/$IMG_TYPE/$IMG_TAG" ]; then echo -e "\e[1;31mERROR - Le répertoire pour l'image de base $IMG_TYPE avec le tag $IMG_TAG n'existe pas.\e[0m" ; exit 1 ; fi + + # Push on nexus and try to connect + docker login -u $NEXUS_3_USER -p $NEXUS_3_PASSWORD $NEXUS_3_DOCKER_REGISTRY + echo -e "\e[1;36mBuilding base image $IMG_TYPE with tag $IMG_TAG\e[0m" + docker build --build-arg IMG_TAG="$IMG_TAG" --build-arg DIR_ARG="src/${IMG_TYPE}/$IMG_TAG" --add-host gitlab.ville-geneve.ch:10.104.1.28 --pull --no-cache -t $NEXUS_3_DOCKER_REGISTRY/$SITE_CONTAINER_URL/$IMG_TYPE:$IMG_TAG -f ./src/${IMG_TYPE}/$IMG_TAG/Dockerfile . || exit 1 + if curl -k -u $NEXUS_3_USER:$NEXUS_3_PASSWORD --silent -f -IlSL https://$NEXUS_3_DOCKER_REGISTRY/v2/$SITE_CONTAINER_URL/$IMG_TYPE/manifests/$IMG_TAG > /dev/null; then + echo -e "\e[1;33mDeleting previous image $IMG_TYPE with tag $IMG_TAG!\e[0m" + Manifest_SHA256=$(curl -u $NEXUS_3_USER:$NEXUS_3_PASSWORD -s "https://$NEXUS_3_SERVER/service/rest/v1/search?name=${SITE_CONTAINER_URL}/${IMG_TYPE}&version=$IMG_TAG" | jq '.items[].assets[].checksum.sha256' | sed -e 's|"||g') + echo "Manifest_SHA256=$Manifest_SHA256" + curl -u $NEXUS_3_USER:$NEXUS_3_PASSWORD -is -X DELETE "https://$NEXUS_3_DOCKER_REGISTRY/v2/$SITE_CONTAINER_URL/$IMG_TYPE/manifests/sha256:$Manifest_SHA256" + fi + docker push $NEXUS_3_DOCKER_REGISTRY/$SITE_CONTAINER_URL/$IMG_TYPE:$IMG_TAG || exit 1 + echo -e "\e[1;36mBuilding tests image ${IMG_TYPE} with tag ${IMG_TAG}-tests\e[0m" + # To avoid error: + # 'Head "https://registry-docker.ville-geneve.ch/v2/devspe/docker-base-image/drupal_php/manifests/8.1-fpm-alpine3.18": + # x509: certificate signed by unknown authority' + # Need to force docker pull the base image from registy before!!!! + docker pull $NEXUS_3_DOCKER_REGISTRY/$SITE_CONTAINER_URL/$IMG_TYPE:$IMG_TAG || exit 1 + docker build --build-arg IMG_TAG="$IMG_TAG" --build-arg DIR_ARG="src/${IMG_TYPE}/$IMG_TAG" --build-arg IMG_NAME="$NEXUS_3_DOCKER_REGISTRY/$SITE_CONTAINER_URL/$IMG_TYPE" --add-host gitlab.ville-geneve.ch:10.104.1.28 --no-cache -t $NEXUS_3_DOCKER_REGISTRY/$SITE_CONTAINER_URL/$IMG_TYPE:${IMG_TAG}-tests -f ./src/${IMG_TYPE}/$IMG_TAG/Dockerfile-tests . || exit 1 + if curl -k -u $NEXUS_3_USER:$NEXUS_3_PASSWORD --silent -f -IlSL https://$NEXUS_3_DOCKER_REGISTRY/v2/$SITE_CONTAINER_URL/$IMG_TYPE/manifests/${IMG_TAG}-tests > /dev/null; then + echo -e "\e[1;33mDeleting previous image ${IMG_TYPE} with tag ${IMG_TAG}-tests!\e[0m" + Manifest_Tests_SHA256=$(curl -u $NEXUS_3_USER:$NEXUS_3_PASSWORD -s "https://$NEXUS_3_SERVER/service/rest/v1/search?name=${SITE_CONTAINER_URL}/${IMG_TYPE}&version=${IMG_TAG}-tests" | jq '.items[].assets[].checksum.sha256' | sed -e 's|"||g') + echo "Manifest_Tests_SHA256=$Manifest_Tests_SHA256" + curl -u $NEXUS_3_USER:$NEXUS_3_PASSWORD -is -X DELETE "https://$NEXUS_3_DOCKER_REGISTRY/v2/$SITE_CONTAINER_URL/$IMG_TYPE/manifests/sha256:$Manifest_Tests_SHA256" + fi + docker push $NEXUS_3_DOCKER_REGISTRY/$SITE_CONTAINER_URL/$IMG_TYPE:${IMG_TAG}-tests || exit 1 + + + rules: + - if: $CI_COMMIT_TAG != null + when: manual + diff --git a/README.md b/README.md new file mode 100644 index 0000000..a9324d7 --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +# Drupal - image docker PHP-FPM de base + +## Introduction +Ce dépôt permet de créer et de pousser l'image docker 'PHP-FPM' de base pour les sites web de la Ville de Genève. + +Il se base sur une image `php` avec un *tag* identique aux versions officielles du type `#.#-fpm-alpine#.#`, `#.#.#-fpm-alpine#.#`, `#.#-fpm-alpine` ou `#.#.#-fpm-alpine` en y ajoutant les paquets et librairies nécessaires afin de pouvoir compiler une image *php* type utilisée par les sites Web de la Ville. + +Il crée également à partir de l'image de base une image pour les tests unitaires en ajoutant `xdebug` à l'image de base. + +## CI/CD +La *CI* se déclenche uniquement après avoir tagué une version dans *gitlab* qui reprend le type d'image `type_image` (p.ex `drupal_php`, `vdg_php`, etc...) et le *tag* de l'image officielle `#.#-fpm-alpine#.#` en y ajoutant un numéro de version sous la forme `type_image%#.#-fpm-alpine#.#@##` ou un commentaire `type_image%#.#-fpm-alpine#.#@commetaire-explicatif` + +Le *build* des images de base et de tests est lancé manuellement depuis le menu : *Pipelines* dans *gitlab*. + +Les images sont ensuite déposées dans le dépôt de la Ville de Genève. + +Si une image avec le même tag existe déjà dans le dépôt, elle est remplacée par la nouvelle. +Cela permet de mettre à jour les versions mineures de PHP. + +## Structure +Chaque version liée à une image officielle `#.#-fpm-alpine#.#` doit être associée à un sous dossier correspondant au type d'image `type_image` suivi d'un sous dossier `#.#-fpm-alpine#.#` contenant les fichiers `Dockerfile`, `Dockerfile-tests`, `php.ini` et `xdebug.ini`, par exemple : +``` +src +├── drupal_php + └── 8.1-fpm-alpine3.18 + ├── Dockerfile + ├── Dockerfile-tests + ├── php.ini + └── xdebug.ini +``` + +Pour créer une nouvelle image, il est tout à fait conseillé de partir d'une copie d'un dossier existant et de l'adapter pour préparer les nouvelles images de base et de tests pour les sites Web. + +Une fois l'image validée localement, il suffit de la commiter dans *gitlab* et d'ajouter un nouveau *tag* pour lancer la *CI*. + +## Environnement local +Localement, il est possible de récupérer les images à partir du dépôt VdG ou de la reconstruire à des fins de tests en utilisant le script `docker.sh`. + +Pour initialiser l'environnement local, cloner le projet et rendre le script `docker.sh` exécutable : +```bash +chmod +x docker.sh +``` +Créer ensuite un fichier `.env` à partir du fichier `.env.dist` : +```bash +cp .env.dist .env +chmod 600 .env +``` +Récupérer dans le *KeePass* les informations de connexion à la registry *Nexus* et renseigner la variable `REGISTRY_PASSWORD` dans le fichier `.env`. + +### Commandes locales +Pour télécharger localement l'image de base `type_image` avec le *tag* `#.#-fpm-alpine#.#` depuis le dépôt VdG, il faut lancer la commande : +``` +./docker.sh -n type_image -t #.#-fpm-alpine#.# pull +``` + +Pour télécharger localement l'image de tests avec le *tag* `#.#-fpm-alpine#.#-tests` depuis le dépôt VdG, il faut lancer la commande : +``` +./docker.sh -n type_image -t #.#-fpm-alpine#.# pull-tests +``` + +Pour reconstuire localement les 2 images `type_image` associées au *tag* `#.#-fpm-alpine#.#`, il faut lancer la commande : +``` +./docker.sh -n type_image -t #.#-fpm-alpine#.# build +``` + +Pour se connecter dans l'image de base nouvellement téléchargée ou reconstruite : +``` +./docker.sh -n type_image -t #.#-fpm-alpine#.# bash +``` + +Pour se connecter dans l'image de tests nouvellement téléchargée ou reconstruite : +``` +./docker.sh -n type_image -t #.#-fpm-alpine#.# bash-tests +``` + +L'aide en ligne de la commande `docker.sh` et la liste complète des options peut être affichée avec la commande : +```bash +./docker.sh help +``` + +**Notes :** +- Si le *type de l'image* et/ou le *tag* n'est pas renseigné, il sera demandé avant l'exécution de la commande souhaitée. +- Le bon format du *type* et du *tag* sont également validés par le script et la *CI*. + + diff --git a/cacerts/adsubca.crt b/cacerts/adsubca.crt new file mode 100644 index 0000000..ab4effa --- /dev/null +++ b/cacerts/adsubca.crt @@ -0,0 +1,44 @@ +-----BEGIN CERTIFICATE----- +MIIHvTCCBaWgAwIBAgITHwAAAAKyjqAX9cpu+wAAAAAAAjANBgkqhkiG9w0BAQsF +ADAVMRMwEQYDVQQDEwpST09UVkRHLUNBMB4XDTE2MDMwNDE1MzQ1MloXDTMxMDMw +NDE1NDQ1MlowYDESMBAGCgmSJomT8ixkARkWAmNoMRwwGgYKCZImiZPyLGQBGRYM +dmlsbGUtZ2VuZXZlMRkwFwYKCZImiZPyLGQBGRYJYWN0aXZlZGlyMREwDwYDVQQD +EwhBRFNVQi1DQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL3oUVrm +ANM+gwP9hNu+1R5rH0V4WvFKOR8Q0vAW5bHVQuBvUHHaSA+vFmKI5Zjmg3WWbG6Z +Xeot2LX264NaF9tfXwRP4XxcmeEzMkAdXTpWCNJtx91l/tgPK1MoiKvHjjxo0Df8 +h5BooHSPtzvPH2JsXVZi4J+bzy/hdHxFR8q3cYfILIPp8Bayf2rolfz1zCii4vok +jA3TBiisilMdwbtJ0UnxrJhoedbewhewYAmwWtO0eBifZ/h3qoad1lHiQocXX9CD +7nJCO1wRS/sry56sJ9pCILrihl90IRASbd2bo0eFgb1hAfdAhB9pBgWHSAcKmaH+ +/h2FtF6qznR3jbcN7Pl10lFhwhmaY649xFTJAh8f+LYpFez/qtdzzKqcTVk9irew +xdqVGfpfQnCIoudBbvBSEYtk9BBzMqOdZL79zoHF4mrUuJA7Gd80J/1m/mWa0/tQ +plMJtmM55dDEQb3AFJ5EvuVFGN8hv3uXIxevYyMPzdMNwqnevMBfgNaLyC6Bjatf +rEpc4bCXduVO8XWCIMjsLXem8GwcEuGNVoNABuWGTI36Edw4WOEHg860qFccKHpF +x/jGbBP0ugNGO5h9z9qUG5RMR9K+WiJyKBeIVs9yy7u2Xo5KsZlezxM0rCM4i1L5 +RwtiiKGoY8XTQgYj86jZlUkVkXfQJVDabL7XAgMBAAGjggK5MIICtTAQBgkrBgEE +AYI3FQEEAwIBADAdBgNVHQ4EFgQU6L39rtlANBT0bVzpGQMeSNwXtp0wGQYJKwYB +BAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHwYDVR0jBBgwFoAUaJNPxqGPS2OowOp3NgW5e3DUYr4wggENBgNVHR8EggEE +MIIBADCB/aCB+qCB94aBxGxkYXA6Ly8vQ049Uk9PVFZERy1DQSxDTj1yb290dmRn +Y2EsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz +LENOPUNvbmZpZ3VyYXRpb24sREM9YWN0aXZlZGlyLERDPXZpbGxlLWdlbmV2ZSxE +Qz1jaD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9 +Y1JMRGlzdHJpYnV0aW9uUG9pbnSGLmh0dHA6Ly9wa2kudmlsbGUtZ2VuZXZlLmNo +L0NlcnQvUk9PVFZERy1DQS5jcmwwggEVBggrBgEFBQcBAQSCAQcwggEDMIG6Bggr +BgEFBQcwAoaBrWxkYXA6Ly8vQ049Uk9PVFZERy1DQSxDTj1BSUEsQ049UHVibGlj +JTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixE +Qz1hY3RpdmVkaXIsREM9dmlsbGUtZ2VuZXZlLERDPWNoP2NBQ2VydGlmaWNhdGU/ +YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MEQGCCsGAQUF +BzAChjhodHRwOi8vcGtpLnZpbGxlLWdlbmV2ZS5jaC9DZXJ0L3Jvb3R2ZGdjYV9S +T09UVkRHLUNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAUNqxltMUi3WiW2hB8oWC +SNAwnjj4AftkQOE5IYlQARmhitRrJwdppRd5Zq454+JW/ibJN3I7ggk7nWnEyxq4 +0/iQW0A913OXUQzvrLdNvD389Z36Zby/qksG3RymNF0TQoEOUeDCGMQVQoeNb2+0 +4O2OJovKTEmOKs9alVA8yk5XCSM1sMx6V7rqDLvBRUYyLTGpcfOLZ9mamf/kTzyY +FbMMS/WGe6pCpNgA75csvvLSMd4hliwZ7jQ2RvQ8Hw8cCQVFxKATJ/Egbp2Lp4r/ +eYTEAcIjj3+xChCu0cRLK4kNHE4CXVbJIZ+FoPZ5WuU4XL3+kxLwP0pNHxWB4Bxv +eGb05UmTa6LTEFfzWQfQ+s7gJsEBexnle+62bHRXk33UUQ0zOWysMXBjro+9Zlfb +lgZ/Lip6VIQpNbRmHq2offovwZ0Ppe0133Cn2s4kDont4db+N+D1qE1gaDjkIeA6 +W05u0Ji7rWEVNN4B6I3MghKCTnbK5mZ6KwK07RDCekgBfT/OwGEMhTBKeKVW+IFk +yZ8CdowyY6at6J/CD3pjFxECx7w/70xmzMm6lIfpbhBkjTlRqKsAhJ6fhYrITqz6 +qv2Tlz9OdgrmW/+Ll3RCb6El9TkEE7ZLO2wyDQ9CLqanZJ67BS1QWipCUaIdTxfD +ZXCXjnWXEMBP6jLtx9PUfkI= +-----END CERTIFICATE----- diff --git a/cacerts/ca-elastic.pem b/cacerts/ca-elastic.pem new file mode 100644 index 0000000..5567c44 --- /dev/null +++ b/cacerts/ca-elastic.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAe+gAwIBAgIUekWRseotQxLPETtZHUXHL5nJqXUwDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHSGVsbSBDQTAgFw0yMzEyMDYwOTA0NTNaGA8yNTIzMDgw +NzA5MDQ1M1owEjEQMA4GA1UEAwwHSGVsbSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMv6D1GCHIqu+5xM9PTM3hvIh4+YEvpTLMcHQ/Vde5Vr5RWD +2OVeaboHNh26CoP/buCz2ptwWQNFR0vng7E6yhtggwZVdPiHUEaGlCaUYYktyASY +bVqoSbU6jmI5gWzZ8InlsoniknJnapiFePAmfh2fNGVVlOvyHKaz10XutUtKStHL +1tgHf2jqZaiRQSFSOszv6CPICioOsFM9+IZ0HrLW7EwXWbJxUh8FeUAmO3NgfuM2 +yL4OzSL5+8oWhk6sy7Tm5exdKdgTNGTidiQKQORnljmlYF7tr4SjP7y/pUVSBx7A +ysfhU+Eh2NtECmY4XKpeR/XmkV0YIepJZJ3PIvkCAwEAAaNTMFEwHQYDVR0OBBYE +FMN6KL5Kk/oP+TgIZc6jPxR+FDN0MB8GA1UdIwQYMBaAFMN6KL5Kk/oP+TgIZc6j +PxR+FDN0MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALnHhlGw +WTwIOgSjd+HcT0pe4yVlRwcpQCQcIF7AfRwvGufh+Od0xWy0PrJJ5yA99sv/oAvl +PnXInc8yNHB4N49a3WYCfzPot/x05vF4ZLmvlDhLlkkwLOuZlOjgLbiebt0qK8gV +CFzpJ4JkI7ybiy41Z33aeu2/o8+gtAtMG/pbldcjnou0IqEnYiCYExaiMNL8AViq +w7h1uxKiW72rUA1lemQtHo79XBsMnzQSycs0qDzvPLBq8bCFMlt7TQ1VE1lHzHXn +Or3wTMupkM5rf+hJCI1FRw7Mfq2a0S1Nqx0Wgeb1fDFz5n8UM8SVy3/YCiFk9KgQ +pbLMHUzmxxFFX8A= +-----END CERTIFICATE----- diff --git a/cacerts/rootvdgca_ROOTVDG-CA.crt b/cacerts/rootvdgca_ROOTVDG-CA.crt new file mode 100644 index 0000000..31b262c --- /dev/null +++ b/cacerts/rootvdgca_ROOTVDG-CA.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBTCCAu2gAwIBAgIQGgmrl+6tMbVG/EEZpVHTqzANBgkqhkiG9w0BAQsFADAV +MRMwEQYDVQQDEwpST09UVkRHLUNBMB4XDTE2MDMwMTE2MTkyNFoXDTQ2MDMwMTE2 +MjkyM1owFTETMBEGA1UEAxMKUk9PVFZERy1DQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBALyUsdyNYqTfTLM2GJKyhvfOkgOzM0aXBOS3g3fG7geDA/Hq +IE7Er9XTPIkVGF1+tG5UOSu59Aw2gN6aGj3Mo/JovgNZgUVhW9inFnLy8oPzgeeO +hJIe6JAHpzzpdtpv+Y9H7fkcmJW2a/vIusrs8ezpABxTGoewhQVpyMbUsiW1DFi/ +80BGfMgX+7KRk3KuEoipNCN3LjI8eo+Ndku9boFb4WFnuH/s43YE3zAfT73PogEO +2qnO0XfjAQntfOgNxKzWJTYGwJNET2SiN/ZB+uD/kUnHvzPTK9P5BZm8v8QJHuzx +4RgTCiUBxDjxe+sRvTwU6BWtclqizkLuX7yfwEG3yRy0FoB3ADlcnp+bZrvs5TG2 +yZriI4QHbAM3sN3K1A/yhH+A3ao2x5SphoBkno+XClvKmFjYLZu2zUtmpw2LHjkS +Wxqvt3kxojiwWeGmvkEOejtV6XDMw38tYdqA9n99WK1czRqM+uZnZjW29Z67Qg1u +b7maMDj9U3XsKxNsRYRgbyy07yOR2apviAYrbDFqBejPSVWnwDN1IS6wS4uxsTBb +dZJdNSVbNdWu3mahg+VSCDxenRk9c7gClLSJcgpMAZgV/7Y7da8mlckfjT3dbQue +7VwZc0O4QsjDKcdwcj2MtFrjDT8ufFkYUqZXanOI5soYKsJjARPYiKsFQhL7AgMB +AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRo +k0/GoY9LY6jA6nc2Bbl7cNRivjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B +AQsFAAOCAgEAhYfxrrLgjp4eDwI9R0fBoEnsBAOZIH0Bqp7rPbpot8xQVeZeczGv +6KnedA3lN+E8JoTouPQRTmv9wo4/tlYqkGkl2l8jlccO+27l1SoeV30IUaMvDF6N +I0tWlCnNMGwij52TOe3fk+obpoIUqxbWKYK+iPgoPuf6DTQA/BnUa0w9bDp7coiq +YsW5lFUwv26q9mTzVHQLqRSuA2g8D3tqzxLIn8yaO5LeoN+hr90n2twWx9+5McOo +yKny7frpoHRU0nACKxNc3U8y2a6359ShGlzhIB/32Vavbj0g307R53jHPNwJ8paP +P0Zy0/bNh7WrlWpkUNeZaXYI3eFI15qNDdCMUjaLeiuQHDjRsRx8D0D66T3iobnB +6mlRBJj2QhNhdqBabKDJyVr7ZYp6Ne5y/lAkdPbkFqX1X2X/JgtL9vnzNMBbuoEt +UvikOqjczwMZ9BaoxdJsxAfhWx6AzHU2/u1sCm/3vdp3nQHuyzA+vCBThg3ahf2J +ZoN+ZaKsjdx/+URRbLoE34GLOI8VaTA2krQvmJy/cTKQKpu5x8JO/BQeavPyLYbr +WItdLtCWTTPg6tpv5XZsKQLQhYjxPV2gr2ypifswu3Ayf5icwo6OVp8Hn27yLZYu +hPXjUvFzTPhCc59e+pv+sOPd7icgaSl8Z9urUUVvxqBGfAaNW96syyY= +-----END CERTIFICATE----- diff --git a/docker.sh b/docker.sh new file mode 100755 index 0000000..628c2e8 --- /dev/null +++ b/docker.sh @@ -0,0 +1,196 @@ +#!/bin/bash + +progName="./$(/bin/basename $0)" +vdgRepository="registry-docker.ville-geneve.ch" + +# Fonction d'affichage d'utilisation +function print_usage { +# print +/bin/cat << EOF + +Usage: $progName [options] + +Options: + build Construction des images docker 'PHP-FPM' pour 'drupal' + build-no-cache Construction des images docker 'PHP-FPM' pour 'drupal' sans cache + pull Téléchargement de l'image docker depuis le dépôt '${vdgRepository}' + pull-tests Téléchargement de l'image docker de tests depuis le dépôt '${vdgRepository}' + -t,--tag Variable permettant de définir le de l'image 'PHP-FPM' de base + -n,--type Variable permettant de définir le de l'image + bash Ouverture d'un shell dans le conteneur 'PHP-FPM' de base + bash-tests Ouverture d'un shell dans le conteneur 'PHP-FPM' de tests + bash-root Ouverture d'un shell 'root' dans le conteneur 'PHP-FPM' de base + bash-root-tests Ouverture d'un shell 'root' dans le conteneur 'PHP-FPM' de tests + help,-h,--help Affichage de cette aide + +Exemples: + Pour construire une image 'PHP-FPM' pour 'drupal' (le type et le tag seront demandés) + $progName build + Pour construire une image 'PHP-FPM' pour 'drupal' avec le type '' et le tag '' pour 'drupal' + $progName --type= --tag= build + ou + $progName -n -t build + Pour télécharger l'image 'PHP-FPM' pour 'drupal' avec le type '' et le tag '' depuis le dépôt '${vdgRepository}' + $progName --type= --tag= pull + Pour construire et analyser le contenu de l'image 'PHP-FPM' pour 'drupal' avec comme type '' et comme tag '' + $progName -n -t bash + +EOF +} + + +set -e +_UID=$(id -u) +_GID=$(id -g) +_IMG_REPO="${vdgRepository}/devspe/docker-base-image/php" +_TYPE="" +_TAG="" +DOCKER_REGISTRY="$(grep -s 'DOCKER_REGISTRY=' .env | cut -f2 -d=)" +CYAN='\e[1;36m' +RED='\e[1;31m' +NC='\e[0m' + +if [ $# -eq 0 ]; then + echo "${progName}: you must specify an option" + echo -e "Try '$progName help' for more information.\n" + exit 1 +fi + +while test $# -gt 0 +do + case "$1" in + -n|--type*) + if [[ $1 =~ type= ]]; then + _TYPE="$(echo $1 | cut -f2 -d=)" + shift + else + _TYPE="$2" + shift 2 + fi + ;; + -t|--tag*) + if [[ $1 =~ tag= ]]; then + _TAG="$(echo $1 | cut -f2 -d=)" + shift + else + _TAG="$2" + shift 2 + fi + ;; + build-no-cache) + COMMAND="$1" + shift + ;; + build) + COMMAND="$1" + shift + ;; + pull|pull-tests|pull-test) + COMMAND="$1" + _SUFFIX="$(echo $1 | cut -f2 -d- -s | sed -e 's|^tests\?$|-tests|')" + shift + ;; + bash|bash-tests|bash-test) + COMMAND="$1" + _SUFFIX="$(echo $1 | cut -f2 -d- -s | sed -e 's|^tests\?$|-tests|')" + shift + ;; + bash-root|bash-root-tests|bash-root-test) + COMMAND="$1" + _SUFFIX="$(echo $1 | cut -f2 -d- -s | sed -e 's|^tests\?$|-tests|')" + shift + ;; + -h|--help|help) + print_usage + exit 0 + ;; + *) + echo "${progName}: invalid option -- '$1'!" + echo -e "Try '$progName help' for more information.\n" + exit 1 + ;; + esac +done + +# En l'absence du type de l'image de base le demander +if [ -z "${_TYPE}" ]; then + echo -n "Entrer le type de l'image de base : " + read _TYPE +fi +if [ -z "${_TYPE}" ]; then + echo -e "${RED}Le type est obligatoire !${NC}" + exit 2 +fi +if ! [[ "${_TYPE}" =~ ^[a-z]+_[a-z]+[a-z_-]*$ ]] ; then + echo -e "${RED}Le type doit être de la forme 'vdg_php', 'drupal_php', 'codeigniter_php', 'ci_php' !${NC}" + exit 3 +fi + +# En l'absence du tag de l'image de base le demander +if [ -z "${_TAG}" ]; then + echo -n "Entrer le tag de l'image de base : " + read _TAG +fi +if [ -z "${_TAG}" ]; then + echo -e "${RED}Le tag est obligatoire !${NC}" + exit 2 +fi +if [[ "${_TAG}" =~ -tests?$ ]]; then + _TAG=$(echo "${_TAG}" | sed -e 's|-tests\?$||') +fi +if ! [[ "${_TAG}" =~ ^[0-9]+\.[0-9]+(\.[0-9]+)?-fpm-alpine([0-9]+\.[0-9]+)?$ ]] ; then + echo -e "${RED}Le tag doit être de la forme '#.#-fpm-alpine#.#', '#.#.#-fpm-alpine#.#', '#.#-fpm-alpine' ou '#.#.#-fpm-alpine' !" + exit 3 +fi + +if [ ! -d "src/$_TYPE/$_TAG" ]; then + echo -e "${RED}Le répertoire pour l'image de base $_TYPE avec le tag $_TAG n'existe pas. Veuillez créer la structure.${NC}" + exit 4 +fi + +case "$COMMAND" in + build-no-cache) + echo -e "${CYAN}# Building base image $_TYPE with tag $_TAG:" + docker build --build-arg IMG_TAG="$_TAG" --build-arg DIR_ARG="src/${_TYPE}/$_TAG" --pull --no-cache -t $_IMG_REPO/$_TYPE:$_TAG -f ./src/${_TYPE}/$_TAG/Dockerfile . + echo -e "${CYAN}# Building tests image ${_TYPE} with tag ${_TAG}-tests:" + docker build --build-arg IMG_TAG="$_TAG" --build-arg DIR_ARG="src/${_TYPE}/$_TAG" --build-arg IMG_NAME="$_IMG_REPO/$_TYPE" --no-cache -t $_IMG_REPO/$_TYPE:${_TAG}-tests -f ./src/${_TYPE}/$_TAG/Dockerfile-tests . + ;; + build) + echo -e "${CYAN}# Building base image $_TYPE with tag $_TAG:" + docker build --build-arg IMG_TAG="$_TAG" --build-arg DIR_ARG="src/${_TYPE}/$_TAG" --pull -t $_IMG_REPO/$_TYPE:$_TAG -f ./src/${_TYPE}/$_TAG/Dockerfile . + echo -e "${CYAN}# Building tests image $_TYPE with tag ${_TAG}-tests:" + docker build --build-arg IMG_TAG="$_TAG" --build-arg DIR_ARG="src/${_TYPE}/$_TAG" --build-arg IMG_NAME="$_IMG_REPO/$_TYPE" -t $_IMG_REPO/$_TYPE:${_TAG}-tests -f ./src/${_TYPE}/$_TAG/Dockerfile-tests . + ;; + pull|pull-tests|pull-test) + DOCKER_REGISTRY_USER="$(grep -s 'DOCKER_REGISTRY_USER=' .env | cut -f2 -d=)" + grep -s 'DOCKER_REGISTRY_PASSWORD=' .env | cut -f2 -d= | docker login -u ${DOCKER_REGISTRY_USER} --password-stdin ${DOCKER_REGISTRY} + if [ $? -eq 0 ]; then + docker pull $_IMG_REPO/$_TYPE:$_TAG$_SUFFIX + fi + docker logout ${DOCKER_REGISTRY} + ;; + bash|bash-tests|bash-test) + if [ -z "$(docker image ls -q ${_IMG_REPO}/${_TYPE}:${_TAG}${_SUFFIX} 2>/dev/null)" ]; then + echo -e "${RED}L'image 'PHP-FPM' ${_TYPE} avec le tag '${_TAG}${_SUFFIX}' n'existe pas localement !${NC}" + echo "Vous pouvez la construire avec la commande :" + echo -e " ${progName} -n ${_TYPE} -t ${_TAG} build" + echo "ou la télécharger depuis le dépôt VdG avec la commande :" + echo " ${progName} -n ${_TYPE} -t ${_TAG} pull${_SUFFIX} " + exit 4 + fi + docker run --rm -it ${_IMG_REPO}/${_TYPE}:${_TAG}${_SUFFIX} /bin/sh + ;; + bash-root|bash-root-tests|bash-root-test) + if [ -z "$(docker image ls -q ${_IMG_REPO}/${_TYPE}:${_TAG}${_SUFFIX} 2>/dev/null)" ]; then + echo -e "${RED}L'image 'PHP-FPM' ${_TYPE} avec le tag '${_TAG}${_SUFFIX}' n'existe pas localement !${NC}" + echo "Vous pouvez la construire avec la commande :" + echo -e " ${progName} -n ${_TYPE} -t ${_TAG} build" + echo "ou la télécharger depuis le dépôt VdG avec la commande :" + echo " ${progName} -n ${_TYPE} -t ${_TAG} pull${_SUFFIX} " + exit 4 + fi + docker run --rm --user root -it ${_IMG_REPO}/${_TYPE}:${_TAG}${_SUFFIX} /bin/sh + ;; +esac + +exit 0 diff --git a/src/drupal_php/8.1-fpm-alpine/Dockerfile b/src/drupal_php/8.1-fpm-alpine/Dockerfile new file mode 100644 index 0000000..6e18b70 --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine/Dockerfile @@ -0,0 +1,39 @@ +# Build de l'image applicative +ARG IMG_TAG=$IMG_TAG +FROM php:$IMG_TAG +LABEL maintainer="devops@geneve.ch" + +ARG DIR_ARG=$DIR_ARG +ENV DIR=$DIR_ARG +ENV TZ=Europe/Zurich + +# Installation en tant que user root +RUN apk update && \ + apk add --no-cache rsync libmemcached libmemcached-libs libmemcached-dev zlib zlib-dev \ + openldap-dev libpng libpng-dev libjpeg libjpeg-turbo-dev \ + libwebp libwebp-dev freetype freetype-dev icu-dev autoconf g++ make mysql-client \ + mariadb-connector-c libgomp patch git tzdata poppler-utils && \ + docker-php-ext-install -j$(nproc) pdo_mysql && \ + docker-php-ext-install -j$(nproc) bcmath && \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp && \ + docker-php-ext-install -j$(nproc) gd && \ + docker-php-ext-install -j$(nproc) intl && \ + docker-php-ext-install -j$(nproc) opcache && \ + docker-php-ext-install -j$(nproc) ldap && \ + pecl channel-update pecl.php.net && \ + printf "\n" | pecl install memcached && \ + docker-php-ext-enable memcached && \ + printf "\n" | pecl install igbinary && \ + docker-php-ext-enable igbinary && \ + docker-php-ext-install -j$(nproc) exif && \ + apk del make g++ autoconf && \ + curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer --2 && \ + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +# Certificats VDG +COPY ./cacerts/* /usr/local/share/ca-certificates/ +RUN update-ca-certificates + +COPY ./$DIR/php.ini /usr/local/etc/php/php.ini + +EXPOSE 9000/tcp diff --git a/src/drupal_php/8.1-fpm-alpine/Dockerfile-tests b/src/drupal_php/8.1-fpm-alpine/Dockerfile-tests new file mode 100644 index 0000000..b900e96 --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine/Dockerfile-tests @@ -0,0 +1,19 @@ +# Build de l'image applicative +ARG IMG_TAG=$IMG_TAG +ARG IMG_NAME=$IMG_NAME +FROM $IMG_NAME:$IMG_TAG +LABEL maintainer="devops@geneve.ch" + +ARG DIR_ARG=$DIR_ARG +ENV DIR=$DIR_ARG + +# Installation en tant que user root +RUN apk update && \ +apk add --no-cache make g++ autoconf && \ +pecl channel-update pecl.php.net && \ +printf "\n" | pecl install xdebug-3.1.5 && \ +docker-php-ext-enable xdebug && \ +apk del make g++ autoconf + +COPY ./$DIR/xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini + diff --git a/src/drupal_php/8.1-fpm-alpine/php.ini b/src/drupal_php/8.1-fpm-alpine/php.ini new file mode 100644 index 0000000..2027d75 --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine/php.ini @@ -0,0 +1,21 @@ +; For php.ini production +date.timezone = "Europe/Zurich" +memory_limit = 2G +post_max_size = 32M +upload_max_filesize = 16M +max_execution_time = 30 +max_input_time = 60 +output_buffering = 4096 +; This is the php.ini-production INI file. +zend.exception_ignore_args = On +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_errors = Off +display_startup_errors = Off +mysqlnd.collect_memory_statistics = Off +log_errors = On +error_log = /dev/stderr +zend.assertions = -1 +expose_php = Off diff --git a/src/drupal_php/8.1-fpm-alpine/xdebug.ini b/src/drupal_php/8.1-fpm-alpine/xdebug.ini new file mode 100644 index 0000000..d5401af --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine/xdebug.ini @@ -0,0 +1,9 @@ +zend_extension=xdebug.so + +[xdebug] +xdebug.mode=develop,coverage,debug,profile +xdebug.idekey="vsc" +xdebug.start_with_request=yes +xdebug.log=/dev/stdout +xdebug.client_port=9003 +xdebug.client_host=127.0.0.1 \ No newline at end of file diff --git a/src/drupal_php/8.1-fpm-alpine3.18/Dockerfile b/src/drupal_php/8.1-fpm-alpine3.18/Dockerfile new file mode 100644 index 0000000..645a8d4 --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine3.18/Dockerfile @@ -0,0 +1,41 @@ +# Build de l'image applicative +ARG IMG_TAG=$IMG_TAG +FROM php:$IMG_TAG +LABEL maintainer="devops@geneve.ch" + +ARG DIR_ARG=$DIR_ARG +ENV DIR=$DIR_ARG +ENV TZ=Europe/Zurich + +# Installation en tant que user root +RUN apk update && \ + apk add --no-cache rsync libmemcached libmemcached-libs libmemcached-dev zlib zlib-dev \ + imagemagick imagemagick-dev openldap-dev libpng libpng-dev libjpeg libjpeg-turbo-dev \ + libwebp libwebp-dev freetype freetype-dev icu-dev autoconf g++ make mysql-client \ + mariadb-connector-c libgomp patch git tzdata poppler-utils && \ + docker-php-ext-install -j$(nproc) pdo_mysql && \ + docker-php-ext-install -j$(nproc) bcmath && \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp && \ + docker-php-ext-install -j$(nproc) gd && \ + docker-php-ext-install -j$(nproc) intl && \ + docker-php-ext-install -j$(nproc) opcache && \ + docker-php-ext-install -j$(nproc) ldap && \ + pecl channel-update pecl.php.net && \ + printf "\n" | pecl install memcached && \ + docker-php-ext-enable memcached && \ + printf "\n" | pecl install igbinary && \ + docker-php-ext-enable igbinary && \ + printf "\n" | pecl install imagick && \ + docker-php-ext-enable imagick && \ + docker-php-ext-install -j$(nproc) exif && \ + apk del make g++ autoconf && \ + curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer --2 && \ + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +# Certificats VDG +COPY ./cacerts/* /usr/local/share/ca-certificates/ +RUN update-ca-certificates + +COPY ./$DIR/php.ini /usr/local/etc/php/php.ini + +EXPOSE 9000/tcp diff --git a/src/drupal_php/8.1-fpm-alpine3.18/Dockerfile-tests b/src/drupal_php/8.1-fpm-alpine3.18/Dockerfile-tests new file mode 100644 index 0000000..b900e96 --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine3.18/Dockerfile-tests @@ -0,0 +1,19 @@ +# Build de l'image applicative +ARG IMG_TAG=$IMG_TAG +ARG IMG_NAME=$IMG_NAME +FROM $IMG_NAME:$IMG_TAG +LABEL maintainer="devops@geneve.ch" + +ARG DIR_ARG=$DIR_ARG +ENV DIR=$DIR_ARG + +# Installation en tant que user root +RUN apk update && \ +apk add --no-cache make g++ autoconf && \ +pecl channel-update pecl.php.net && \ +printf "\n" | pecl install xdebug-3.1.5 && \ +docker-php-ext-enable xdebug && \ +apk del make g++ autoconf + +COPY ./$DIR/xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini + diff --git a/src/drupal_php/8.1-fpm-alpine3.18/php.ini b/src/drupal_php/8.1-fpm-alpine3.18/php.ini new file mode 100644 index 0000000..2027d75 --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine3.18/php.ini @@ -0,0 +1,21 @@ +; For php.ini production +date.timezone = "Europe/Zurich" +memory_limit = 2G +post_max_size = 32M +upload_max_filesize = 16M +max_execution_time = 30 +max_input_time = 60 +output_buffering = 4096 +; This is the php.ini-production INI file. +zend.exception_ignore_args = On +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_errors = Off +display_startup_errors = Off +mysqlnd.collect_memory_statistics = Off +log_errors = On +error_log = /dev/stderr +zend.assertions = -1 +expose_php = Off diff --git a/src/drupal_php/8.1-fpm-alpine3.18/xdebug.ini b/src/drupal_php/8.1-fpm-alpine3.18/xdebug.ini new file mode 100644 index 0000000..d5401af --- /dev/null +++ b/src/drupal_php/8.1-fpm-alpine3.18/xdebug.ini @@ -0,0 +1,9 @@ +zend_extension=xdebug.so + +[xdebug] +xdebug.mode=develop,coverage,debug,profile +xdebug.idekey="vsc" +xdebug.start_with_request=yes +xdebug.log=/dev/stdout +xdebug.client_port=9003 +xdebug.client_host=127.0.0.1 \ No newline at end of file diff --git a/src/vdg_php/8.3-fpm-alpine/Dockerfile b/src/vdg_php/8.3-fpm-alpine/Dockerfile new file mode 100644 index 0000000..34137a0 --- /dev/null +++ b/src/vdg_php/8.3-fpm-alpine/Dockerfile @@ -0,0 +1,26 @@ +# Build de l'image applicative +ARG IMG_TAG=$IMG_TAG +FROM php:$IMG_TAG +LABEL maintainer="devops@geneve.ch" + +ARG DIR_ARG=$DIR_ARG +ENV DIR=$DIR_ARG +ENV TZ=Europe/Zurich + +# Installation en tant que user root +RUN apk update && \ + apk add --no-cache rsync tzdata zlib zlib-dev icu-dev oniguruma-dev && \ + docker-php-ext-install -j$(nproc) mysqli && \ + docker-php-ext-install -j$(nproc) pdo_mysql && \ + docker-php-ext-install -j$(nproc) mbstring && \ + docker-php-ext-install -j$(nproc) intl && \ + docker-php-ext-install -j$(nproc) opcache && \ + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +# Certificats VDG +COPY ./cacerts/* /usr/local/share/ca-certificates/ +RUN update-ca-certificates + +COPY ./$DIR/php.ini /usr/local/etc/php/php.ini + +EXPOSE 9000/tcp diff --git a/src/vdg_php/8.3-fpm-alpine/Dockerfile-tests b/src/vdg_php/8.3-fpm-alpine/Dockerfile-tests new file mode 100644 index 0000000..f21c34a --- /dev/null +++ b/src/vdg_php/8.3-fpm-alpine/Dockerfile-tests @@ -0,0 +1,18 @@ +# Build de l'image applicative +ARG IMG_TAG=$IMG_TAG +ARG IMG_NAME=$IMG_NAME +FROM $IMG_NAME:$IMG_TAG +LABEL maintainer="devops@geneve.ch" + +ARG DIR_ARG=$DIR_ARG +ENV DIR=$DIR_ARG + +# Installation en tant que user root +RUN apk update && \ +apk add --no-cache make g++ autoconf linux-headers && \ +pecl channel-update pecl.php.net && \ +printf "\n" | pecl install xdebug-3.3.2 && \ +docker-php-ext-enable xdebug && \ +apk del make g++ autoconf linux-headers + +COPY ./$DIR/xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \ No newline at end of file diff --git a/src/vdg_php/8.3-fpm-alpine/php.ini b/src/vdg_php/8.3-fpm-alpine/php.ini new file mode 100644 index 0000000..2027d75 --- /dev/null +++ b/src/vdg_php/8.3-fpm-alpine/php.ini @@ -0,0 +1,21 @@ +; For php.ini production +date.timezone = "Europe/Zurich" +memory_limit = 2G +post_max_size = 32M +upload_max_filesize = 16M +max_execution_time = 30 +max_input_time = 60 +output_buffering = 4096 +; This is the php.ini-production INI file. +zend.exception_ignore_args = On +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_errors = Off +display_startup_errors = Off +mysqlnd.collect_memory_statistics = Off +log_errors = On +error_log = /dev/stderr +zend.assertions = -1 +expose_php = Off diff --git a/src/vdg_php/8.3-fpm-alpine/xdebug.ini b/src/vdg_php/8.3-fpm-alpine/xdebug.ini new file mode 100644 index 0000000..d5401af --- /dev/null +++ b/src/vdg_php/8.3-fpm-alpine/xdebug.ini @@ -0,0 +1,9 @@ +zend_extension=xdebug.so + +[xdebug] +xdebug.mode=develop,coverage,debug,profile +xdebug.idekey="vsc" +xdebug.start_with_request=yes +xdebug.log=/dev/stdout +xdebug.client_port=9003 +xdebug.client_host=127.0.0.1 \ No newline at end of file