Main synch

.github/workflows/main.yml

@@ -1,15 +1,16 @@
 name: "Build on main"
 on:
+  workflow_dispatch:
   push:
     branches: [ main ]
-  workflow_dispatch:
+
 jobs:
   scheduler:
     name: Build Trigger
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: [ 'buster', 'bullseye' ]
+        version: [ 'buster', 'bullseye', 'bookworm' ]
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/pull_request.yml

@@ -0,0 +1,18 @@
+name: "Pull Request"
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  lint:
+    strategy:
+      matrix:
+        version: [ 'buster', 'bullseye', 'bookworm' ]
+    runs-on: ubuntu-latest
+    container: pipelinecomponents/hadolint:latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/[email protected]
+        with:
+          dockerfile: ./src/${{ matrix.version }}/src/Dockerfile

.github/workflows/schedule.yml

@@ -2,15 +2,15 @@ name: "Build Scheduler"
 on:
   workflow_dispatch:
   schedule:
-  - cron:  '35 1 * * 0'
+  - cron:  '30 3 * * 1'
 
 jobs:
   scheduler:
     name: Build Trigger
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: [ 'buster', 'bullseye' ]
+        version: [ 'buster', 'bullseye', 'bookworm' ]
     steps:
       - name: Checkout
         uses: actions/checkout@v2

src/bookworm/src/Dockerfile

@@ -0,0 +1,123 @@
+FROM openmage/debian:bookworm-latest
+
+COPY root /
+
+## configure default environment stuff and file permissions
+RUN set -xe; \
+    chmod 755 /usr/local/bin/{docker-php-source-prepare,docker-entrypoint,docker-fpm-healthcheck,docker-php-ext-configure,docker-php-ext-enable,docker-php-ext-disable,docker-php-ext-disable,docker-php-ext-install,docker-php-pecl-install,docker-php-source,phpgosu}; \
+    mkdir /home/www-data; \
+    chmod 711 /home/www-data; \
+    chown www-data:www-data /home/www-data; \
+    usermod -d /home/www-data www-data; \
+    \
+        ## block packages from being installed
+    	{ \
+    		echo 'Package: libjpeg*'; \
+    		echo 'Pin: release *'; \
+    		echo 'Pin-Priority: -1'; \
+    	} > /etc/apt/preferences.d/no-libjpeg; \
+    	{ \
+    		echo 'Package: libtiff*'; \
+    		echo 'Pin: release *'; \
+    		echo 'Pin-Priority: -1'; \
+    	} > /etc/apt/preferences.d/no-libtiff; \
+    	{ \
+    		echo 'Package: libwebp*'; \
+    		echo 'Pin: release *'; \
+    		echo 'Pin-Priority: -1'; \
+    	} > /etc/apt/preferences.d/no-libwebp;
+
+ARG IMAGICK_RUNTIME_REQUIREMENTS="libpng16-16 liblcms2-2 libgomp1 libltdl7 bzip2 gosu brotli"
+ARG IMAGICK_RUNTIME_REQUIREMENTS_EXTRA=""
+ARG IMAGICK_BUILD_REQUIREMENTS="curl cmake gcc libtool libedit-dev liblcms2-dev build-essential autoconf automake pkg-config libpng-dev libltdl-dev nasm"
+ARG IMAGICK_BUILD_REQUIREMENTS_EXTRA=""
+ARG IMAGICK_EXTRA_CONFIGURE_ARGS=""
+
+ARG MOZJPEG_EXTRA_CONFIGURE_ARGS=""
+ARG MOZJPEG_VERSION="4.1.1"
+
+ARG TIFF_VERSION="4.6.0"
+ARG TIFF_EXTRA_CONFIGURE_ARGS=""
+
+ARG WEBP_VERSION="1.4.0"
+ARG WEBP_EXTRA_CONFIGURE_ARGS=""
+
+ARG IMAGICK_VERSION="7.1.1-36"
+ARG IMAGICK_EXTRA_CONFIGURE_ARGS=""
+
+ARG OPENJPEG_VERSION="2.5.2"
+
+## configure imagick and the dependencies
+RUN set -xe; \
+    \
+    /usr/local/bin/docker-install-requirements imagick; \
+    ################################################
+    ## install mozjpeg
+    ################################################
+    mkdir -p /tmp/mozjpeg; \
+    cd /tmp/mozjpeg; \
+    docker-package-download -o mozjpeg.tar.gz -s https://codeload.github.com/mozilla/mozjpeg/tar.gz/v${MOZJPEG_VERSION}; \
+    tar --strip 1 -xzf mozjpeg.tar.gz; \
+    cmake -G"Unix Makefiles" -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=/usr/lib -DWITH_JPEG8=true; \
+    make install prefix=/usr libdir=/usr/lib64 ; \
+    ################################################
+    ## install tiff
+    ################################################
+    mkdir -p /tmp/tiff; \
+    cd /tmp/tiff; \
+    docker-package-download -o tiff.tar.gz -s http://download.osgeo.org/libtiff/tiff-${TIFF_VERSION}.tar.gz; \
+    tar --strip 1 -xzf tiff.tar.gz; \
+    ./configure \
+            --prefix=/usr \
+            ${TIFF_EXTRA_CONFIGURE_ARGS:-} \
+            ; \
+    make -j$(nproc); \
+    make install; \
+    ################################################
+    ## install webp
+    ################################################
+    mkdir -p /tmp/libwebp; \
+    cd /tmp/libwebp; \
+    docker-package-download -o libwebp.tar.gz -s https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-${WEBP_VERSION}.tar.gz; \
+    tar --strip 1 -xzf libwebp.tar.gz; \
+    ./configure \
+            --prefix=/usr \
+            ${WEBP_EXTRA_CONFIGURE_ARGS:-} \
+            ; \
+    make -j$(nproc); \
+    make install; \
+    ################################################
+    ## install openjpeg
+    ################################################
+    mkdir -p /tmp/openjpeg; \
+    cd /tmp/openjpeg; \
+    docker-package-download -o openjpeg.tar.gz -s https://codeload.github.com/uclouvain/openjpeg/tar.gz/v${OPENJPEG_VERSION}; \
+    tar --strip 1 -xzf openjpeg.tar.gz; \
+    mkdir build; \
+    cd build; \
+    cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr; \
+    make -j$(nproc); \
+    make install; \
+    ################################################
+    ## install imagick
+    ################################################
+    mkdir -p /tmp/imagemagick; \
+    cd /tmp/imagemagick; \
+    docker-package-download -o imagemagick.tar.gz -s https://codeload.github.com/ImageMagick/ImageMagick/tar.gz/${IMAGICK_VERSION}; \
+    tar --strip 1 -xzf imagemagick.tar.gz; \
+    ./configure \
+            --prefix=/usr \
+            --with-webp \
+            --without-perl \
+            --without-x \
+            --without-xml \
+            --without-pango \
+            --without-jbig \
+            --without-wmf \
+            --with-perl=no \
+            --with-modules \
+            ${IMAGICK_EXTRA_CONFIGURE_ARGS:-} \
+            ; \
+    make -j$(nproc); \
+    make install; \
+    /usr/local/bin/docker-layer-clean

src/bookworm/src/root/etc/apt/preferences.d/debian_main_cmake

@@ -0,0 +1,3 @@
+Package: cmake*
+Pin: release o=Debian,n=stretch,c=main
+Pin-Priority: 600

src/bookworm/src/root/etc/php-src

@@ -0,0 +1,2 @@
+PHP_URL="changeme"
+PHP_SHA256="changeme"

src/bookworm/src/root/usr/local/bin/docker-entrypoint

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+[ "${DEBUG}" = "true" ] && set -x
+
+if [ -z "${KUBERNETES_SERVICE_HOST}" ]; then
+    HOST_DOMAIN="host.docker.internal"
+    ping -q -c1 $HOST_DOMAIN > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+      HOST_IP=$(ip route | awk 'NR==1 {print $3}')
+      echo -e "$HOST_IP\t$HOST_DOMAIN" >> /etc/hosts
+    fi
+fi
+
+set -e
+
+if [ -n "${PHP_EXT_ENABLE}" ]; then
+  docker-php-ext-enable ${PHP_EXT_ENABLE}
+fi
+
+DOCKER_UID=$(stat -c "%u" "${DOCUMENT_ROOT}")
+DOCKER_GID=$(stat -c "%g" "${DOCUMENT_ROOT}")
+
+if [[ "${DOCKER_UID}" -ne "33" || "${DOCKER_GID}" -ne "33" ]] && [[ ! -f /root/.uid-gid-fixed && "${FIX_UID_GID}" = "true" ]]; then
+  CONFLICT_USER=$(getent passwd "${DOCKER_UID}" | cut -d: -f1)
+  CONFLICT_GROUP=$(getent group "${DOCKER_GID}" | cut -d: -f1)
+  echo "Docker: uid = ${DOCKER_UID}, gid = ${DOCKER_GID}"
+  echo "Conflict: user = ${CONFLICT_USER}, group = ${CONFLICT_GROUP}"
+  # Once we've established the ids and incumbent ids then we need to free them
+  # up (if necessary) and then make the change to www-data.
+  CONFLICT_OFFSET=$(( $RANDOM % 10000 + 1))
+  [ ! -z "${CONFLICT_USER}" ] && usermod -u $(expr 50000 - "${CONFLICT_OFFSET}" - "${DOCKER_UID}") "${CONFLICT_USER}"
+  usermod -u "${DOCKER_UID}" www-data
+  [ ! -z "${CONFLICT_GROUP}" ] && groupmod -g $(expr 50000 - "${CONFLICT_OFFSET}" - "${DOCKER_GID}") "${CONFLICT_GROUP}"
+  groupmod -g "${DOCKER_GID}" www-data
+  touch /root/.uid-gid-fixed
+fi
+
+if test -f "/usr/local/bin/docker-entrypoint-custom"; then
+source "/usr/local/bin/docker-entrypoint-custom"
+fi
+
+if [ "$1" = "/usr/local/bin/php" ] || [ "$1" = "php" ]; then
+  exec gosu "${DOCKER_UID}":"${DOCKER_GID}" "$@"
+elif [ "$1" = "console" ]; then
+  set -- "${@:2}"
+  exec gosu "${DOCKER_UID}":"${DOCKER_GID}" "/bin/bash" "${@}"
+elif [ "$1" = "/usr/local/bin/composer" ] || [ "$1" = "composer" ]; then
+  exec gosu "${DOCKER_UID}":"${DOCKER_GID}" "$@"
+elif [ "$1" = "/usr/local/bin/magerun" ] || [ "$1" = "magerun" ]; then
+  exec gosu "${DOCKER_UID}":"${DOCKER_GID}" "$@"
+elif [ "$1" = "/usr/local/bin/magerun2" ] || [ "$1" = "magerun2" ]; then
+  exec gosu "${DOCKER_UID}":"${DOCKER_GID}" "$@"
+elif [ "$1" = "/usr/local/sbin/php-fpm" ] || [ "$1" = "php-fpm" ]; then
+    exec "$@"
+elif  [ "$1" = "/usr/sbin/cron" ] || [ "$1" = "cron" ]; then
+  if test -f "${CRONTAB_CONFIG}"; then
+    echo "Adding crontab in ${CRONTAB_CONFIG}"
+    /usr/bin/crontab -u www-data "${CRONTAB_CONFIG}"
+  fi
+fi
+exec "$@"

src/bookworm/src/root/usr/local/bin/docker-fpm-healthcheck

@@ -0,0 +1,138 @@
+#!/usr/bin/env bash
+# vim: set filetype=sh :
+
+# Author: <Renato Mefi [email protected]> https://github.com/renatomefi
+# The original code lives in https://github.com/renatomefi/php-fpm-healthcheck
+#
+# A POSIX compliant shell script to healthcheck PHP fpm status, can be used only for pinging the status page
+# or check for specific metrics
+#
+# i.e.: ./php-fpm-healthcheck --verbose --active-processes=6
+# The script will fail in case the 'active processes' is bigger than 6.
+#
+# You can combine multiple options as well, the first one to fail will fail the healthcheck
+# i.e.: ./php-fpm-healthcheck --listen-queue-len=10 --active-processes=6
+#
+# Ping mode (exit 0 if php-fpm returned data): ./php-fpm-healthcheck
+#
+# Ping mode with data (outputs php-fpm status text): ./php-fpm-healthcheck -v
+#
+# Exit status codes:
+# 2,9,111 - Couldn't connect to PHP fpm, is it running?
+# 8 - Couldn't reach PHP fpm status page, have you configured it with `pm.status_path = /status`?
+# 1 - A healthcheck condition has failed
+# 3 - Invalid option given
+# 4 - One or more required softwares are missing
+#
+# Available options:
+# -v|--verbose
+#
+# Metric options, fails in case the CURRENT VALUE is bigger than the GIVEN VALUE
+# --accepted-conn=n
+# --listen-queue=n
+# --max-listen-queue=n
+# --idle-processes=n
+# --active-processes=n
+# --total-processes=n
+# --max-active-processes=n
+# --max-children-reached=n
+# --slow-requests=n
+#
+
+set -eu
+
+OPTIND=1 # Reset getopt in case it has been used previously in the shell
+
+# FastCGI variables
+export REQUEST_METHOD="GET"
+export SCRIPT_NAME="/status"
+export SCRIPT_FILENAME="/status"
+FCGI_CONNECT_DEFAULT="localhost:9000"
+
+# Required software
+FCGI_CMD_PATH=$(command -v cgi-fcgi) || { >&2 echo "Make sure fcgi is installed (i.e. apk add --no-cache fcgi). Aborting."; exit 4; }
+command -v sed 1> /dev/null || { >&2 echo "Make sure sed is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; }
+command -v tail 1> /dev/null || { >&2 echo "Make sure tail is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; }
+command -v grep 1> /dev/null || { >&2 echo "Make sure grep is installed (i.e. apk add --no-cache grep). Aborting."; exit 4; }
+
+# Get status from fastcgi connection
+# $1 - cgi-fcgi connect argument
+get_fpm_status() {
+    if test "$VERBOSE" = 1; then printf "Trying to connect to php-fpm via: %s\\n" "$1"; fi;
+
+    # Since I cannot use pipefail I'll just split these in two commands
+    FPM_STATUS=$(env -i REQUEST_METHOD="$REQUEST_METHOD" SCRIPT_NAME="$SCRIPT_NAME" SCRIPT_FILENAME="$SCRIPT_FILENAME" "$FCGI_CMD_PATH" -bind -connect "$1" 2> /dev/null)
+    FPM_STATUS=$(echo "$FPM_STATUS" | tail +5)
+
+    if test "$VERBOSE" = 1; then printf "php-fpm status output:\\n%s\\n" "$FPM_STATUS"; fi;
+
+    if test "$FPM_STATUS" = "File not found."; then
+        >&2 printf "php-fpm status page non reachable\\n";
+        exit 8;
+    fi;
+}
+
+# $1 - fpm option
+# $2 - expected value threshold
+check_fpm_health_by() {
+    OPTION=$(echo "$1" | sed 's/--//g; s/-/ /g;')
+    VALUE_EXPECTED="$2";
+    VALUE_ACTUAL=$(echo "$FPM_STATUS" | grep "^$OPTION" | cut -d: -f2 | sed 's/ //g')
+
+    if test "$VERBOSE" = 1; then printf "'%s' value '%s' and expected is less than '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED"; fi;
+
+    if test "$VALUE_ACTUAL" -gt "$VALUE_EXPECTED"; then
+        >&2 printf "'%s' value '%s' is greater than expected '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED";
+        exit 1;
+    fi;
+}
+
+PARAM_AMOUNT=0
+
+# $1 - fpm option
+# $2 - expected value threshold
+check_later() {
+    # The POSIX sh way to check if it's an integer, also the output is supressed since it's polution
+    if ! test "$2" -eq "$2" 2> /dev/null; then
+        >&2 printf "'%s' option value must be an integer, '%s' given\\n" "$1" "$2"; exit 3;
+    fi
+
+    PARAM_AMOUNT=$(( PARAM_AMOUNT + 1 ))
+
+    eval "PARAM_TO_CHECK$PARAM_AMOUNT=$1"
+    eval "VALUE_TO_CHECK$PARAM_AMOUNT=$2"
+}
+
+# From the PARAM_TO_CHECK/VALUE_TO_CHECK magic variables, do all the checks
+check_fpm_health() {
+    j=1
+    while [ $j -le $PARAM_AMOUNT ]; do
+        eval "CURRENT_PARAM=\$PARAM_TO_CHECK$j"
+        eval "CURRENT_VALUE=\$VALUE_TO_CHECK$j"
+        check_fpm_health_by "$CURRENT_PARAM" "$CURRENT_VALUE"
+        j=$(( j + 1 ))
+    done
+}
+
+if ! GETOPT=$(getopt -o v --long verbose,accepted-conn:,listen-queue:,max-listen-queue:,listen-queue-len:,idle-processes:,active-processes:,total-processes:,max-active-processes:,max-children-reached:,slow-requests: -n 'php-fpm-healthcheck' -- "$@"); then
+    >&2 echo "Invalid options, terminating." ; exit 3
+fi;
+
+eval set -- "$GETOPT"
+
+FCGI_CONNECT="${FCGI_CONNECT:-$FCGI_CONNECT_DEFAULT}"
+
+VERBOSE=0
+
+while test "$1"; do
+    case "$1" in
+        -v|--verbose ) VERBOSE=1; shift ;;
+        --) shift ; break ;;
+        * ) check_later "$1" "$2"; shift 2 ;;
+    esac
+done
+
+FPM_STATUS=false
+
+get_fpm_status "$FCGI_CONNECT"
+check_fpm_health