alpine.Dockerfile 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
  1. # syntax=docker/dockerfile:1
  2. #checkov:skip=CKV_DOCKER_2
  3. #checkov:skip=CKV_DOCKER_3
  4. #checkov:skip=CKV_DOCKER_7
  5. FROM php-base AS common
  6. ARG TARGETARCH
  7. WORKDIR /app
  8. RUN apk add --no-cache \
  9. ca-certificates \
  10. libcap \
  11. mailcap
  12. RUN set -eux; \
  13. mkdir -p \
  14. /app/public \
  15. /config/caddy \
  16. /data/caddy \
  17. /etc/caddy; \
  18. sed -i 's/php/frankenphp run/g' /usr/local/bin/docker-php-entrypoint; \
  19. echo '<?php phpinfo();' > /app/public/index.php
  20. COPY --link caddy/frankenphp/Caddyfile /etc/caddy/Caddyfile
  21. RUN curl -sSLf \
  22. -o /usr/local/bin/install-php-extensions \
  23. https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions && \
  24. chmod +x /usr/local/bin/install-php-extensions
  25. CMD ["--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
  26. HEALTHCHECK CMD curl -f http://localhost:2019/metrics || exit 1
  27. # See https://caddyserver.com/docs/conventions#file-locations for details
  28. ENV XDG_CONFIG_HOME=/config
  29. ENV XDG_DATA_HOME=/data
  30. EXPOSE 80
  31. EXPOSE 443
  32. EXPOSE 443/udp
  33. EXPOSE 2019
  34. LABEL org.opencontainers.image.title=FrankenPHP
  35. LABEL org.opencontainers.image.description="The modern PHP app server"
  36. LABEL org.opencontainers.image.url=https://frankenphp.dev
  37. LABEL org.opencontainers.image.source=https://github.com/dunglas/frankenphp
  38. LABEL org.opencontainers.image.licenses=MIT
  39. LABEL org.opencontainers.image.vendor="Kévin Dunglas"
  40. FROM common AS builder
  41. ARG FRANKENPHP_VERSION='dev'
  42. ARG NO_COMPRESS=''
  43. SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
  44. COPY --link --from=golang-base /usr/local/go /usr/local/go
  45. ENV PATH=/usr/local/go/bin:$PATH
  46. # hadolint ignore=SC2086
  47. RUN apk add --no-cache --virtual .build-deps \
  48. $PHPIZE_DEPS \
  49. argon2-dev \
  50. # Needed for the custom Go build
  51. bash \
  52. brotli-dev \
  53. coreutils \
  54. curl-dev \
  55. # Needed for the custom Go build
  56. git \
  57. gnu-libiconv-dev \
  58. libsodium-dev \
  59. # Needed for the file watcher \
  60. cmake \
  61. libstdc++ \
  62. libxml2-dev \
  63. linux-headers \
  64. oniguruma-dev \
  65. openssl-dev \
  66. readline-dev \
  67. sqlite-dev \
  68. upx
  69. # FIXME: temporary workaround for https://github.com/golang/go/issues/68285
  70. WORKDIR /
  71. RUN git clone https://go.googlesource.com/go goroot
  72. WORKDIR /goroot
  73. # Revert https://github.com/golang/go/commit/3560cf0afb3c29300a6c88ccd98256949ca7a6f6 to prevent the crash with musl
  74. RUN git config --global user.email "build@example.com" && \
  75. git config --global user.name "Build" && \
  76. git checkout "$(go env GOVERSION)" && \
  77. git revert 3560cf0afb3c29300a6c88ccd98256949ca7a6f6
  78. WORKDIR /goroot/src
  79. ENV GOHOSTARCH="$TARGETARCH"
  80. RUN ./make.bash
  81. ENV PATH="/goroot/bin:$PATH"
  82. RUN go version
  83. WORKDIR /go/src/app
  84. COPY --link go.mod go.sum ./
  85. RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
  86. WORKDIR /go/src/app/caddy
  87. COPY caddy/go.mod caddy/go.sum ./
  88. RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get
  89. WORKDIR /go/src/app
  90. COPY --link *.* ./
  91. COPY --link caddy caddy
  92. COPY --link internal internal
  93. COPY --link testdata testdata
  94. # Install e-dant/watcher (necessary for file watching)
  95. WORKDIR /usr/local/src/watcher
  96. RUN curl -s https://api.github.com/repos/e-dant/watcher/releases/latest | \
  97. grep tarball_url | \
  98. awk '{ print $2 }' | \
  99. sed 's/,$//' | \
  100. sed 's/"//g' | \
  101. xargs curl -L | \
  102. tar xz --strip-components 1 && \
  103. cmake -S . -B build -DCMAKE_BUILD_TYPE=Release && \
  104. cmake --build build && \
  105. cmake --install build
  106. # See https://github.com/docker-library/php/blob/master/8.3/alpine3.20/zts/Dockerfile#L53-L55
  107. ENV CGO_CFLAGS="-DFRANKENPHP_VERSION=$FRANKENPHP_VERSION $PHP_CFLAGS"
  108. ENV CGO_CPPFLAGS=$PHP_CPPFLAGS
  109. ENV CGO_LDFLAGS="-lssl -lcrypto -lreadline -largon2 -lcurl -lonig -lz $PHP_LDFLAGS"
  110. WORKDIR /go/src/app/caddy/frankenphp
  111. RUN GOBIN=/usr/local/bin go install -tags 'nobadger,nomysql,nopgx' -ldflags "-w -s -extldflags '-Wl,-z,stack-size=0x80000' -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" && \
  112. setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \
  113. ([ -z "${NO_COMPRESS}" ] && upx --best /usr/local/bin/frankenphp || true) && \
  114. frankenphp version
  115. WORKDIR /go/src/app
  116. FROM common AS runner
  117. ENV GODEBUG=cgocheck=0
  118. # copy watcher shared library (libgcc and libstdc++ are needed for the watcher)
  119. COPY --from=builder /usr/local/lib/libwatcher* /usr/local/lib/
  120. RUN apk add --no-cache libstdc++ && \
  121. ldconfig /usr/local/lib
  122. COPY --from=builder /usr/local/bin/frankenphp /usr/local/bin/frankenphp
  123. RUN setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \
  124. frankenphp version