From f7cc681cb06a594845d66f048efbdec0c62ce851 Mon Sep 17 00:00:00 2001 From: LegeBeker Date: Tue, 7 Apr 2026 14:44:24 +0200 Subject: [PATCH 1/6] =?UTF-8?q?=F0=9F=90=B3=20Use=20setupphp/node=20for=20?= =?UTF-8?q?base=20docker=20image?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 115 +++++------------------------------------------------ 1 file changed, 10 insertions(+), 105 deletions(-) diff --git a/Dockerfile b/Dockerfile index 89c8dbf..5dd0fce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,13 @@ -FROM ghcr.io/actions/actions-runner:2.333.1 +FROM setupphp/node:latest USER root -# Set shell with pipefail for better error handling -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN set -ex && apt-get update && apt-get install -y apt-utils ca-certificates curl gnupg iputils-ping libicu-dev sudo --no-install-recommends # Update and install base dependencies RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ - && apt-get update \ - && apt-get install -y --no-install-recommends \ + && apt update \ + && apt install -y --no-install-recommends \ # System build tools autoconf \ automake \ @@ -41,114 +40,15 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ zip \ # Linters/Formatters yamllint \ - && apt-get clean \ + && apt clean \ && rm -rf /var/lib/apt/lists/* -# Add PHP repository and install PHP 8.1, 8.2, 8.3, 8.4, 8.5 and common extensions -RUN add-apt-repository -y ppa:ondrej/php \ - && apt-get update \ - && apt-get install -y --no-install-recommends \ - - # PHP 8.1 with common extensions - php8.1 \ - php8.1-cli \ - php8.1-common \ - php8.1-curl \ - php8.1-gd \ - php8.1-mbstring \ - php8.1-mysqli \ - php8.1-pdo-mysql \ - php8.1-xml \ - php8.1-zip \ - php8.1-bcmath \ - php8.1-opcache \ - php8.1-intl \ - - # PHP 8.2 with common extensions - php8.2 \ - php8.2-cli \ - php8.2-common \ - php8.2-curl \ - php8.2-gd \ - php8.2-mbstring \ - php8.2-mysqli \ - php8.2-pdo-mysql \ - php8.2-xml \ - php8.2-zip \ - php8.2-bcmath \ - php8.2-intl \ - php8.2-opcache \ - - # PHP 8.3 with common extensions - php8.3 \ - php8.3-cli \ - php8.3-common \ - php8.3-curl \ - php8.3-gd \ - php8.3-mbstring \ - php8.3-mysqli \ - php8.3-pdo-mysql \ - php8.3-xml \ - php8.3-zip \ - php8.3-bcmath \ - php8.3-intl \ - php8.3-opcache \ - - # PHP 8.4 with common extensions - php8.4 \ - php8.4-cli \ - php8.4-common \ - php8.4-curl \ - php8.4-gd \ - php8.4-mbstring \ - php8.4-mysqli \ - php8.4-pdo-mysql \ - php8.4-xml \ - php8.4-zip \ - php8.4-bcmath \ - php8.4-intl \ - php8.4-opcache \ - - # PHP 8.5 with common extensions - php8.5 \ - php8.5-cli \ - php8.5-common \ - php8.5-curl \ - php8.5-gd \ - php8.5-mbstring \ - php8.5-mysqli \ - php8.5-pdo-mysql \ - php8.5-xml \ - php8.5-zip \ - php8.5-bcmath \ - php8.5-intl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Configure PHP: Register all PHP versions and set php8.5 as default -RUN update-alternatives --install /usr/bin/php php /usr/bin/php8.1 81 \ - && update-alternatives --install /usr/bin/php php /usr/bin/php8.2 82 \ - && update-alternatives --install /usr/bin/php php /usr/bin/php8.3 83 \ - && update-alternatives --install /usr/bin/php php /usr/bin/php8.4 84 \ - && update-alternatives --install /usr/bin/php php /usr/bin/php8.5 85 \ - && update-alternatives --set php /usr/bin/php8.5 - # Install Composer RUN curl -sS https://getcomposer.org/installer | php -- \ --install-dir=/usr/local/bin \ --filename=composer \ && chmod +x /usr/local/bin/composer -# Install global PHP QA tools needed by workflows that don't run composer install. -# (php-cs-fixer and phpcs are invoked directly in lint workflows.) -RUN curl -fsSL https://cs.symfony.com/download/php-cs-fixer-v3.phar -o /usr/local/bin/php-cs-fixer \ - && chmod +x /usr/local/bin/php-cs-fixer \ - && mkdir -p /opt/composer \ - && COMPOSER_HOME=/opt/composer composer global require --no-interaction --no-progress squizlabs/php_codesniffer:^3 phpstan/phpstan:^2 \ - && ln -sf /opt/composer/vendor/bin/phpcs /usr/local/bin/phpcs \ - && ln -sf /opt/composer/vendor/bin/phpcbf /usr/local/bin/phpcbf \ - && ln -sf /opt/composer/vendor/bin/phpstan /usr/local/bin/phpstan - # Install AWS CLI RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ && unzip awscliv2.zip \ @@ -168,6 +68,11 @@ ENV PATH=$NPM_CONFIG_PREFIX/bin:$PATH RUN npm install -g yarn @redocly/cli typescript \ && pip3 install --no-cache-dir --break-system-packages --ignore-installed blinker aws-sam-cli +RUN adduser --disabled-password --gecos '' runner \ + && usermod -aG sudo runner \ + && mkdir -m 777 -p /home/runner \ + && sed -i 's/%sudo\s.*/%sudo ALL=(ALL:ALL) NOPASSWD : ALL/g' /etc/sudoers + # --- FIX PERMISSIONS --- # After root has run npm, change ownership of the cache and global install # directories to the runner user. This is the crucial step. From 7e09573f62ae5fc896e189656dab97d4619582b8 Mon Sep 17 00:00:00 2001 From: LegeBeker Date: Tue, 7 Apr 2026 15:58:51 +0200 Subject: [PATCH 2/6] =?UTF-8?q?=E2=9C=A8=20Use=20different=20logic=20to=20?= =?UTF-8?q?download=20PHP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 112 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 96 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5dd0fce..ae063fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,18 @@ -FROM setupphp/node:latest +FROM ghcr.io/actions/actions-runner:2.333.1 +ARG PHP_VERSION=all +ENV PHP_VERSION_ALL="8.1 8.2 8.3 8.4 8.5" +ENV PHP_VERSION_DEFAULT="8.5" USER root -RUN set -ex && apt-get update && apt-get install -y apt-utils ca-certificates curl gnupg iputils-ping libicu-dev sudo --no-install-recommends +RUN usermod -aG sudo runner \ + && mkdir -m 777 -p /home/runner \ + && sed -i 's/%sudo\s.*/%sudo ALL=(ALL:ALL) NOPASSWD : ALL/g' /etc/sudoers # Update and install base dependencies RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ - && apt update \ - && apt install -y --no-install-recommends \ + && apt-get update \ + && apt-get install -y --no-install-recommends \ # System build tools autoconf \ automake \ @@ -40,15 +45,9 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ zip \ # Linters/Formatters yamllint \ - && apt clean \ + && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Install Composer -RUN curl -sS https://getcomposer.org/installer | php -- \ - --install-dir=/usr/local/bin \ - --filename=composer \ - && chmod +x /usr/local/bin/composer - # Install AWS CLI RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ && unzip awscliv2.zip \ @@ -68,14 +67,95 @@ ENV PATH=$NPM_CONFIG_PREFIX/bin:$PATH RUN npm install -g yarn @redocly/cli typescript \ && pip3 install --no-cache-dir --break-system-packages --ignore-installed blinker aws-sam-cli -RUN adduser --disabled-password --gecos '' runner \ - && usermod -aG sudo runner \ - && mkdir -m 777 -p /home/runner \ - && sed -i 's/%sudo\s.*/%sudo ALL=(ALL:ALL) NOPASSWD : ALL/g' /etc/sudoers - # --- FIX PERMISSIONS --- # After root has run npm, change ownership of the cache and global install # directories to the runner user. This is the crucial step. RUN chown -R runner:runner /home/runner/.npm /home/runner/.npm-global USER runner + +RUN set -ex \ + && SUDO=sudo \ + && PHP_VERSIONS="$PHP_VERSION_ALL" \ + && DEFAULT_PHP_VERSION="$PHP_VERSION_DEFAULT" \ + && if [ "${PHP_VERSION:-all}" != "all" ]; then \ + PHP_VERSIONS="$PHP_VERSION"; \ + DEFAULT_PHP_VERSION="$PHP_VERSION"; \ + fi \ + && savedAptMark="$($SUDO apt-mark showmanual)" \ + && $SUDO apt-mark auto '.*' > /dev/null \ + && $SUDO apt-get update && $SUDO apt-get install -y --no-install-recommends curl file gnupg jq lsb-release mysql-server postgresql unzip \ + && $SUDO usermod -d /var/lib/mysql/ mysql \ + && $SUDO add-apt-repository -y ppa:git-core/ppa \ + && $SUDO add-apt-repository -y ppa:ondrej/php \ + && $SUDO add-apt-repository -y ppa:ondrej/apache2 \ + && $SUDO install -m 0755 -d /etc/apt/keyrings \ + && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | $SUDO gpg --dearmor -o /etc/apt/keyrings/docker.gpg \ + && $SUDO chmod a+r /etc/apt/keyrings/docker.gpg \ + && echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" | $SUDO tee /etc/apt/sources.list.d/docker.list > /dev/null \ + && $SUDO apt-get update \ + && $SUDO cp -r /etc/apt/sources.list.d /etc/apt/sources.list.d.save \ + && for v in $PHP_VERSIONS; do \ + $SUDO apt-get install -y --no-install-recommends php"$v" \ + php"$v"-dev \ + php"$v"-curl \ + php"$v"-mbstring \ + php"$v"-xml \ + php"$v"-intl \ + php"$v"-mysql \ + php"$v"-pgsql \ + php"$v"-zip; \ + done \ + && $SUDO curl -o /usr/bin/systemctl -sL https://raw.githubusercontent.com/shivammathur/node-docker/main/systemctl-shim \ + && $SUDO chmod a+x /usr/bin/systemctl \ + && $SUDO curl -o /usr/lib/ssl/cert.pem -sL https://curl.se/ca/cacert.pem \ + && curl -o /tmp/pear.phar -sL https://raw.githubusercontent.com/pear/pearweb_phars/master/install-pear-nozlib.phar \ + && php /tmp/pear.phar && rm -f /tmp/pear.phar \ + && $SUDO apt-get install -y --no-install-recommends autoconf automake gcc g++ git \ + && $SUDO apt-get install -y --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \ + && for v in $PHP_VERSIONS; do \ + $SUDO apt-get install -y --no-install-recommends php"$v"-xdebug 2>/dev/null || ($SUDO spc -p "$v" -e xdebug-xdebug/xdebug@master -r verbose) \ + && $SUDO apt-get install -y --no-install-recommends php"$v"-imagick 2>/dev/null || (IMAGICK_LIBS=libmagickwand-dev $SUDO spc -p "$v" -e imagick-imagick/imagick@master -r verbose); \ + done \ + && for tool in php phar phar.phar php-cgi php-config phpize phpdbg; do \ + { [ -e /usr/bin/"$tool""$DEFAULT_PHP_VERSION" ] && $SUDO update-alternatives --set $tool /usr/bin/"$tool""$DEFAULT_PHP_VERSION" || true; } \ + done \ + && $SUDO rm -rf /var/lib/apt/lists/* /tmp/* /var/cache/* /usr/share/doc/* /usr/share/man/* \ + && { [ -z "$savedAptMark" ] || $SUDO apt-mark manual $savedAptMark > /dev/null; } \ + && $SUDO find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r $SUDO apt-mark manual \ + && $SUDO apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && gcc --version \ + && g++ --version \ + && git --version \ + && docker --version \ + && for v in $PHP_VERSIONS; do \ + php"$v" -v; \ + done \ + && php -v + +USER root + +# Install Composer +RUN curl -sS https://getcomposer.org/installer | php -- \ + --install-dir=/usr/local/bin \ + --filename=composer \ + && chmod +x /usr/local/bin/composer + +# Install global PHP QA tools needed by workflows that don't run composer install. +# (php-cs-fixer and phpcs are invoked directly in lint workflows.) +RUN curl -fsSL https://cs.symfony.com/download/php-cs-fixer-v3.phar -o /usr/local/bin/php-cs-fixer \ + && chmod +x /usr/local/bin/php-cs-fixer \ + && mkdir -p /opt/composer \ + && COMPOSER_HOME=/opt/composer composer global require --no-interaction --no-progress squizlabs/php_codesniffer:^3 phpstan/phpstan:^2 \ + && ln -sf /opt/composer/vendor/bin/phpcs /usr/local/bin/phpcs \ + && ln -sf /opt/composer/vendor/bin/phpcbf /usr/local/bin/phpcbf \ + && ln -sf /opt/composer/vendor/bin/phpstan /usr/local/bin/phpstan + +USER runner From b1e9f9637d31c6d39a479f5a3e98902b1239ee98 Mon Sep 17 00:00:00 2001 From: LegeBeker Date: Tue, 7 Apr 2026 16:06:42 +0200 Subject: [PATCH 3/6] =?UTF-8?q?=F0=9F=90=9B=20Fix=20docker=20issues?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ae063fc..f309336 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,12 @@ ENV PHP_VERSION_DEFAULT="8.5" USER root +# Set shell with pipefail for better error handling +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + RUN usermod -aG sudo runner \ - && mkdir -m 777 -p /home/runner \ + && mkdir -p /home/runner \ + && chmod 777 /home/runner \ && sed -i 's/%sudo\s.*/%sudo ALL=(ALL:ALL) NOPASSWD : ALL/g' /etc/sudoers # Update and install base dependencies @@ -121,7 +125,7 @@ RUN set -ex \ { [ -e /usr/bin/"$tool""$DEFAULT_PHP_VERSION" ] && $SUDO update-alternatives --set $tool /usr/bin/"$tool""$DEFAULT_PHP_VERSION" || true; } \ done \ && $SUDO rm -rf /var/lib/apt/lists/* /tmp/* /var/cache/* /usr/share/doc/* /usr/share/man/* \ - && { [ -z "$savedAptMark" ] || $SUDO apt-mark manual $savedAptMark > /dev/null; } \ + && { [ -z "$savedAptMark" ] || echo "$savedAptMark" | xargs -r $SUDO apt-mark manual > /dev/null; } \ && $SUDO find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ | sort -u \ From a38fe53827b23481a1dbd1c986710fb7acdbade7 Mon Sep 17 00:00:00 2001 From: LegeBeker Date: Tue, 7 Apr 2026 16:08:28 +0200 Subject: [PATCH 4/6] =?UTF-8?q?=F0=9F=90=9B=20Ignore=20error?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .hadolint.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.hadolint.yaml b/.hadolint.yaml index 558cce5..1b20d07 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -4,3 +4,4 @@ ignored: - DL3008 # Pin versions in apt get install - DL3013 # Pin versions in pip install - DL3016 # Pin versions in npm install + - SC2086 # Double quote to prevent globbing and word splitting From 8ce6b98d08da3491a252576c17857e12d7f8f20c Mon Sep 17 00:00:00 2001 From: LegeBeker Date: Tue, 7 Apr 2026 16:16:00 +0200 Subject: [PATCH 5/6] =?UTF-8?q?=E2=8F=AA=20Revert=20changes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f309336..b7871e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -125,7 +125,7 @@ RUN set -ex \ { [ -e /usr/bin/"$tool""$DEFAULT_PHP_VERSION" ] && $SUDO update-alternatives --set $tool /usr/bin/"$tool""$DEFAULT_PHP_VERSION" || true; } \ done \ && $SUDO rm -rf /var/lib/apt/lists/* /tmp/* /var/cache/* /usr/share/doc/* /usr/share/man/* \ - && { [ -z "$savedAptMark" ] || echo "$savedAptMark" | xargs -r $SUDO apt-mark manual > /dev/null; } \ + && { [ -z "$savedAptMark" ] || $SUDO apt-mark manual $savedAptMark > /dev/null; } \ && $SUDO find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ | sort -u \ From 20e6bb74c133bf4bd4272a965b71c76adeeafa91 Mon Sep 17 00:00:00 2001 From: LegeBeker Date: Tue, 7 Apr 2026 16:39:19 +0200 Subject: [PATCH 6/6] =?UTF-8?q?=F0=9F=90=9B=20Fix=20issue?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b7871e0..00e780c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex \ && $SUDO find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ | sort -u \ - | xargs -r dpkg-query --search \ + | xargs -r -n 1 /bin/bash -c 'dpkg-query --search "$1" 2>/dev/null || true' _ \ | cut -d: -f1 \ | sort -u \ | xargs -r $SUDO apt-mark manual \