Skip to content

Commit 95e9049

Browse files
mistralozmistraloz
committed
Fix CI, CVEs
1 parent 2aebf23 commit 95e9049

23 files changed

+132
-93
lines changed

.github/workflows/workflow.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
php_version: ['8.4', '8.3','8.2','8.1']
1919
variant: ['apache','cli','fpm']
2020
# builder: [ {arch: "amd64", os: "ubuntu-latest"}, {arch: "arm64", os: "macos-latest"}]
21-
builder: [ {arch: "amd64", os: "ubuntu-latest"}, {arch: "arm64", os: "ubuntu-latest"}]
21+
builder: [ {arch: "amd64", os: "ubuntu-24.04"}, {arch: "arm64", os: "ubuntu-24.04"}]
2222
runs-on: ${{ matrix.builder.os }}
2323
name: Test ${{ matrix.php_version }}-${{ matrix.variant }} ${{ matrix.builder.arch }} only
2424
steps:
@@ -110,7 +110,7 @@ jobs:
110110
--set "*.output=type=registry" \
111111
php${PHP_VERSION//.}-${{ matrix.variant }}-all
112112
- name: Push artifacts
113-
uses: actions/upload-artifact@v3
113+
uses: actions/upload-artifact@v4
114114
with:
115115
name: ${{ matrix.php_version }}-${{ matrix.variant }}
116116
path: /tmp/tags.log

CHANGELOG.md

+5
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# Change Log
2+
## Version 5
3+
4+
**2025-01-27**
5+
* Upgrade the base version from Ubuntu 20.04 to 24.04
6+
* Default blackfire version is now the version 2 (v1 is still available with BLACKFIRE_VERSION=1 at buildtime but with securities issues)
27

38
## Version 4
49

Dockerfile.apache

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
1414

1515
ARG TARGETOS
1616
ARG TARGETARCH
17-
ARG BLACKFIRE_VERSION=1
17+
ARG BLACKFIRE_VERSION=2
1818

1919
# |--------------------------------------------------------------------------
2020
# | Main PHP extensions

Dockerfile.apache.node

+3-1
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
#syntax=docker/dockerfile-upstream:1
22
# DO NOT EDIT THIS FILE : Make yours changes in /utils/Dockerfile.*.blueprint)
3+
ARG PHP_VERSION="8.4"
4+
ARG GLOBAL_VERSION="v5"
35
ARG REPO="thecodingmachine/php"
46
ARG TAG_PREFIX=""
5-
ARG FROM_IMAGE="${REPO}:${TAG_PREFIX}:${PHP_VERSION}-${GLOBAL_VERSION}-apache"
7+
ARG FROM_IMAGE="${REPO}:${TAG_PREFIX}${PHP_VERSION}-${GLOBAL_VERSION}-apache"
68
FROM $FROM_IMAGE
79
LABEL authors="Julien Neuhart <[email protected]>, David Négrier <[email protected]>"
810
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

Dockerfile.cli

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
1414

1515
ARG TARGETOS
1616
ARG TARGETARCH
17-
ARG BLACKFIRE_VERSION=1
17+
ARG BLACKFIRE_VERSION=2
1818

1919
# |--------------------------------------------------------------------------
2020
# | Main PHP extensions

Dockerfile.cli.node

+3-1
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
#syntax=docker/dockerfile-upstream:1
22
# DO NOT EDIT THIS FILE : Make yours changes in /utils/Dockerfile.*.blueprint)
3+
ARG PHP_VERSION="8.4"
4+
ARG GLOBAL_VERSION="v5"
35
ARG REPO="thecodingmachine/php"
46
ARG TAG_PREFIX=""
5-
ARG FROM_IMAGE="${REPO}:${TAG_PREFIX}:${PHP_VERSION}-${GLOBAL_VERSION}-cli"
7+
ARG FROM_IMAGE="${REPO}:${TAG_PREFIX}${PHP_VERSION}-${GLOBAL_VERSION}-cli"
68
FROM $FROM_IMAGE
79
LABEL authors="Julien Neuhart <[email protected]>, David Négrier <[email protected]>"
810
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

Dockerfile.fpm

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
1414

1515
ARG TARGETOS
1616
ARG TARGETARCH
17-
ARG BLACKFIRE_VERSION=1
17+
ARG BLACKFIRE_VERSION=2
1818

1919
# |--------------------------------------------------------------------------
2020
# | Main PHP extensions

Dockerfile.fpm.node

+3-1
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
#syntax=docker/dockerfile-upstream:1
22
# DO NOT EDIT THIS FILE : Make yours changes in /utils/Dockerfile.*.blueprint)
3+
ARG PHP_VERSION="8.4"
4+
ARG GLOBAL_VERSION="v5"
35
ARG REPO="thecodingmachine/php"
46
ARG TAG_PREFIX=""
5-
ARG FROM_IMAGE="${REPO}:${TAG_PREFIX}:${PHP_VERSION}-${GLOBAL_VERSION}-fpm"
7+
ARG FROM_IMAGE="${REPO}:${TAG_PREFIX}${PHP_VERSION}-${GLOBAL_VERSION}-fpm"
68
FROM $FROM_IMAGE
79
LABEL authors="Julien Neuhart <[email protected]>, David Négrier <[email protected]>"
810
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

Dockerfile.slim.apache

+13-6
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ ENV DEBIAN_FRONTEND=noninteractive
1313
ARG PHP_VERSION
1414
ARG TARGETOS
1515
ARG TARGETARCH
16-
ARG BLACKFIRE_VERSION=1
16+
ARG BLACKFIRE_VERSION=2
1717
ONBUILD ARG TARGETOS=${TARGETOS}
1818
ONBUILD ARG TARGETARCH=${TARGETARCH}
1919
ONBUILD ARG BLACKFIRE_VERSION=${BLACKFIRE_VERSION}
@@ -32,26 +32,32 @@ ENV PHP_VERSION=${PHP_VERSION}
3232

3333
# Install php an other packages
3434
RUN apt update \
35-
&& apt install -y software-properties-common \
35+
&& apt upgrade -y \
36+
&& apt install -y software-properties-common --no-install-recommends \
3637
&& add-apt-repository ppa:ondrej/php \
38+
&& apt remove --purge -y software-properties-common \
39+
&& apt autoremove -y \
3740
&& apt install -y --no-install-recommends \
38-
git \
3941
nano \
4042
sudo \
43+
git \
4144
iproute2 \
42-
openssh-client \
4345
procps \
46+
curl \
4447
unzip \
4548
ca-certificates \
46-
curl \
49+
openssh-client \
50+
&& apt clean \
51+
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
52+
RUN apt update \
53+
&& apt install -y --no-install-recommends \
4754
php${PHP_VERSION}-cli \
4855
php${PHP_VERSION}-curl \
4956
php${PHP_VERSION}-mbstring \
5057
php${PHP_VERSION}-opcache \
5158
php${PHP_VERSION}-readline \
5259
php${PHP_VERSION}-xml \
5360
php${PHP_VERSION}-zip \
54-
&& if [[ "${PHP_VERSION}" =~ ^7 ]]; then apt install -y --no-install-recommends php${PHP_VERSION}-json; fi \
5561
&& apt clean \
5662
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
5763

@@ -403,3 +409,4 @@ ONBUILD RUN if [ -n "$NODE_VERSION" ]; then \
403409
sudo apt clean && \
404410
sudo rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*; \
405411
fi;
412+

Dockerfile.slim.cli

+13-6
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ ENV DEBIAN_FRONTEND=noninteractive
1313
ARG PHP_VERSION
1414
ARG TARGETOS
1515
ARG TARGETARCH
16-
ARG BLACKFIRE_VERSION=1
16+
ARG BLACKFIRE_VERSION=2
1717
ONBUILD ARG TARGETOS=${TARGETOS}
1818
ONBUILD ARG TARGETARCH=${TARGETARCH}
1919
ONBUILD ARG BLACKFIRE_VERSION=${BLACKFIRE_VERSION}
@@ -32,26 +32,32 @@ ENV PHP_VERSION=${PHP_VERSION}
3232

3333
# Install php an other packages
3434
RUN apt update \
35-
&& apt install -y software-properties-common \
35+
&& apt upgrade -y \
36+
&& apt install -y software-properties-common --no-install-recommends \
3637
&& add-apt-repository ppa:ondrej/php \
38+
&& apt remove --purge -y software-properties-common \
39+
&& apt autoremove -y \
3740
&& apt install -y --no-install-recommends \
38-
git \
3941
nano \
4042
sudo \
43+
git \
4144
iproute2 \
42-
openssh-client \
4345
procps \
46+
curl \
4447
unzip \
4548
ca-certificates \
46-
curl \
49+
openssh-client \
50+
&& apt clean \
51+
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
52+
RUN apt update \
53+
&& apt install -y --no-install-recommends \
4754
php${PHP_VERSION}-cli \
4855
php${PHP_VERSION}-curl \
4956
php${PHP_VERSION}-mbstring \
5057
php${PHP_VERSION}-opcache \
5158
php${PHP_VERSION}-readline \
5259
php${PHP_VERSION}-xml \
5360
php${PHP_VERSION}-zip \
54-
&& if [[ "${PHP_VERSION}" =~ ^7 ]]; then apt install -y --no-install-recommends php${PHP_VERSION}-json; fi \
5561
&& apt clean \
5662
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
5763

@@ -308,3 +314,4 @@ ONBUILD RUN if [ -n "$NODE_VERSION" ]; then \
308314
sudo apt clean && \
309315
sudo rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*; \
310316
fi;
317+

Dockerfile.slim.fpm

+13-6
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ ENV DEBIAN_FRONTEND=noninteractive
1313
ARG PHP_VERSION
1414
ARG TARGETOS
1515
ARG TARGETARCH
16-
ARG BLACKFIRE_VERSION=1
16+
ARG BLACKFIRE_VERSION=2
1717
ONBUILD ARG TARGETOS=${TARGETOS}
1818
ONBUILD ARG TARGETARCH=${TARGETARCH}
1919
ONBUILD ARG BLACKFIRE_VERSION=${BLACKFIRE_VERSION}
@@ -32,26 +32,32 @@ ENV PHP_VERSION=${PHP_VERSION}
3232

3333
# Install php an other packages
3434
RUN apt update \
35-
&& apt install -y software-properties-common \
35+
&& apt upgrade -y \
36+
&& apt install -y software-properties-common --no-install-recommends \
3637
&& add-apt-repository ppa:ondrej/php \
38+
&& apt remove --purge -y software-properties-common \
39+
&& apt autoremove -y \
3740
&& apt install -y --no-install-recommends \
38-
git \
3941
nano \
4042
sudo \
43+
git \
4144
iproute2 \
42-
openssh-client \
4345
procps \
46+
curl \
4447
unzip \
4548
ca-certificates \
46-
curl \
49+
openssh-client \
50+
&& apt clean \
51+
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
52+
RUN apt update \
53+
&& apt install -y --no-install-recommends \
4754
php${PHP_VERSION}-cli \
4855
php${PHP_VERSION}-curl \
4956
php${PHP_VERSION}-mbstring \
5057
php${PHP_VERSION}-opcache \
5158
php${PHP_VERSION}-readline \
5259
php${PHP_VERSION}-xml \
5360
php${PHP_VERSION}-zip \
54-
&& if [[ "${PHP_VERSION}" =~ ^7 ]]; then apt install -y --no-install-recommends php${PHP_VERSION}-json; fi \
5561
&& apt clean \
5662
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
5763

@@ -327,3 +333,4 @@ ONBUILD RUN if [ -n "$NODE_VERSION" ]; then \
327333
sudo apt clean && \
328334
sudo rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*; \
329335
fi;
336+

MIGRATING.md

+1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ v5 is mostly fully compatible with v4, the main issue that may happen are relate
88
Important changes:
99
- v4 images are based on **Ubuntu 20.04**. v5 images are based on **Ubuntu 24.04**.
1010
- Removing of all unsupported version (not maintenance/security support : that is still possible to use the old tags/force manually the rebuild)
11+
- Default blackfire version is now the version 2
1112

1213
# Migrating from v3 to v4 images
1314

Makefile

+15-17
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,6 @@ test-8.4: ## Test php8.4 build only
3535
VERSION=8.4 VARIANT=fpm $(MAKE) _test-version
3636

3737
test-node: ## Test node builds only
38-
VERSION=8.4 VARIANT=cli NODE=12 $(MAKE) _test-node
39-
VERSION=8.4 VARIANT=cli NODE=14 $(MAKE) _test-node
40-
VERSION=8.4 VARIANT=cli NODE=16 $(MAKE) _test-node
4138
VERSION=8.4 VARIANT=cli NODE=18 $(MAKE) _test-node
4239
VERSION=8.4 VARIANT=cli NODE=20 $(MAKE) _test-node
4340
VERSION=8.4 VARIANT=cli NODE=22 $(MAKE) _test-node
@@ -67,28 +64,29 @@ clean: ## Clean dangles image after build
6764
rm -rf /tmp/buildx-cache
6865

6966

70-
test-manual-build:
67+
cves:
7168
docker build \
7269
--build-arg PHP_VERSION="8.4" \
73-
--build-arg VARIANT="cli" \
70+
--build-arg VARIANT="apache" \
7471
--build-arg GLOBAL_VERSION="v5" \
75-
--file ./Dockerfile.slim.cli \
72+
--file ./Dockerfile.slim.apache \
7673
--tag testv5-slim \
7774
.
7875
docker --debug build \
7976
--build-arg PHP_VERSION="8.4" \
80-
--build-arg VARIANT="cli" \
77+
--build-arg VARIANT="apache" \
8178
--build-arg GLOBAL_VERSION="v5" \
8279
--build-arg FROM_IMAGE="testv5-slim" \
83-
--file ./Dockerfile.cli \
80+
--file ./Dockerfile.apache \
8481
--tag testv5 \
8582
.
86-
# --target=base \
87-
88-
test-manual-exec:
89-
docker run --rm -it testv5 bash
90-
91-
92-
testtt:
93-
PHP_EXTENSION_SWOOLE=1 php -m | grep -i swoole
94-
PHP_EXTENSION_GETTEXT=1 php -m | grep -i gettext
83+
docker --debug build \
84+
--build-arg PHP_VERSION="8.4" \
85+
--build-arg VARIANT="apache-node22" \
86+
--build-arg NODE_VERSION="22" \
87+
--build-arg GLOBAL_VERSION="v5" \
88+
--build-arg FROM_IMAGE="testv5" \
89+
--file ./Dockerfile.apache.node \
90+
--tag testv5-node \
91+
.
92+
docker scout cves testv5-node --only-fixed --locations

0 commit comments

Comments
 (0)