diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index df2e20d..5f79cc4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -31,8 +31,8 @@ jobs: strategy: matrix: - #version: ["7.4", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5"] - version: ["8.3", "8.4", "8.5"] + # only 7.4 and 8.3 are supported by ownCloud 10/11, so we limit the build to those versions for now + version: ["7.4", "8.3"] update-docker-hub-description: needs: build diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..52fabf4 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,69 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## What this repo is + +Docker images for ownCloud PHP CI pipelines, published to Docker Hub as `owncloudci/php:`. Versions: 7.4, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5. Each is independently built and published. + +## Building locally + +```bash +# Build a specific version (defaults to v7.4) +BUILD_VERSION=v8.4 make build + +# Build multiarch with Docker Buildx (no secrets needed for PHP 8.x) +docker buildx build --platform linux/amd64,linux/arm64 \ + -f v8.4/Dockerfile.multiarch v8.4/ + +# PHP 7.4 requires Freexian mirror secrets (EOL PHP, needs paid mirror) +docker buildx build --platform linux/amd64 \ + --secret id=mirror-auth,src=./mirror-auth \ + --secret id=mirror-url,src=./mirror-url \ + -f v7.4/Dockerfile.multiarch v7.4/ +``` + +## Linting + +The CI lint pipeline runs three checks you can replicate locally: + +```bash +# Starlark formatter (checks .drone.star) +buildifier -d -diff_command='diff -u' .drone.star + +# EditorConfig format check +docker run --rm -v $(pwd):/app mstruebing/editorconfig-checker + +# Shellcheck on overlay scripts (per version) +grep -ErlI '^#!(.*/|.*env +)(sh|bash|ksh)' v8.4/overlay/ | xargs -r shellcheck +``` + +## Architecture + +Each version directory (`v{X.Y}/`) contains: +- `Dockerfile.multiarch` — the image build definition +- `overlay/` — files copied verbatim onto the container root filesystem (`COPY overlay /`). Contains Apache vhost config, PHP ini overrides (opcache, oci8, krb5), SSL config, and a custom `apachectl` wrapper. + +**PHP source differences by version:** +- `v7.4`: Uses Freexian's commercial EOL support mirror (requires `mirror-auth` and `mirror-url` secrets at build time). The auth file is explicitly deleted at the end of the build so it cannot leak into the image. +- `v8.0–v8.3`: Uses ondrej/php PPA on Ubuntu 22.04. +- `v8.4`, `v8.5`: Also uses ondrej/php PPA, but builds curl from source (to get gssapi, libssh, nghttp2, ldaps support not present in the distro package). + +**Architecture-conditional installs:** Oracle Instant Client (oci8) is only installed on `linux/amd64`. The oci8 PECL extension is guarded by `if [ "$TARGETPLATFORM" = "linux/amd64" ]`. + +**PHP 7.4 note:** The overlay PHP ini paths are `etc/php/7.4/...` and include `krb5.ini` (php-krb5 PECL extension), which is absent in 8.x images. + +## CI pipeline + +Two CI systems coexist: +- **GitHub Actions** (`.github/workflows/main.yml`) — current, uses reusable workflows from `owncloud-docker/ubuntu`. Currently only builds 8.3, 8.4, 8.5 (older versions are commented out in the matrix). +- **Drone CI** (`.drone.star`) — legacy Starlark pipeline; builds all versions, includes Trivy security scanning, pre-publish to internal registry, and Rocket.Chat notifications. + +**Dependency updates:** Renovate (`.renovaterc.json`) manages Docker base image digests and the `RETRY_VERSION` env var. GitHub Dependabot manages GitHub Actions versions. + +## Adding a new PHP version + +1. Copy an existing version directory (e.g., `cp -r v8.4 v8.6`). +2. Update all `php8.4` → `php8.6` references in `Dockerfile.multiarch` and the overlay ini paths. +3. Add the version to the matrix in `.github/workflows/main.yml` and to the `versions` list in `.drone.star`. +4. Update the overlay `etc/php/` path from `8.3` to the correct version (note: v8.4's overlay uses `8.3` paths — verify the actual PHP ini path matches the installed version). diff --git a/v7.4/Dockerfile.multiarch b/v7.4/Dockerfile.multiarch index 5b69206..53a9680 100644 --- a/v7.4/Dockerfile.multiarch +++ b/v7.4/Dockerfile.multiarch @@ -27,13 +27,11 @@ RUN wget http://php.freexian.com/public/archive-key.gpg -O /etc/apt/trusted.gpg. # Get the authentication details for the deb mirror that has been set up to serve the Freexian PHP packages RUN --mount=type=secret,id=mirror-auth,required cp /run/secrets/mirror-auth /etc/apt/auth.conf.d/freexian.conf - RUN --mount=type=secret,id=mirror-url,required apt-get update -y && \ apt-get install -y software-properties-common language-pack-en-base && \ apt-add-repository "https://$(cat /run/secrets/mirror-url)/php.freexian.com/ jammy main" RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php7.4 libkrb5-dev libxml2-utils git-core unzip wget fontconfig libaio1 python2 php7.4 php7.4-dev php7.4-xml php7.4-mbstring php7.4-curl php7.4-gd php7.4-zip php7.4-intl php7.4-sqlite3 php7.4-mysql php7.4-pgsql php7.4-soap php7.4-phpdbg php7.4-ldap php7.4-gmp php7.4-imap php7.4-redis php7.4-memcached php7.4-imagick php7.4-smbclient php7.4-apcu php7.4-apcu-bc php7.4-ast rsync libimage-exiftool-perl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \ diff --git a/v8.0/Dockerfile.multiarch b/v8.0/Dockerfile.multiarch index 78ef519..ec136ae 100644 --- a/v8.0/Dockerfile.multiarch +++ b/v8.0/Dockerfile.multiarch @@ -28,7 +28,6 @@ RUN apt-get update -y && \ LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2 RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php8.0 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.0 php8.0-dev php8.0-xml php8.0-mbstring php8.0-curl php8.0-gd php8.0-zip php8.0-intl php8.0-sqlite3 php8.0-mysql php8.0-pgsql php8.0-soap php8.0-phpdbg php8.0-ldap php8.0-gmp php8.0-imap php8.0-redis php8.0-memcached php8.0-imagick php8.0-smbclient php8.0-apcu php8.0-ast rsync && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \ diff --git a/v8.1/Dockerfile.multiarch b/v8.1/Dockerfile.multiarch index f566398..5454c4a 100644 --- a/v8.1/Dockerfile.multiarch +++ b/v8.1/Dockerfile.multiarch @@ -28,7 +28,6 @@ RUN apt-get update -y && \ LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2 RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php8.1 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.1 php8.1-dev php8.1-xml php8.1-mbstring php8.1-curl php8.1-gd php8.1-zip php8.1-intl php8.1-sqlite3 php8.1-mysql php8.1-pgsql php8.1-soap php8.1-phpdbg php8.1-ldap php8.1-gmp php8.1-imap php8.1-redis php8.1-memcached php8.1-imagick php8.1-smbclient php8.1-apcu php8.1-ast rsync && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \ diff --git a/v8.2/Dockerfile.multiarch b/v8.2/Dockerfile.multiarch index a58ead3..e6bb929 100644 --- a/v8.2/Dockerfile.multiarch +++ b/v8.2/Dockerfile.multiarch @@ -28,7 +28,6 @@ RUN apt-get update -y && \ LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2 RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php8.2 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.2 php8.2-dev php8.2-xml php8.2-mbstring php8.2-curl php8.2-gd php8.2-zip php8.2-intl php8.2-sqlite3 php8.2-mysql php8.2-pgsql php8.2-soap php8.2-phpdbg php8.2-ldap php8.2-gmp php8.2-imap php8.2-redis php8.2-memcached php8.2-imagick php8.2-smbclient php8.2-apcu php8.2-ast rsync libimage-exiftool-perl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \ diff --git a/v8.3/Dockerfile.multiarch b/v8.3/Dockerfile.multiarch index 0c8bc49..fcfd485 100644 --- a/v8.3/Dockerfile.multiarch +++ b/v8.3/Dockerfile.multiarch @@ -28,7 +28,6 @@ RUN apt-get update -y && \ LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2 RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php8.3 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.3 php8.3-dev php8.3-xml php8.3-mbstring php8.3-curl php8.3-gd php8.3-zip php8.3-intl php8.3-sqlite3 php8.3-mysql php8.3-pgsql php8.3-soap php8.3-phpdbg php8.3-ldap php8.3-gmp php8.3-imap php8.3-redis php8.3-memcached php8.3-imagick php8.3-smbclient php8.3-apcu php8.3-ast rsync libimage-exiftool-perl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \ diff --git a/v8.4/Dockerfile.multiarch b/v8.4/Dockerfile.multiarch index 7812a1e..98c1dd3 100644 --- a/v8.4/Dockerfile.multiarch +++ b/v8.4/Dockerfile.multiarch @@ -28,7 +28,6 @@ RUN apt-get update -y && \ LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2 RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php8.4 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.4 php8.4-dev php8.4-xml php8.4-mbstring php8.4-curl php8.4-gd php8.4-zip php8.4-intl php8.4-sqlite3 php8.4-mysql php8.4-pgsql php8.4-soap php8.4-phpdbg php8.4-ldap php8.4-gmp php8.4-imap php8.4-redis php8.4-memcached php8.4-imagick php8.4-smbclient php8.4-apcu php8.4-ast rsync libimage-exiftool-perl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \ diff --git a/v8.5/Dockerfile.multiarch b/v8.5/Dockerfile.multiarch index b0d18d8..409a05c 100644 --- a/v8.5/Dockerfile.multiarch +++ b/v8.5/Dockerfile.multiarch @@ -28,7 +28,6 @@ RUN apt-get update -y && \ LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2 RUN apt-get update -y && \ - apt-get upgrade -y && \ apt-get install -y apache2 libapache2-mod-php8.5 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.5 php8.5-dev php8.5-xml php8.5-mbstring php8.5-curl php8.5-gd php8.5-zip php8.5-intl php8.5-sqlite3 php8.5-mysql php8.5-pgsql php8.5-soap php8.5-phpdbg php8.5-ldap php8.5-gmp php8.5-imap php8.5-redis php8.5-memcached php8.5-imagick php8.5-smbclient php8.5-apcu php8.5-ast rsync libimage-exiftool-perl && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \