ci: enable PHP 7.4 in GitHub Actions build matrix

.github/workflows/main.yml

@@ -31,8 +31,8 @@ jobs:
 
     strategy:
       matrix:
-        #version: ["7.4", "8.0", "8.1", "8.2", "8.3", "8.4", "8.5"]
-        version: ["8.3", "8.4", "8.5"]
+        # only 7.4 and 8.3 are supported by ownCloud 10/11, so we limit the build to those versions for now
+        version: ["7.4", "8.3"]
 
   update-docker-hub-description:
     needs: build

CLAUDE.md

@@ -0,0 +1,69 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## What this repo is
+
+Docker images for ownCloud PHP CI pipelines, published to Docker Hub as `owncloudci/php:<version>`. Versions: 7.4, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5. Each is independently built and published.
+
+## Building locally
+
+```bash
+# Build a specific version (defaults to v7.4)
+BUILD_VERSION=v8.4 make build
+
+# Build multiarch with Docker Buildx (no secrets needed for PHP 8.x)
+docker buildx build --platform linux/amd64,linux/arm64 \
+  -f v8.4/Dockerfile.multiarch v8.4/
+
+# PHP 7.4 requires Freexian mirror secrets (EOL PHP, needs paid mirror)
+docker buildx build --platform linux/amd64 \
+  --secret id=mirror-auth,src=./mirror-auth \
+  --secret id=mirror-url,src=./mirror-url \
+  -f v7.4/Dockerfile.multiarch v7.4/
+```
+
+## Linting
+
+The CI lint pipeline runs three checks you can replicate locally:
+
+```bash
+# Starlark formatter (checks .drone.star)
+buildifier -d -diff_command='diff -u' .drone.star
+
+# EditorConfig format check
+docker run --rm -v $(pwd):/app mstruebing/editorconfig-checker
+
+# Shellcheck on overlay scripts (per version)
+grep -ErlI '^#!(.*/|.*env +)(sh|bash|ksh)' v8.4/overlay/ | xargs -r shellcheck
+```
+
+## Architecture
+
+Each version directory (`v{X.Y}/`) contains:
+- `Dockerfile.multiarch` — the image build definition
+- `overlay/` — files copied verbatim onto the container root filesystem (`COPY overlay /`). Contains Apache vhost config, PHP ini overrides (opcache, oci8, krb5), SSL config, and a custom `apachectl` wrapper.
+
+**PHP source differences by version:**
+- `v7.4`: Uses Freexian's commercial EOL support mirror (requires `mirror-auth` and `mirror-url` secrets at build time). The auth file is explicitly deleted at the end of the build so it cannot leak into the image.
+- `v8.0–v8.3`: Uses ondrej/php PPA on Ubuntu 22.04.
+- `v8.4`, `v8.5`: Also uses ondrej/php PPA, but builds curl from source (to get gssapi, libssh, nghttp2, ldaps support not present in the distro package).
+
+**Architecture-conditional installs:** Oracle Instant Client (oci8) is only installed on `linux/amd64`. The oci8 PECL extension is guarded by `if [ "$TARGETPLATFORM" = "linux/amd64" ]`.
+
+**PHP 7.4 note:** The overlay PHP ini paths are `etc/php/7.4/...` and include `krb5.ini` (php-krb5 PECL extension), which is absent in 8.x images.
+
+## CI pipeline
+
+Two CI systems coexist:
+- **GitHub Actions** (`.github/workflows/main.yml`) — current, uses reusable workflows from `owncloud-docker/ubuntu`. Currently only builds 8.3, 8.4, 8.5 (older versions are commented out in the matrix).
+- **Drone CI** (`.drone.star`) — legacy Starlark pipeline; builds all versions, includes Trivy security scanning, pre-publish to internal registry, and Rocket.Chat notifications.
+
+**Dependency updates:** Renovate (`.renovaterc.json`) manages Docker base image digests and the `RETRY_VERSION` env var. GitHub Dependabot manages GitHub Actions versions.
+
+## Adding a new PHP version
+
+1. Copy an existing version directory (e.g., `cp -r v8.4 v8.6`).
+2. Update all `php8.4` → `php8.6` references in `Dockerfile.multiarch` and the overlay ini paths.
+3. Add the version to the matrix in `.github/workflows/main.yml` and to the `versions` list in `.drone.star`.
+4. Update the overlay `etc/php/` path from `8.3` to the correct version (note: v8.4's overlay uses `8.3` paths — verify the actual PHP ini path matches the installed version).

v7.4/Dockerfile.multiarch

@@ -10,7 +10,7 @@
 VOLUME ["/var/www/owncloud"]
 
 ENV ORACLE_HOME=/usr/lib/oracle/12.2/client64
 ENV LD_LIBRARY_PATH=/usr/lib/oracle/12.2/client64/lib/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
 ENV APACHE_LOGGING_PATH=/dev/stdout
 
 ARG RETRY_VERSION
@@ -27,13 +27,11 @@
 # Get the authentication details for the deb mirror that has been set up to serve the Freexian PHP packages
 RUN --mount=type=secret,id=mirror-auth,required cp /run/secrets/mirror-auth /etc/apt/auth.conf.d/freexian.conf
 
-
 RUN --mount=type=secret,id=mirror-url,required apt-get update -y && \
   apt-get install -y software-properties-common language-pack-en-base && \
   apt-add-repository "https://$(cat /run/secrets/mirror-url)/php.freexian.com/ jammy main"
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php7.4 libkrb5-dev libxml2-utils git-core unzip wget fontconfig libaio1 python2 php7.4 php7.4-dev php7.4-xml php7.4-mbstring php7.4-curl php7.4-gd php7.4-zip php7.4-intl php7.4-sqlite3 php7.4-mysql php7.4-pgsql php7.4-soap php7.4-phpdbg php7.4-ldap php7.4-gmp php7.4-imap php7.4-redis php7.4-memcached php7.4-imagick php7.4-smbclient php7.4-apcu php7.4-apcu-bc php7.4-ast rsync libimage-exiftool-perl && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \

v8.0/Dockerfile.multiarch

@@ -28,7 +28,6 @@ RUN apt-get update -y && \
   LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php8.0 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.0 php8.0-dev php8.0-xml php8.0-mbstring php8.0-curl php8.0-gd php8.0-zip php8.0-intl php8.0-sqlite3 php8.0-mysql php8.0-pgsql php8.0-soap php8.0-phpdbg php8.0-ldap php8.0-gmp php8.0-imap php8.0-redis php8.0-memcached php8.0-imagick php8.0-smbclient php8.0-apcu php8.0-ast rsync && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \

v8.1/Dockerfile.multiarch

@@ -28,7 +28,6 @@ RUN apt-get update -y && \
   LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php8.1 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.1 php8.1-dev php8.1-xml php8.1-mbstring php8.1-curl php8.1-gd php8.1-zip php8.1-intl php8.1-sqlite3 php8.1-mysql php8.1-pgsql php8.1-soap php8.1-phpdbg php8.1-ldap php8.1-gmp php8.1-imap php8.1-redis php8.1-memcached php8.1-imagick php8.1-smbclient php8.1-apcu php8.1-ast rsync && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \

v8.2/Dockerfile.multiarch

@@ -28,7 +28,6 @@ RUN apt-get update -y && \
   LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php8.2 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.2 php8.2-dev php8.2-xml php8.2-mbstring php8.2-curl php8.2-gd php8.2-zip php8.2-intl php8.2-sqlite3 php8.2-mysql php8.2-pgsql php8.2-soap php8.2-phpdbg php8.2-ldap php8.2-gmp php8.2-imap php8.2-redis php8.2-memcached php8.2-imagick php8.2-smbclient php8.2-apcu php8.2-ast rsync libimage-exiftool-perl && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \

v8.3/Dockerfile.multiarch

@@ -10,7 +10,7 @@
 VOLUME ["/var/www/owncloud"]
 
 ENV ORACLE_HOME=/usr/lib/oracle/12.2/client64
 ENV LD_LIBRARY_PATH=/usr/lib/oracle/12.2/client64/lib/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
 ENV APACHE_LOGGING_PATH=/dev/stdout
 
 ARG RETRY_VERSION
@@ -28,7 +28,6 @@
   LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php8.3 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.3 php8.3-dev php8.3-xml php8.3-mbstring php8.3-curl php8.3-gd php8.3-zip php8.3-intl php8.3-sqlite3 php8.3-mysql php8.3-pgsql php8.3-soap php8.3-phpdbg php8.3-ldap php8.3-gmp php8.3-imap php8.3-redis php8.3-memcached php8.3-imagick php8.3-smbclient php8.3-apcu php8.3-ast rsync libimage-exiftool-perl && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \

v8.4/Dockerfile.multiarch

@@ -28,7 +28,6 @@ RUN apt-get update -y && \
   LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php8.4 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.4 php8.4-dev php8.4-xml php8.4-mbstring php8.4-curl php8.4-gd php8.4-zip php8.4-intl php8.4-sqlite3 php8.4-mysql php8.4-pgsql php8.4-soap php8.4-phpdbg php8.4-ldap php8.4-gmp php8.4-imap php8.4-redis php8.4-memcached php8.4-imagick php8.4-smbclient php8.4-apcu php8.4-ast rsync libimage-exiftool-perl && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \

v8.5/Dockerfile.multiarch

@@ -28,7 +28,6 @@ RUN apt-get update -y && \
   LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/apache2
 
 RUN apt-get update -y && \
-  apt-get upgrade -y && \
   apt-get install -y apache2 libapache2-mod-php8.5 libxml2-utils git-core unzip wget fontconfig libaio1 python2 php8.5 php8.5-dev php8.5-xml php8.5-mbstring php8.5-curl php8.5-gd php8.5-zip php8.5-intl php8.5-sqlite3 php8.5-mysql php8.5-pgsql php8.5-soap php8.5-phpdbg php8.5-ldap php8.5-gmp php8.5-imap php8.5-redis php8.5-memcached php8.5-imagick php8.5-smbclient php8.5-apcu php8.5-ast rsync libimage-exiftool-perl && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /etc/apache2/sites-available/default-ssl.conf && \