From f730f66379dc37b57195ed30c9b3d5dcead83946 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 12:11:44 +0100 Subject: [PATCH 01/97] Revert to Bref's v1 compilation scripts --- base-devel/cpu-x86.Dockerfile | 431 +++++++++++++++++++++++++++++++++- 1 file changed, 422 insertions(+), 9 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index b599e85f..e683b9de 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -1,12 +1,425 @@ +# The container we build here contains everything needed to compile PHP. +# We build in here everything that is stable (e.g. system tools) so that we don't +# recompile them every time we change PHP. + + +# Lambda uses a custom AMI named Amazon Linux 2 +# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html +# AWS provides a Docker image that we use here: +# https://github.com/amazonlinux/container-images/tree/amzn2 FROM public.ecr.aws/lambda/provided:al2-x86_64 -# yum-utils installs the yum-config-manager command -RUN yum install -y \ - https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ - https://rpms.remirepo.net/enterprise/remi-release-7.rpm \ - yum-utils \ - epel-release \ - curl -# Install development tools to compile extra PHP extensions -RUN yum groupinstall -y "Development Tools" +# Move to /tmp to compile everything in there. +WORKDIR /tmp + + +# Lambda is based on Amazon Linux 2. Lock YUM to that release version. +RUN sed -i 's/releasever=latest/releaserver=amzn2/' /etc/yum.conf + + +RUN set -xe \ + # Download yum repository data to cache + && yum makecache \ + # Default Development Tools + && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default + + +# The default version of cmake we can get from the yum repo is 2.8.12. We need cmake to build a few of +# our libraries, and at least one library requires a version of cmake greater than that. +# +# Needed to build: +# - libzip: minimum required CMAKE version 3.0. +RUN LD_LIBRARY_PATH= yum install -y cmake3 +RUN ln -s /usr/bin/cmake3 /usr/bin/cmake + +# Use the bash shell, instead of /bin/sh +# Why? We need to document this. +SHELL ["/bin/bash", "-c"] + +# We need a base path for all the sourcecode we will build from. +ENV BUILD_DIR="/tmp/build" + +# We need a base path for the builds to install to. This path must +# match the path that bref will be unpackaged to in Lambda. +ENV INSTALL_DIR="/opt/bref" + +# Apply stack smash protection to functions using local buffers and alloca() +# ## # Enable size optimization (-Os) +# # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# # Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) + +# We need some default compiler variables setup +ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ + PKG_CONFIG="/usr/bin/pkg-config" \ + PATH="${INSTALL_DIR}/bin:${PATH}" + + +ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" + +# Enable parallelism for cmake (like make -j) +# See https://stackoverflow.com/a/50883540/245552 +RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) + +# Ensure we have all the directories we require in the container. +RUN mkdir -p ${BUILD_DIR} \ + ${INSTALL_DIR}/bin \ + ${INSTALL_DIR}/doc \ + ${INSTALL_DIR}/etc/php \ + ${INSTALL_DIR}/etc/php/conf.d \ + ${INSTALL_DIR}/include \ + ${INSTALL_DIR}/lib \ + ${INSTALL_DIR}/lib64 \ + ${INSTALL_DIR}/libexec \ + ${INSTALL_DIR}/sbin \ + ${INSTALL_DIR}/share + + +############################################################################### +# ZLIB Build +# https://github.com/madler/zlib/releases +# Needed for: +# - openssl +# - curl +# - php +# Used By: +# - xml2 +ENV VERSION_ZLIB=1.2.13 +ENV ZLIB_BUILD_DIR=${BUILD_DIR}/xml2 + +RUN set -xe; \ + mkdir -p ${ZLIB_BUILD_DIR}; \ +# Download and upack the source code + curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ + | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 + +# Move into the unpackaged code directory +WORKDIR ${ZLIB_BUILD_DIR}/ + +# Configure the build +RUN set -xe; \ + make distclean \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --64 + +RUN set -xe; \ + make install \ + && rm ${INSTALL_DIR}/lib/libz.a + +############################################################################### +# OPENSSL Build +# https://github.com/openssl/openssl/releases +# Needs: +# - zlib +# Needed by: +# - curl +# - php +ENV VERSION_OPENSSL=1.1.1s +ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl +ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" +ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" + + +RUN set -xe; \ + mkdir -p ${OPENSSL_BUILD_DIR}; \ +# Download and upack the source code + curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ + | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 + +# Move into the unpackaged code directory +WORKDIR ${OPENSSL_BUILD_DIR}/ + + +# Configure the build +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./config \ + --prefix=${INSTALL_DIR} \ + --openssldir=${INSTALL_DIR}/ssl \ + --release \ + no-tests \ + shared \ + zlib + +RUN set -xe; \ + make install \ + && curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} + +############################################################################### +# LIBSSH2 Build +# https://github.com/libssh2/libssh2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_LIBSSH2=1.10.0 +ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 + +RUN set -xe; \ + mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ + # Download and upack the source code + curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ + | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 + +# Move into the unpackaged code directory +WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ + +# Configure the build +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + -DBUILD_SHARED_LIBS=ON \ + -DCRYPTO_BACKEND=OpenSSL \ + -DENABLE_ZLIB_COMPRESSION=ON \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE + +RUN set -xe; \ + cmake --build . --target install + +############################################################################### +# LIBNGHTTP2 Build +# This adds support for HTTP 2 requests in curl. +# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 +# https://github.com/nghttp2/nghttp2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_NGHTTP2=1.51.0 +ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 + +RUN set -xe; \ + mkdir -p ${NGHTTP2_BUILD_DIR}; \ + curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ + | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 + +WORKDIR ${NGHTTP2_BUILD_DIR}/ + +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --enable-lib-only \ + --prefix=${INSTALL_DIR} + +RUN set -xe; \ + make install + + +############################################################################### +# CURL Build +# # https://github.com/curl/curl/releases +# # Needs: +# # - zlib +# # - OpenSSL +# # - libssh2 +# # Needed by: +# # - php +ENV VERSION_CURL=7.85.0 +ENV CURL_BUILD_DIR=${BUILD_DIR}/curl + +RUN set -xe; \ + mkdir -p ${CURL_BUILD_DIR}/bin; \ +curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ +| tar xzC ${CURL_BUILD_DIR} --strip-components=1 + + +WORKDIR ${CURL_BUILD_DIR}/ + +RUN set -xe; \ + ./buildconf \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-ca-bundle=${CA_BUNDLE} \ + --enable-shared \ + --disable-static \ + --enable-optimize \ + --disable-warnings \ + --disable-dependency-tracking \ + --with-zlib \ + --enable-http \ + --enable-ftp \ + --enable-file \ + --enable-proxy \ + --enable-tftp \ + --enable-ipv6 \ + --enable-openssl-auto-load-config \ + --enable-cookies \ + --with-gnu-ld \ + --with-ssl \ + --with-libssh2 \ + --with-nghttp2 + + +RUN set -xe; \ + make install + +############################################################################### +# LIBXML2 Build +# https://github.com/GNOME/libxml2/releases +# Uses: +# - zlib +# Needed by: +# - php +ENV VERSION_XML2=2.10.3 +ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 + +RUN set -xe; \ + mkdir -p ${XML2_BUILD_DIR}; \ +# Download and upack the source code + curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ + | tar xJC ${XML2_BUILD_DIR} --strip-components=1 + +# Move into the unpackaged code directory +WORKDIR ${XML2_BUILD_DIR}/ + +# Configure the build +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-sysroot=${INSTALL_DIR} \ + --enable-shared \ + --disable-static \ + --with-html \ + --with-history \ + --enable-ipv6=no \ + --with-icu \ + --with-zlib=${INSTALL_DIR} \ + --without-python + +RUN set -xe; \ + make install \ + && cp xml2-config ${INSTALL_DIR}/bin/xml2-config + +############################################################################### +# LIBZIP Build +# https://github.com/nih-at/libzip/releases +# Needed by: +# - php +ENV VERSION_ZIP=1.9.2 +ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip + +RUN set -xe; \ + mkdir -p ${ZIP_BUILD_DIR}/bin/; \ +# Download and upack the source code + curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ + | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 + +# Move into the unpackaged code directory +WORKDIR ${ZIP_BUILD_DIR}/bin/ + +# Configure the build +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE + +RUN set -xe; \ + cmake --build . --target install + +############################################################################### +# LIBSODIUM Build +# https://github.com/jedisct1/libsodium/releases +# Needs: +# +# Needed by: +# - php +ENV VERSION_LIBSODIUM=1.0.18 +ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium + +RUN set -xe; \ + mkdir -p ${LIBSODIUM_BUILD_DIR}; \ + # Download and unpack the source code + curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ + | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 + +# Move into the unpackaged code directory +WORKDIR ${LIBSODIUM_BUILD_DIR}/ + +# Configure the build +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./autogen.sh \ +&& ./configure --prefix=${INSTALL_DIR} + +RUN set -xe; \ + make install + +############################################################################### +# Postgres Build +# https://github.com/postgres/postgres/releases +# Needs: +# - OpenSSL +# Needed by: +# - php +ENV VERSION_POSTGRES=15.1 +ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres + +RUN set -xe; \ + mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ + curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ + | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 + + +WORKDIR ${POSTGRES_BUILD_DIR}/ + +RUN set -xe; \ + CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline + +RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make -j $(nproc) && make install +RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make -j $(nproc) && make install +RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers +RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/include && make install + +# Install some dev files for using old libraries already on the system +# readline-devel : needed for the --with-libedit flag +# gettext-devel : needed for the --with-gettext flag +# libicu-devel : needed for +# libxslt-devel : needed for the XSL extension +# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) +RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel + +RUN cp -a /usr/lib64/libgcrypt.so* ${INSTALL_DIR}/lib64/ + +# Copy readline shared libs that are not present in amazonlinux2 +RUN cp -a /usr/lib64/libreadline.so?* ${INSTALL_DIR}/lib64/ + +# Copy gpg-error shared libds that are not present in amazonlinux2 +RUN cp -a /usr/lib64/libgpg-error.so* ${INSTALL_DIR}/lib64/ + +# Copy gettext shared libs that are not present in amazonlinux2 +RUN cp -a /usr/lib64/libasprintf.so* ${INSTALL_DIR}/lib64/ +RUN cp -a /usr/lib64/libgettextpo.so* ${INSTALL_DIR}/lib64/ +RUN cp -a /usr/lib64/preloadable_libintl.so* ${INSTALL_DIR}/lib64/ + +# Copy xslt shared libs that are not present in amazonlinux2 +RUN cp -a /usr/lib64/lib*xslt*.so* ${INSTALL_DIR}/lib64/ + +# Copy sqlite3 shared libs that are not present in amazonlinux2 +RUN cp -a /usr/lib64/libsqlite3*.so* ${INSTALL_DIR}/lib64/ From a6e0e6d0445fa2933315400f2b71b00fad420b1e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 12:16:23 +0100 Subject: [PATCH 02/97] Improve comments and formatting of the file --- base-devel/cpu-x86.Dockerfile | 108 ++++++++-------------------------- 1 file changed, 23 insertions(+), 85 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index e683b9de..a0fff596 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -10,7 +10,7 @@ FROM public.ecr.aws/lambda/provided:al2-x86_64 -# Move to /tmp to compile everything in there. +# Temp directory in which all compilation happens WORKDIR /tmp @@ -25,12 +25,12 @@ RUN set -xe \ && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default -# The default version of cmake we can get from the yum repo is 2.8.12. We need cmake to build a few of +# The default version of cmake is 2.8.12. We need cmake to build a few of # our libraries, and at least one library requires a version of cmake greater than that. -# # Needed to build: # - libzip: minimum required CMAKE version 3.0. RUN LD_LIBRARY_PATH= yum install -y cmake3 +# Override the default `cmake` RUN ln -s /usr/bin/cmake3 /usr/bin/cmake # Use the bash shell, instead of /bin/sh @@ -44,17 +44,11 @@ ENV BUILD_DIR="/tmp/build" # match the path that bref will be unpackaged to in Lambda. ENV INSTALL_DIR="/opt/bref" -# Apply stack smash protection to functions using local buffers and alloca() -# ## # Enable size optimization (-Os) -# # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) -# # Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) - # We need some default compiler variables setup ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ PKG_CONFIG="/usr/bin/pkg-config" \ PATH="${INSTALL_DIR}/bin:${PATH}" - ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" # Enable parallelism for cmake (like make -j) @@ -76,7 +70,7 @@ RUN mkdir -p ${BUILD_DIR} \ ############################################################################### -# ZLIB Build +# ZLIB # https://github.com/madler/zlib/releases # Needed for: # - openssl @@ -86,17 +80,11 @@ RUN mkdir -p ${BUILD_DIR} \ # - xml2 ENV VERSION_ZLIB=1.2.13 ENV ZLIB_BUILD_DIR=${BUILD_DIR}/xml2 - RUN set -xe; \ mkdir -p ${ZLIB_BUILD_DIR}; \ -# Download and upack the source code curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 - -# Move into the unpackaged code directory WORKDIR ${ZLIB_BUILD_DIR}/ - -# Configure the build RUN set -xe; \ make distclean \ && CFLAGS="" \ @@ -105,13 +93,12 @@ RUN set -xe; \ ./configure \ --prefix=${INSTALL_DIR} \ --64 - RUN set -xe; \ make install \ && rm ${INSTALL_DIR}/lib/libz.a ############################################################################### -# OPENSSL Build +# OPENSSL # https://github.com/openssl/openssl/releases # Needs: # - zlib @@ -122,19 +109,11 @@ ENV VERSION_OPENSSL=1.1.1s ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" - - RUN set -xe; \ mkdir -p ${OPENSSL_BUILD_DIR}; \ -# Download and upack the source code curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 - -# Move into the unpackaged code directory WORKDIR ${OPENSSL_BUILD_DIR}/ - - -# Configure the build RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ @@ -146,13 +125,12 @@ RUN set -xe; \ no-tests \ shared \ zlib - RUN set -xe; \ make install \ && curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} ############################################################################### -# LIBSSH2 Build +# LIBSSH2 # https://github.com/libssh2/libssh2/releases # Needs: # - zlib @@ -161,33 +139,29 @@ RUN set -xe; \ # - curl ENV VERSION_LIBSSH2=1.10.0 ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 - RUN set -xe; \ mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ - # Download and upack the source code curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 - -# Move into the unpackaged code directory WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ - -# Configure the build RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ cmake .. \ - -DBUILD_SHARED_LIBS=ON \ - -DCRYPTO_BACKEND=OpenSSL \ - -DENABLE_ZLIB_COMPRESSION=ON \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE - + # Build as a shared library (.so) instead of a static one + -DBUILD_SHARED_LIBS=ON \ + # Build with OpenSSL support + -DCRYPTO_BACKEND=OpenSSL \ + # Build with zlib support + -DENABLE_ZLIB_COMPRESSION=ON \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE RUN set -xe; \ cmake --build . --target install ############################################################################### -# LIBNGHTTP2 Build +# LIBNGHTTP2 # This adds support for HTTP 2 requests in curl. # See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 # https://github.com/nghttp2/nghttp2/releases @@ -198,14 +172,11 @@ RUN set -xe; \ # - curl ENV VERSION_NGHTTP2=1.51.0 ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 - RUN set -xe; \ mkdir -p ${NGHTTP2_BUILD_DIR}; \ curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 - WORKDIR ${NGHTTP2_BUILD_DIR}/ - RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ @@ -213,13 +184,12 @@ RUN set -xe; \ ./configure \ --enable-lib-only \ --prefix=${INSTALL_DIR} - RUN set -xe; \ make install ############################################################################### -# CURL Build +# CURL # # https://github.com/curl/curl/releases # # Needs: # # - zlib @@ -229,15 +199,11 @@ RUN set -xe; \ # # - php ENV VERSION_CURL=7.85.0 ENV CURL_BUILD_DIR=${BUILD_DIR}/curl - RUN set -xe; \ mkdir -p ${CURL_BUILD_DIR}/bin; \ curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ | tar xzC ${CURL_BUILD_DIR} --strip-components=1 - - WORKDIR ${CURL_BUILD_DIR}/ - RUN set -xe; \ ./buildconf \ && CFLAGS="" \ @@ -264,13 +230,11 @@ RUN set -xe; \ --with-ssl \ --with-libssh2 \ --with-nghttp2 - - RUN set -xe; \ make install ############################################################################### -# LIBXML2 Build +# LIBXML2 # https://github.com/GNOME/libxml2/releases # Uses: # - zlib @@ -278,17 +242,11 @@ RUN set -xe; \ # - php ENV VERSION_XML2=2.10.3 ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 - RUN set -xe; \ mkdir -p ${XML2_BUILD_DIR}; \ -# Download and upack the source code curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ | tar xJC ${XML2_BUILD_DIR} --strip-components=1 - -# Move into the unpackaged code directory WORKDIR ${XML2_BUILD_DIR}/ - -# Configure the build RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ @@ -304,29 +262,22 @@ RUN set -xe; \ --with-icu \ --with-zlib=${INSTALL_DIR} \ --without-python - RUN set -xe; \ make install \ && cp xml2-config ${INSTALL_DIR}/bin/xml2-config ############################################################################### -# LIBZIP Build +# LIBZIP # https://github.com/nih-at/libzip/releases # Needed by: # - php ENV VERSION_ZIP=1.9.2 ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip - RUN set -xe; \ mkdir -p ${ZIP_BUILD_DIR}/bin/; \ -# Download and upack the source code curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 - -# Move into the unpackaged code directory WORKDIR ${ZIP_BUILD_DIR}/bin/ - -# Configure the build RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ @@ -334,42 +285,32 @@ RUN set -xe; \ cmake .. \ -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ -DCMAKE_BUILD_TYPE=RELEASE - RUN set -xe; \ cmake --build . --target install ############################################################################### -# LIBSODIUM Build +# LIBSODIUM # https://github.com/jedisct1/libsodium/releases -# Needs: -# # Needed by: # - php ENV VERSION_LIBSODIUM=1.0.18 ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium - RUN set -xe; \ mkdir -p ${LIBSODIUM_BUILD_DIR}; \ - # Download and unpack the source code curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 - -# Move into the unpackaged code directory WORKDIR ${LIBSODIUM_BUILD_DIR}/ - -# Configure the build RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./autogen.sh \ && ./configure --prefix=${INSTALL_DIR} - RUN set -xe; \ make install ############################################################################### -# Postgres Build +# Postgres # https://github.com/postgres/postgres/releases # Needs: # - OpenSSL @@ -377,30 +318,27 @@ RUN set -xe; \ # - php ENV VERSION_POSTGRES=15.1 ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres - RUN set -xe; \ mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 - - WORKDIR ${POSTGRES_BUILD_DIR}/ - RUN set -xe; \ CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline - RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make -j $(nproc) && make install RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make -j $(nproc) && make install RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/include && make install + +############################################################################### # Install some dev files for using old libraries already on the system # readline-devel : needed for the --with-libedit flag # gettext-devel : needed for the --with-gettext flag -# libicu-devel : needed for +# libicu-devel : needed for intl # libxslt-devel : needed for the XSL extension # sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel From 8236185c8c657df5fe4c552dd48f590889afb0c4 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 12:16:42 +0100 Subject: [PATCH 03/97] Remove instruction that had no impact --- base-devel/cpu-x86.Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index a0fff596..162245aa 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -14,10 +14,6 @@ FROM public.ecr.aws/lambda/provided:al2-x86_64 WORKDIR /tmp -# Lambda is based on Amazon Linux 2. Lock YUM to that release version. -RUN sed -i 's/releasever=latest/releaserver=amzn2/' /etc/yum.conf - - RUN set -xe \ # Download yum repository data to cache && yum makecache \ From 387d93001a49d1eddfc14384e5daed8abe889118 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 13:25:45 +0100 Subject: [PATCH 04/97] Compile by default in parallel --- base-devel/cpu-x86.Dockerfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index 162245aa..04b67114 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -47,9 +47,10 @@ ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" -# Enable parallelism for cmake (like make -j) +# Enable parallelism by default for make and cmake (like make -j) # See https://stackoverflow.com/a/50883540/245552 -RUN export CMAKE_BUILD_PARALLEL_LEVEL=$(nproc) +ENV CMAKE_BUILD_PARALLEL_LEVEL=4 +ENV MAKEFLAGS='-j4' # Ensure we have all the directories we require in the container. RUN mkdir -p ${BUILD_DIR} \ @@ -121,9 +122,13 @@ RUN set -xe; \ no-tests \ shared \ zlib -RUN set -xe; \ - make install \ - && curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} +# Explicitly compile make without parallelism because it fails if we use -jX (no error message) +# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: +# https://github.com/openssl/openssl/issues/9931 +# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 +# Run `make install_sw` instead of `make install_sw` to skip installing man pages https://github.com/openssl/openssl/issues/8170 +RUN make -j1 install_sw +RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} ############################################################################### # LIBSSH2 From 66b04de6c498dfe49b888f63a028eef7afa650a5 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 13:26:36 +0100 Subject: [PATCH 05/97] Compile by default in parallel --- base-devel/cpu-x86.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index 04b67114..a0fdb108 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -126,8 +126,8 @@ RUN set -xe; \ # I'm not 100% sure why, and I already lost 4 hours on this, but I found this: # https://github.com/openssl/openssl/issues/9931 # https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 -# Run `make install_sw` instead of `make install_sw` to skip installing man pages https://github.com/openssl/openssl/issues/8170 -RUN make -j1 install_sw +# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 +RUN make -j1 install_sw install_ssldirs RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} ############################################################################### From 07a30df8468f1a1d1c9da23d783609b9f6707677 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 13:31:31 +0100 Subject: [PATCH 06/97] Simplify the scripts by removing useless `set -xe` --- base-devel/cpu-x86.Dockerfile | 64 +++++++++++++---------------------- 1 file changed, 24 insertions(+), 40 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index a0fdb108..9c579b6d 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -87,9 +87,7 @@ RUN set -xe; \ && CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --64 + ./configure --prefix=${INSTALL_DIR} --64 RUN set -xe; \ make install \ && rm ${INSTALL_DIR}/lib/libz.a @@ -111,8 +109,7 @@ RUN set -xe; \ curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 WORKDIR ${OPENSSL_BUILD_DIR}/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./config \ @@ -145,8 +142,7 @@ RUN set -xe; \ curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ cmake .. \ @@ -158,8 +154,7 @@ RUN set -xe; \ -DENABLE_ZLIB_COMPRESSION=ON \ -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ -DCMAKE_BUILD_TYPE=RELEASE -RUN set -xe; \ - cmake --build . --target install +RUN cmake --build . --target install ############################################################################### # LIBNGHTTP2 @@ -178,15 +173,13 @@ RUN set -xe; \ curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 WORKDIR ${NGHTTP2_BUILD_DIR}/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./configure \ --enable-lib-only \ --prefix=${INSTALL_DIR} -RUN set -xe; \ - make install +RUN make install ############################################################################### @@ -201,12 +194,11 @@ RUN set -xe; \ ENV VERSION_CURL=7.85.0 ENV CURL_BUILD_DIR=${BUILD_DIR}/curl RUN set -xe; \ - mkdir -p ${CURL_BUILD_DIR}/bin; \ -curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ -| tar xzC ${CURL_BUILD_DIR} --strip-components=1 + mkdir -p ${CURL_BUILD_DIR}/bin; \ + curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ + | tar xzC ${CURL_BUILD_DIR} --strip-components=1 WORKDIR ${CURL_BUILD_DIR}/ -RUN set -xe; \ - ./buildconf \ +RUN ./buildconf \ && CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ @@ -231,8 +223,7 @@ RUN set -xe; \ --with-ssl \ --with-libssh2 \ --with-nghttp2 -RUN set -xe; \ - make install +RUN make install ############################################################################### # LIBXML2 @@ -248,8 +239,7 @@ RUN set -xe; \ curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ | tar xJC ${XML2_BUILD_DIR} --strip-components=1 WORKDIR ${XML2_BUILD_DIR}/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./configure \ @@ -263,8 +253,7 @@ RUN set -xe; \ --with-icu \ --with-zlib=${INSTALL_DIR} \ --without-python -RUN set -xe; \ - make install \ +RUN make install \ && cp xml2-config ${INSTALL_DIR}/bin/xml2-config ############################################################################### @@ -279,15 +268,13 @@ RUN set -xe; \ curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 WORKDIR ${ZIP_BUILD_DIR}/bin/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ cmake .. \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN set -xe; \ - cmake --build . --target install + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install ############################################################################### # LIBSODIUM @@ -301,14 +288,12 @@ RUN set -xe; \ curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 WORKDIR ${LIBSODIUM_BUILD_DIR}/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./autogen.sh \ && ./configure --prefix=${INSTALL_DIR} -RUN set -xe; \ - make install +RUN make install ############################################################################### # Postgres @@ -324,15 +309,14 @@ RUN set -xe; \ curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 WORKDIR ${POSTGRES_BUILD_DIR}/ -RUN set -xe; \ - CFLAGS="" \ +RUN CFLAGS="" \ CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline -RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make -j $(nproc) && make install -RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make -j $(nproc) && make install -RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers -RUN set -xe; cd ${POSTGRES_BUILD_DIR}/src/include && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers +RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install ############################################################################### From c9681204813a967c51762d15b7bd857b2b4364c7 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 15:21:47 +0100 Subject: [PATCH 07/97] Move the compilation of Oniguruma to base-devel --- base-devel/cpu-x86.Dockerfile | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index 9c579b6d..b7260d74 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -36,9 +36,8 @@ SHELL ["/bin/bash", "-c"] # We need a base path for all the sourcecode we will build from. ENV BUILD_DIR="/tmp/build" -# We need a base path for the builds to install to. This path must -# match the path that bref will be unpackaged to in Lambda. -ENV INSTALL_DIR="/opt/bref" +# Target installation path for all the packages we will compile +ENV INSTALL_DIR="/tmp/bref" # We need some default compiler variables setup ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ @@ -76,7 +75,7 @@ RUN mkdir -p ${BUILD_DIR} \ # Used By: # - xml2 ENV VERSION_ZLIB=1.2.13 -ENV ZLIB_BUILD_DIR=${BUILD_DIR}/xml2 +ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib RUN set -xe; \ mkdir -p ${ZLIB_BUILD_DIR}; \ curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ @@ -319,6 +318,26 @@ RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install +############################################################################### +# Oniguruma +# This library is not packaged in PHP since PHP 7.4. +# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 +# We do not install the system version because I didn't manage to make it work... +# Ideally we shouldn't compile it ourselves. +# https://github.com/kkos/oniguruma/releases +# Needed by: +# - php mbstring +ENV VERSION_ONIG=6.9.8 +ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma +RUN set -xe; \ + mkdir -p ${ONIG_BUILD_DIR}; \ + curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ + | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 +WORKDIR ${ONIG_BUILD_DIR} +RUN ./configure --prefix=${INSTALL_DIR} +RUN make && make install + + ############################################################################### # Install some dev files for using old libraries already on the system # readline-devel : needed for the --with-libedit flag From beddb73329443461793cb64f45150f1a2e71c026 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 15:26:49 +0100 Subject: [PATCH 08/97] Add a test to check that HTTP2 is supported with curl See https://github.com/brefphp/aws-lambda-layers/issues/42 --- tests/test_2_extensions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test_2_extensions.php b/tests/test_2_extensions.php index 1b3e0ba0..ed65ee39 100644 --- a/tests/test_2_extensions.php +++ b/tests/test_2_extensions.php @@ -79,6 +79,8 @@ 'json' => function_exists('json_encode'), 'bcmath' => function_exists('bcadd'), 'ctype' => function_exists('ctype_digit'), + // https://github.com/brefphp/aws-lambda-layers/issues/42 + 'curl-with-http2' => defined('CURL_HTTP_VERSION_2'), 'dom' => class_exists(\DOMDocument::class), 'exif' => function_exists('exif_imagetype'), 'fileinfo' => function_exists('finfo_file'), From 0446dfdff81f503fddbdc9f4271a1a846f885b49 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 15:44:06 +0100 Subject: [PATCH 09/97] Compile PHP 8.1 from source --- php-81/cpu-x86.Dockerfile | 158 ++++++++++++++++++++++++-------------- 1 file changed, 101 insertions(+), 57 deletions(-) diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index 5bdd473a..0034a621 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -1,25 +1,110 @@ FROM bref/base-devel-x86 as build-environment -# Specifying the exact PHP version lets us avoid the Docker cache when a new version comes out -ENV VERSION_PHP=8.1.12-1 -# Check out the latest version available on this page: -# https://rpms.remirepo.net/enterprise/7/php81/x86_64/repoview/php-cli.html +ENV VERSION_PHP=8.1.14 + +RUN mkdir -p /tmp/php +WORKDIR /tmp/php + +# PHP Build +# https://github.com/php/php-src/releases +# Needs: +# - zlib +# - libxml2 +# - openssl +# - readline +# - sodium + +# Download and unpack the source code +# --location will follow redirects +# --silent will hide the progress, but also the errors: we restore error messages with --show-error +# --fail makes sure that curl returns an error instead of fetching the 404 page +RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ + | tar xzC . --strip-components=1 + +# Configure the build +# -fstack-protector-strong : Be paranoid about stack overflows +# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# -fpie : Support Address Space Layout Randomization (see -fpic) +# -O3 : Optimize for fastest binaries possible. +# -I : Add the path to the list of directories to be searched for header files during preprocessing. +# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings +# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) +# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) +# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 +RUN ./buildconf --force +RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ + ./configure \ + --build=x86_64-pc-linux-gnu \ + --prefix=${INSTALL_DIR} \ + --enable-option-checking=fatal \ + --enable-sockets \ + --with-config-file-path=/opt/bref/etc/php \ + --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ + --enable-fpm \ + --disable-cgi \ + --enable-cli \ + --disable-phpdbg \ + --with-sodium \ + --with-readline \ + --with-openssl \ + --with-zlib=${INSTALL_DIR} \ + --with-zlib-dir=${INSTALL_DIR} \ + --with-curl \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pdo-mysql=shared,mysqlnd \ + --with-mysqli \ + --enable-pcntl \ + --with-zip \ + --enable-bcmath \ + --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --enable-intl=shared \ + --enable-soap \ + --with-xsl=${INSTALL_DIR} \ + # necessary for `pecl` to work (to install PHP extensions) + --with-pear +RUN make -j $(nproc) +# Run `make install` and override PEAR's PHAR URL because pear.php.net is down +RUN set -xe; \ + make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ + { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ + make clean; \ + cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini + + +# Install extensions +# We can install extensions manually or using `pecl` +RUN pecl install APCu + + +# --------------------------------------------------------------- +# Start from a clean image to copy only the files we need +FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation +RUN mkdir /opt/bin \ +&& mkdir /opt/lib \ +&& mkdir -p /opt/bref/extensions -# Work in a temporary /bref dir to avoid any conflict/mixup with other /opt files -# /bref will eventually be moved to /opt -RUN mkdir /bref \ -&& mkdir /bref/bin \ -&& mkdir /bref/lib \ -&& mkdir -p /bref/bref/extensions -RUN yum-config-manager --enable remi-php81 +RUN cp ${INSTALL_DIR}/bin/php /bref/bin/php && chmod +x /bref/bin/php -RUN yum update -y && yum upgrade -y -# --setopt=skip_missing_names_on_install=False makes sure we get an error if a package is missing -RUN yum install --setopt=skip_missing_names_on_install=False -y \ - php-cli-${VERSION_PHP}.el7.remi.x86_64 +# -------------------------------------------------------- +# Now we copy what we need from: +# - /lib | /lib64 (system libraries installed with `yum`) +# - /usr/local/bin | /usr/local/lib | /usr/local/lib64 (libraries compiled from source) +# into `/opt` (the directory of Lambda layers) +# +# HOW? +# `ldd /usr/local/bin/php` will list the libraries a binary or library depends on. +# We use `ldd` and copy all the dependencies. +# BUT some system libraries are native to Amazon Linux 2 (they already exist in Lambda), +# so we don't copy these (the lines will be commented below to show that we know about them). + # These files are included on Amazon Linux 2 @@ -37,7 +122,7 @@ RUN yum install --setopt=skip_missing_names_on_install=False -y \ # RUN cp /lib64/libsmime3.so /bref/lib/libsmime3.so # PHP Binary -RUN cp /usr/bin/php /bref/bin/php && chmod +x /bref/bin/php +RUN cp ${INSTALL_DIR}/bin/php /bref/bin/php && chmod +x /bref/bin/php RUN cp /lib64/libtinfo.so.5 /bref/lib/libtinfo.so.5 RUN cp /lib64/libedit.so.0 /bref/lib/libedit.so.0 RUN cp /lib64/libncurses.so.5 /bref/lib/libncurses.so.5 @@ -60,16 +145,6 @@ RUN cp /lib64/libncurses.so.5 /bref/lib/libncurses.so.5 #RUN cp /lib64/libtinfo.so.6 /bref/lib/libtinfo.so.6 #RUN cp /lib64/libpcre.so.1 /bref/lib/libpcre.so.1 -# Default Extensions -RUN cp /lib64/php/modules/ctype.so /bref/bref/extensions/ctype.so -RUN cp /lib64/php/modules/exif.so /bref/bref/extensions/exif.so -RUN cp /lib64/php/modules/fileinfo.so /bref/bref/extensions/fileinfo.so -RUN cp /lib64/php/modules/ftp.so /bref/bref/extensions/ftp.so -RUN cp /lib64/php/modules/gettext.so /bref/bref/extensions/gettext.so -RUN cp /lib64/php/modules/iconv.so /bref/bref/extensions/iconv.so -RUN cp /lib64/php/modules/sockets.so /bref/bref/extensions/sockets.so -RUN cp /lib64/php/modules/tokenizer.so /bref/bref/extensions/tokenizer.so - # cURL RUN cp /lib64/php/modules/curl.so /bref/bref/extensions/curl.so #RUN cp /lib64/libcurl.so.4 /bref/lib/libcurl.so.4 @@ -83,34 +158,6 @@ RUN cp /lib64/php/modules/curl.so /bref/bref/extensions/curl.so #RUN cp /lib64/libplc4.so /bref/lib/libplc4.so #RUN cp /lib64/libnspr4.so /bref/lib/libnspr4.so -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-mbstring \ - php-bcmath \ - php-dom \ - php-mysqli \ - php-mysqlnd \ - php-opcache \ - php-pdo \ - php-pdo_mysql \ - php-phar \ - php-posix \ - php-simplexml \ - php-soap \ - php-sodium \ - php-xml \ - php-xmlreader \ - php-xmlwriter \ - php-xsl \ - php-intl \ - php-apcu \ - php-pdo_pgsql \ - php-zip - -# Install development tools to compile extra PHP extensions -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-devel \ - php-pear - RUN cp /lib64/php/modules/mbstring.so /bref/bref/extensions/mbstring.so RUN cp /usr/lib64/libonig.so.105 /bref/lib/libonig.so.105 @@ -162,9 +209,6 @@ RUN cp /lib64/php/modules/xml.so /bref/bref/extensions/xml.so RUN cp /lib64/php/modules/xmlreader.so /bref/bref/extensions/xmlreader.so RUN cp /lib64/php/modules/xmlwriter.so /bref/bref/extensions/xmlwriter.so -# Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation - COPY --from=build-environment /bref /opt # This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) From b16c6b4d70df92eede4932b067ca0103178fe715 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 16:31:14 +0100 Subject: [PATCH 10/97] Fix incorrect mention of libedit BTW we could use libedit for readline, but it appears to be a secondary alternative, and not without issues (e.g. https://github.com/docker-library/php/pull/1187). Let's stick to readline. --- base-devel/cpu-x86.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index b7260d74..d194bb14 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -340,7 +340,7 @@ RUN make && make install ############################################################################### # Install some dev files for using old libraries already on the system -# readline-devel : needed for the --with-libedit flag +# readline-devel : needed for the readline extension # gettext-devel : needed for the --with-gettext flag # libicu-devel : needed for intl # libxslt-devel : needed for the XSL extension From b0774066db57645fc332aa55283161d2150c8874 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 16:32:41 +0100 Subject: [PATCH 11/97] We compile PHP with the "readline" sys lib instead of libedit Both options seem to be acceptable, but we get readline out of the box on lambda, and there seems to be issues with libedit anyway (https://github.com/docker-library/php/pull/1187) --- tests/test_2_extensions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_2_extensions.php b/tests/test_2_extensions.php index ed65ee39..42ca49a5 100644 --- a/tests/test_2_extensions.php +++ b/tests/test_2_extensions.php @@ -61,7 +61,7 @@ 'openssl' => strlen(openssl_random_pseudo_bytes(1)) === 1, 'pntcl' => function_exists('pcntl_fork'), 'pcre' => preg_match('/abc/', 'abcde', $matches) && $matches[0] === 'abc', - 'readline' => READLINE_LIB === 'libedit', + 'readline' => READLINE_LIB === 'readline', 'reflection' => class_exists(\ReflectionClass::class), 'session' => session_status() === PHP_SESSION_NONE, 'zip' => class_exists(\ZipArchive::class), From 74b7da445e5918aaf579c8a2171779fe91034929 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 16:44:31 +0100 Subject: [PATCH 12/97] Add a script that automatically detects and copies the system libraries --- .dockerignore | 1 - README.md | 6 +- utils/lib-check/copy-dependencies.php | 95 +++++++++++++++++++++++++++ 3 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 utils/lib-check/copy-dependencies.php diff --git a/.dockerignore b/.dockerignore index 84abea21..0d5e374b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,7 +2,6 @@ aws/ output/ tests/ -utils/ .env .env.example .gitignore diff --git a/README.md b/README.md index 331d2b67..47fc9f8d 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,11 @@ If you ever need to check out the content of a layer, you can start a `bash` ter docker run --rm -it --entrypoint=bash bref/php-80 ``` -Pro-tip: `ldd` is a linux utility that will show libraries (`.so` files) used by a binary/library. For example: `ldd /opt/bin/php` or `ldd /opt/bref/extensions/curl.so`. That helps to make sure we include all the libraries needed by PHP extensions in the layers. +> **Note:** +> +> `ldd` is a linux utility that will show libraries (`.so` files) used by a binary/library. For example: `ldd /opt/bin/php` or `ldd /opt/bref/extensions/curl.so`. That helps to make sure we include all the libraries needed by PHP extensions in the layers. +> +> However, `ldd` fails when running on another CPU architecture. So instead of `ldd`, we use `objdump -p /usr/bin/bash | grep NEEDED` (that needs to be installed with `yum install binutils`). Related: `utils/lib-check` is a small utility-tool to check whether we're copying unnecessary `.so` files into the layer (i.e. `.so` files that already exist in Lambda). diff --git a/utils/lib-check/copy-dependencies.php b/utils/lib-check/copy-dependencies.php new file mode 100644 index 00000000..2837c660 --- /dev/null +++ b/utils/lib-check/copy-dependencies.php @@ -0,0 +1,95 @@ + + * + * For example: + * php copy-dependencies.php /opt/bin/php /opt/lib + * + ********************************************************/ + +if (! ($argv[1] ?? false)) { + echo 'Missing the first argument, check the file to see how to use it' . PHP_EOL; + exit(1); +} +if (! ($argv[2] ?? false)) { + echo 'Missing the second argument, check the file to see how to use it' . PHP_EOL; + exit(1); +} +$pathToCheck = $argv[1]; +$targetDirectory = $argv[2]; + +// All the paths where shared libraries can be found +const LIB_PATHS = [ + // System + '/lib64', + '/usr/lib64', + // Libraries we compiled from source go here by default + '/tmp/bref/lib', + '/tmp/bref/lib64', +]; + +$arch = 'x86'; +if (php_uname('m') !== 'x86_64') { + $arch = 'arm'; +} + +$librariesThatExistOnLambda = file(__DIR__ . "/libs-$arch.txt"); +// For some reason some libraries are actually not in Lambda, despite being in the docker image 🤷 +$librariesThatExistOnLambda = array_filter($librariesThatExistOnLambda, function ($library) { + return ! str_contains($library, 'libgcrypt.so') && ! str_contains($library, 'libgpg-error.so'); +}); + +$requiredLibraries = listAllDependenciesRecursively($pathToCheck); +// Exclude existing system libraries +$requiredLibraries = array_filter($requiredLibraries, fn(string $lib) => !in_array($lib, $librariesThatExistOnLambda, true)); + +// Copy all the libraries +foreach ($requiredLibraries as $libraryPath) { + $targetPath = $targetDirectory . '/' . basename($libraryPath); + echo "Copying $libraryPath to $targetPath" . PHP_EOL; + copy($libraryPath, $targetPath); +} + + +function listDependencies(string $path): array +{ + static $cache = []; + if (!isset($cache[$path])) { + echo $path . PHP_EOL; + $asString = shell_exec("objdump -p '$path' | grep NEEDED | awk '{ print $2 }'"); + if (!$asString) { + $dependencies = []; + } else { + $dependencies = array_filter(explode(PHP_EOL, $asString)); + } + $cache[$path] = array_map(fn(string $dependency) => findFullPath($dependency), $dependencies); + } + return $cache[$path]; +} + +function findFullPath(string $lib): string { + static $cache = []; + if (isset($cache[$lib])) { + return $cache[$lib]; + } + foreach (LIB_PATHS as $libPath) { + if (file_exists("$libPath/$lib")) { + $cache[$lib] = "$libPath/$lib"; + return "$libPath/$lib"; + } + } + throw new RuntimeException("Dependency '$lib' not found"); +} + +function listAllDependenciesRecursively(string $path): array +{ + $dependencies = listDependencies($path); + $allDependencies = []; + foreach ($dependencies as $dependency) { + $allDependencies = array_merge($allDependencies, listAllDependenciesRecursively($dependency)); + } + return array_unique(array_merge($dependencies, $allDependencies)); +} From 48e031f6e81e05736c11befeb6ecf514396b155d Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 16:52:50 +0100 Subject: [PATCH 13/97] Automatically detect and copy the system libraries instead of manually copying them --- php-81/cpu-x86.Dockerfile | 143 ++++++-------------------------------- 1 file changed, 23 insertions(+), 120 deletions(-) diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index 0034a621..8e136b94 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -1,3 +1,4 @@ +# syntax = docker/dockerfile:1.4 FROM bref/base-devel-x86 as build-environment ENV VERSION_PHP=8.1.14 @@ -82,136 +83,38 @@ RUN pecl install APCu # --------------------------------------------------------------- -# Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation - +# Now we copy everything we need for the layers into /opt (location of the layers) RUN mkdir /opt/bin \ && mkdir /opt/lib \ && mkdir -p /opt/bref/extensions +# Copy the PHP binary into /opt/bin +RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php -RUN cp ${INSTALL_DIR}/bin/php /bref/bin/php && chmod +x /bref/bin/php +# Copy all the external PHP extensions +RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ - -# -------------------------------------------------------- -# Now we copy what we need from: +# Copy all the required system libraries from: # - /lib | /lib64 (system libraries installed with `yum`) -# - /usr/local/bin | /usr/local/lib | /usr/local/lib64 (libraries compiled from source) +# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) # into `/opt` (the directory of Lambda layers) -# -# HOW? -# `ldd /usr/local/bin/php` will list the libraries a binary or library depends on. -# We use `ldd` and copy all the dependencies. -# BUT some system libraries are native to Amazon Linux 2 (they already exist in Lambda), -# so we don't copy these (the lines will be commented below to show that we know about them). - - -# These files are included on Amazon Linux 2 - -# RUN cp /lib64/librt.so.1 /bref/lib/librt.so.1 -# RUN cp /lib64/libstdc++.so.6 /bref/lib/libstdc++.so.6 -# RUN cp /lib64/libutil.so.1 /bref/lib/libutil.so.1 -# RUN cp /lib64/libxml2.so.2 /bref/lib/libxml2.so.2 -# RUN cp /lib64/libssl.so.10 /bref/lib/libssl.so.10 -# RUN cp /lib64/libz.so.1 /bref/lib/libz.so.1 -# RUN cp /lib64/libselinux.so.1 /bref/lib/libselinux.so.1 -# RUN cp /lib64/libssh2.so.1 /bref/lib/libssh2.so.1 -# RUN cp /lib64/libunistring.so.0 /bref/lib/libunistring.so.0 -# RUN cp /lib64/libsasl2.so.3 /bref/lib/libsasl2.so.3 -# RUN cp /lib64/libssl3.so /bref/lib/libssl3.so -# RUN cp /lib64/libsmime3.so /bref/lib/libsmime3.so - -# PHP Binary -RUN cp ${INSTALL_DIR}/bin/php /bref/bin/php && chmod +x /bref/bin/php -RUN cp /lib64/libtinfo.so.5 /bref/lib/libtinfo.so.5 -RUN cp /lib64/libedit.so.0 /bref/lib/libedit.so.0 -RUN cp /lib64/libncurses.so.5 /bref/lib/libncurses.so.5 -#RUN cp /lib64/libcrypt.so.1 /bref/lib/libcrypt.so.1 -#RUN cp /lib64/libresolv.so.2 /bref/lib/libresolv.so.2 -#RUN cp /lib64/libm.so.6 /bref/lib/libm.so.6 -#RUN cp /lib64/libdl.so.2 /bref/lib/libdl.so.2 -#RUN cp /lib64/libgssapi_krb5.so.2 /bref/lib/libgssapi_krb5.so.2 -#RUN cp /lib64/libkrb5.so.3 /bref/lib/libkrb5.so.3 -#RUN cp /lib64/libk5crypto.so.3 /bref/lib/libk5crypto.so.3 -#RUN cp /lib64/libcom_err.so.2 /bref/lib/libcom_err.so.2 -#RUN cp /lib64/libcrypto.so.10 /bref/lib/libcrypto.so.10 -#RUN cp /lib64/libc.so.6 /bref/lib/libc.so.6 -#RUN cp /lib64/libpthread.so.0 /bref/lib/libpthread.so.0 -#RUN cp /lib64/ld-linux-x86-64.so.2 /bref/lib/ld-linux-x86-64.so.2 -#RUN cp /lib64/libgcc_s.so.1 /bref/lib/libgcc_s.so.1 -#RUN cp /lib64/liblzma.so.5 /bref/lib/liblzma.so.5 -#RUN cp /lib64/libkrb5support.so.0 /bref/lib/libkrb5support.so.0 -#RUN cp /lib64/libkeyutils.so.1 /bref/lib/libkeyutils.so.1 -#RUN cp /lib64/libtinfo.so.6 /bref/lib/libtinfo.so.6 -#RUN cp /lib64/libpcre.so.1 /bref/lib/libpcre.so.1 - -# cURL -RUN cp /lib64/php/modules/curl.so /bref/bref/extensions/curl.so -#RUN cp /lib64/libcurl.so.4 /bref/lib/libcurl.so.4 -#RUN cp /lib64/libnghttp2.so.14 /bref/lib/libnghttp2.so.14 -#RUN cp /lib64/libidn2.so.0 /bref/lib/libidn2.so.0 -#RUN cp /lib64/libldap-2.4.so.2 /bref/lib/libldap-2.4.so.2 -#RUN cp /lib64/liblber-2.4.so.2 /bref/lib/liblber-2.4.so.2 -#RUN cp /lib64/libnss3.so /bref/lib/libnss3.so -#RUN cp /lib64/libnssutil3.so /bref/lib/libnssutil3.so -#RUN cp /lib64/libplds4.so /bref/lib/libplds4.so -#RUN cp /lib64/libplc4.so /bref/lib/libplc4.so -#RUN cp /lib64/libnspr4.so /bref/lib/libnspr4.so - -RUN cp /lib64/php/modules/mbstring.so /bref/bref/extensions/mbstring.so -RUN cp /usr/lib64/libonig.so.105 /bref/lib/libonig.so.105 - -# mysqli depends on mysqlnd -RUN cp /lib64/php/modules/mysqli.so /bref/bref/extensions/mysqli.so -RUN cp /lib64/php/modules/mysqlnd.so /bref/bref/extensions/mysqlnd.so - -#RUN cp /usr/lib64/libsqlite3.so.0 /bref/lib/libsqlite3.so.0 -RUN cp /lib64/php/modules/sqlite3.so /bref/bref/extensions/sqlite3.so - -RUN cp /usr/lib64/libgpg-error.so.0 /bref/lib/libgpg-error.so.0 -RUN cp /usr/lib64/libgcrypt.so.11 /bref/lib/libgcrypt.so.11 -RUN cp /usr/lib64/libexslt.so.0 /bref/lib/libexslt.so.0 -RUN cp /usr/lib64/libxslt.so.1 /bref/lib/libxslt.so.1 -RUN cp /lib64/php/modules/xsl.so /bref/bref/extensions/xsl.so - -RUN cp /usr/lib64/libicuio.so.71 /bref/lib/libicuio.so.71 -RUN cp /usr/lib64/libicui18n.so.71 /bref/lib/libicui18n.so.71 -RUN cp /usr/lib64/libicuuc.so.71 /bref/lib/libicuuc.so.71 -RUN cp /usr/lib64/libicudata.so.71 /bref/lib/libicudata.so.71 -RUN cp /lib64/php/modules/intl.so /bref/bref/extensions/intl.so - -RUN cp /lib64/php/modules/apcu.so /bref/bref/extensions/apcu.so - -RUN cp /usr/lib64/libpq.so.5 /bref/lib/libpq.so.5 -#RUN cp /usr/lib64/libldap_r-2.4.so.2 /bref/lib/libldap_r-2.4.so.2 -RUN cp /lib64/php/modules/pdo_pgsql.so /bref/bref/extensions/pdo_pgsql.so - -RUN cp /usr/lib64/libzip.so.5 /bref/lib/libzip.so.5 -RUN cp /usr/lib64/libzstd.so.1 /bref/lib/libzstd.so.1 -RUN cp /lib64/php/modules/zip.so /bref/bref/extensions/zip.so - -# sodium -RUN cp /lib64/php/modules/sodium.so /bref/bref/extensions/sodium.so -RUN cp /usr/lib64/libsodium.so.23 /bref/lib/libsodium.so.23 - -# other extensions without system dependencies -RUN cp /lib64/php/modules/bcmath.so /bref/bref/extensions/bcmath.so -RUN cp /lib64/php/modules/dom.so /bref/bref/extensions/dom.so -RUN cp /lib64/php/modules/opcache.so /bref/bref/extensions/opcache.so -RUN cp /lib64/php/modules/pdo.so /bref/bref/extensions/pdo.so -RUN cp /lib64/php/modules/pdo_mysql.so /bref/bref/extensions/pdo_mysql.so -RUN cp /lib64/php/modules/pdo_sqlite.so /bref/bref/extensions/pdo_sqlite.so -RUN cp /lib64/php/modules/phar.so /bref/bref/extensions/phar.so -RUN cp /lib64/php/modules/posix.so /bref/bref/extensions/posix.so -RUN cp /lib64/php/modules/simplexml.so /bref/bref/extensions/simplexml.so -RUN cp /lib64/php/modules/soap.so /bref/bref/extensions/soap.so -RUN cp /lib64/php/modules/xml.so /bref/bref/extensions/xml.so -RUN cp /lib64/php/modules/xmlreader.so /bref/bref/extensions/xmlreader.so -RUN cp /lib64/php/modules/xmlwriter.so /bref/bref/extensions/xmlwriter.so - -COPY --from=build-environment /bref /opt +COPY --link utils/lib-check /bref/lib-copy +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib + + +# --------------------------------------------------------------- +# Start from a clean image to copy only the files we need +FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation + +COPY --link --from=build-environment /opt /opt # This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) +# TODO delete ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" FROM isolation as function From c3180e303591320b6762a1fc4b64718990778046 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 16:53:21 +0100 Subject: [PATCH 14/97] Update the list of PHP extensions to remove the (now) built-in extensions --- layers/function/bref-extensions.ini | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/layers/function/bref-extensions.ini b/layers/function/bref-extensions.ini index 96d78712..16e3e2e6 100644 --- a/layers/function/bref-extensions.ini +++ b/layers/function/bref-extensions.ini @@ -1,31 +1,5 @@ extension_dir=/opt/bref/extensions -extension=bcmath.so -extension=ctype.so -extension=curl.so -extension=dom.so -extension=exif.so -extension=fileinfo.so -extension=ftp.so -extension=gettext.so -extension=iconv.so -extension=mbstring.so -extension=mysqlnd.so -extension=mysqli.so -extension=pdo.so extension=pdo_mysql.so -extension=pdo_sqlite.so -extension=phar.so -extension=posix.so -extension=simplexml.so -extension=sodium.so -extension=soap.so -extension=sockets.so -extension=sqlite3.so -extension=tokenizer.so -extension=xml.so -extension=xmlreader.so -extension=xmlwriter.so -extension=xsl.so -extension=zip.so + zend_extension=opcache.so From 41e5d34909dafeb381bcd36c2996881e8a5ef9a1 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 17:57:27 +0100 Subject: [PATCH 15/97] Apply the new build system (compile PHP from source) to PHP 8.0 and 8.2 --- php-80/cpu-x86.Dockerfile | 273 +++++++++++++++---------------------- php-82/cpu-x86.Dockerfile | 274 +++++++++++++++----------------------- 2 files changed, 220 insertions(+), 327 deletions(-) diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile index f71393f6..d58256a0 100644 --- a/php-80/cpu-x86.Dockerfile +++ b/php-80/cpu-x86.Dockerfile @@ -1,173 +1,120 @@ +# syntax = docker/dockerfile:1.4 FROM bref/base-devel-x86 as build-environment -# Specifying the exact PHP version lets us avoid the Docker cache when a new version comes out -ENV VERSION_PHP=8.0.25-1 -# Check out the latest version available on this page: -# https://rpms.remirepo.net/enterprise/7/php80/x86_64/repoview/php.html - - -# Work in a temporary /bref dir to avoid any conflict/mixup with other /opt files -# /bref will eventually be moved to /opt -RUN mkdir /bref \ -&& mkdir /bref/bin \ -&& mkdir /bref/lib \ -&& mkdir -p /bref/bref/extensions - -RUN yum-config-manager --enable remi-php80 - -RUN yum update -y && yum upgrade -y - -# --setopt=skip_missing_names_on_install=False makes sure we get an error if a package is missing -RUN yum install --setopt=skip_missing_names_on_install=False -y \ - php-cli-${VERSION_PHP}.el7.remi.x86_64 - -# These files are included on Amazon Linux 2 - -# RUN cp /lib64/librt.so.1 /bref/lib/librt.so.1 -# RUN cp /lib64/libstdc++.so.6 /bref/lib/libstdc++.so.6 -# RUN cp /lib64/libutil.so.1 /bref/lib/libutil.so.1 -# RUN cp /lib64/libxml2.so.2 /bref/lib/libxml2.so.2 -# RUN cp /lib64/libssl.so.10 /bref/lib/libssl.so.10 -# RUN cp /lib64/libz.so.1 /bref/lib/libz.so.1 -# RUN cp /lib64/libselinux.so.1 /bref/lib/libselinux.so.1 -# RUN cp /lib64/libssh2.so.1 /bref/lib/libssh2.so.1 -# RUN cp /lib64/libunistring.so.0 /bref/lib/libunistring.so.0 -# RUN cp /lib64/libsasl2.so.3 /bref/lib/libsasl2.so.3 -# RUN cp /lib64/libssl3.so /bref/lib/libssl3.so -# RUN cp /lib64/libsmime3.so /bref/lib/libsmime3.so - -# PHP Binary -RUN cp /usr/bin/php /bref/bin/php && chmod +x /bref/bin/php -RUN cp /lib64/libtinfo.so.5 /bref/lib/libtinfo.so.5 -RUN cp /lib64/libedit.so.0 /bref/lib/libedit.so.0 -RUN cp /lib64/libncurses.so.5 /bref/lib/libncurses.so.5 -#RUN cp /lib64/libcrypt.so.1 /bref/lib/libcrypt.so.1 -#RUN cp /lib64/libresolv.so.2 /bref/lib/libresolv.so.2 -#RUN cp /lib64/libm.so.6 /bref/lib/libm.so.6 -#RUN cp /lib64/libdl.so.2 /bref/lib/libdl.so.2 -#RUN cp /lib64/libgssapi_krb5.so.2 /bref/lib/libgssapi_krb5.so.2 -#RUN cp /lib64/libkrb5.so.3 /bref/lib/libkrb5.so.3 -#RUN cp /lib64/libk5crypto.so.3 /bref/lib/libk5crypto.so.3 -#RUN cp /lib64/libcom_err.so.2 /bref/lib/libcom_err.so.2 -#RUN cp /lib64/libcrypto.so.10 /bref/lib/libcrypto.so.10 -#RUN cp /lib64/libc.so.6 /bref/lib/libc.so.6 -#RUN cp /lib64/libpthread.so.0 /bref/lib/libpthread.so.0 -#RUN cp /lib64/ld-linux-x86-64.so.2 /bref/lib/ld-linux-x86-64.so.2 -#RUN cp /lib64/libgcc_s.so.1 /bref/lib/libgcc_s.so.1 -#RUN cp /lib64/liblzma.so.5 /bref/lib/liblzma.so.5 -#RUN cp /lib64/libkrb5support.so.0 /bref/lib/libkrb5support.so.0 -#RUN cp /lib64/libkeyutils.so.1 /bref/lib/libkeyutils.so.1 -#RUN cp /lib64/libtinfo.so.6 /bref/lib/libtinfo.so.6 -#RUN cp /lib64/libpcre.so.1 /bref/lib/libpcre.so.1 - -# Default Extensions -RUN cp /lib64/php/modules/ctype.so /bref/bref/extensions/ctype.so -RUN cp /lib64/php/modules/exif.so /bref/bref/extensions/exif.so -RUN cp /lib64/php/modules/fileinfo.so /bref/bref/extensions/fileinfo.so -RUN cp /lib64/php/modules/ftp.so /bref/bref/extensions/ftp.so -RUN cp /lib64/php/modules/gettext.so /bref/bref/extensions/gettext.so -RUN cp /lib64/php/modules/iconv.so /bref/bref/extensions/iconv.so -RUN cp /lib64/php/modules/sockets.so /bref/bref/extensions/sockets.so -RUN cp /lib64/php/modules/tokenizer.so /bref/bref/extensions/tokenizer.so - -# cURL -RUN cp /lib64/php/modules/curl.so /bref/bref/extensions/curl.so -#RUN cp /lib64/libcurl.so.4 /bref/lib/libcurl.so.4 -#RUN cp /lib64/libnghttp2.so.14 /bref/lib/libnghttp2.so.14 -#RUN cp /lib64/libidn2.so.0 /bref/lib/libidn2.so.0 -#RUN cp /lib64/libldap-2.4.so.2 /bref/lib/libldap-2.4.so.2 -#RUN cp /lib64/liblber-2.4.so.2 /bref/lib/liblber-2.4.so.2 -#RUN cp /lib64/libnss3.so /bref/lib/libnss3.so -#RUN cp /lib64/libnssutil3.so /bref/lib/libnssutil3.so -#RUN cp /lib64/libplds4.so /bref/lib/libplds4.so -#RUN cp /lib64/libplc4.so /bref/lib/libplc4.so -#RUN cp /lib64/libnspr4.so /bref/lib/libnspr4.so - -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-mbstring \ - php-bcmath \ - php-dom \ - php-mysqli \ - php-mysqlnd \ - php-opcache \ - php-pdo \ - php-pdo_mysql \ - php-phar \ - php-posix \ - php-simplexml \ - php-soap \ - php-sodium \ - php-xml \ - php-xmlreader \ - php-xmlwriter \ - php-xsl \ - php-intl \ - php-apcu \ - php-pdo_pgsql \ - php-zip - -# Install development tools to compile extra PHP extensions -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-devel \ - php-pear - -RUN cp /lib64/php/modules/mbstring.so /bref/bref/extensions/mbstring.so -RUN cp /usr/lib64/libonig.so.105 /bref/lib/libonig.so.105 - -# mysqli depends on mysqlnd -RUN cp /lib64/php/modules/mysqli.so /bref/bref/extensions/mysqli.so -RUN cp /lib64/php/modules/mysqlnd.so /bref/bref/extensions/mysqlnd.so - -#RUN cp /usr/lib64/libsqlite3.so.0 /bref/lib/libsqlite3.so.0 -RUN cp /lib64/php/modules/sqlite3.so /bref/bref/extensions/sqlite3.so - -RUN cp /usr/lib64/libgpg-error.so.0 /bref/lib/libgpg-error.so.0 -RUN cp /usr/lib64/libgcrypt.so.11 /bref/lib/libgcrypt.so.11 -RUN cp /usr/lib64/libexslt.so.0 /bref/lib/libexslt.so.0 -RUN cp /usr/lib64/libxslt.so.1 /bref/lib/libxslt.so.1 -RUN cp /lib64/php/modules/xsl.so /bref/bref/extensions/xsl.so - -RUN cp /usr/lib64/libicuio.so.71 /bref/lib/libicuio.so.71 -RUN cp /usr/lib64/libicui18n.so.71 /bref/lib/libicui18n.so.71 -RUN cp /usr/lib64/libicuuc.so.71 /bref/lib/libicuuc.so.71 -RUN cp /usr/lib64/libicudata.so.71 /bref/lib/libicudata.so.71 -RUN cp /lib64/php/modules/intl.so /bref/bref/extensions/intl.so - -RUN cp /lib64/php/modules/apcu.so /bref/bref/extensions/apcu.so - -RUN cp /usr/lib64/libpq.so.5 /bref/lib/libpq.so.5 -#RUN cp /usr/lib64/libldap_r-2.4.so.2 /bref/lib/libldap_r-2.4.so.2 -RUN cp /lib64/php/modules/pdo_pgsql.so /bref/bref/extensions/pdo_pgsql.so - -RUN cp /usr/lib64/libzip.so.5 /bref/lib/libzip.so.5 -RUN cp /usr/lib64/libzstd.so.1 /bref/lib/libzstd.so.1 -RUN cp /lib64/php/modules/zip.so /bref/bref/extensions/zip.so - -# sodium -RUN cp /lib64/php/modules/sodium.so /bref/bref/extensions/sodium.so -RUN cp /usr/lib64/libsodium.so.23 /bref/lib/libsodium.so.23 - -# other extensions without system dependencies -RUN cp /lib64/php/modules/bcmath.so /bref/bref/extensions/bcmath.so -RUN cp /lib64/php/modules/dom.so /bref/bref/extensions/dom.so -RUN cp /lib64/php/modules/opcache.so /bref/bref/extensions/opcache.so -RUN cp /lib64/php/modules/pdo.so /bref/bref/extensions/pdo.so -RUN cp /lib64/php/modules/pdo_mysql.so /bref/bref/extensions/pdo_mysql.so -RUN cp /lib64/php/modules/pdo_sqlite.so /bref/bref/extensions/pdo_sqlite.so -RUN cp /lib64/php/modules/phar.so /bref/bref/extensions/phar.so -RUN cp /lib64/php/modules/posix.so /bref/bref/extensions/posix.so -RUN cp /lib64/php/modules/simplexml.so /bref/bref/extensions/simplexml.so -RUN cp /lib64/php/modules/soap.so /bref/bref/extensions/soap.so -RUN cp /lib64/php/modules/xml.so /bref/bref/extensions/xml.so -RUN cp /lib64/php/modules/xmlreader.so /bref/bref/extensions/xmlreader.so -RUN cp /lib64/php/modules/xmlwriter.so /bref/bref/extensions/xmlwriter.so - +ENV VERSION_PHP=8.0.25 + +RUN mkdir -p /tmp/php +WORKDIR /tmp/php + +# PHP Build +# https://github.com/php/php-src/releases +# Needs: +# - zlib +# - libxml2 +# - openssl +# - readline +# - sodium + +# Download and unpack the source code +# --location will follow redirects +# --silent will hide the progress, but also the errors: we restore error messages with --show-error +# --fail makes sure that curl returns an error instead of fetching the 404 page +RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ + | tar xzC . --strip-components=1 + +# Configure the build +# -fstack-protector-strong : Be paranoid about stack overflows +# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# -fpie : Support Address Space Layout Randomization (see -fpic) +# -O3 : Optimize for fastest binaries possible. +# -I : Add the path to the list of directories to be searched for header files during preprocessing. +# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings +# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) +# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) +# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 +RUN ./buildconf --force +RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ + ./configure \ + --build=x86_64-pc-linux-gnu \ + --prefix=${INSTALL_DIR} \ + --enable-option-checking=fatal \ + --enable-sockets \ + --with-config-file-path=/opt/bref/etc/php \ + --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ + --enable-fpm \ + --disable-cgi \ + --enable-cli \ + --disable-phpdbg \ + --with-sodium \ + --with-readline \ + --with-openssl \ + --with-zlib=${INSTALL_DIR} \ + --with-zlib-dir=${INSTALL_DIR} \ + --with-curl \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pdo-mysql=shared,mysqlnd \ + --with-mysqli \ + --enable-pcntl \ + --with-zip \ + --enable-bcmath \ + --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --enable-intl=shared \ + --enable-soap \ + --with-xsl=${INSTALL_DIR} \ + # necessary for `pecl` to work (to install PHP extensions) + --with-pear +RUN make -j $(nproc) +# Run `make install` and override PEAR's PHAR URL because pear.php.net is down +RUN set -xe; \ + make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ + { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ + make clean; \ + cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini + + +# Install extensions +# We can install extensions manually or using `pecl` +RUN pecl install APCu + + +# --------------------------------------------------------------- +# Now we copy everything we need for the layers into /opt (location of the layers) +RUN mkdir /opt/bin \ +&& mkdir /opt/lib \ +&& mkdir -p /opt/bref/extensions + +# Copy the PHP binary into /opt/bin +RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php + +# Copy all the external PHP extensions +RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ + +# Copy all the required system libraries from: +# - /lib | /lib64 (system libraries installed with `yum`) +# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) +# into `/opt` (the directory of Lambda layers) +COPY --link utils/lib-check /bref/lib-copy +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib + + +# --------------------------------------------------------------- # Start from a clean image to copy only the files we need FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation -COPY --from=build-environment /bref /opt +COPY --link --from=build-environment /opt /opt # This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) +# TODO delete ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" FROM isolation as function diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile index d9b72a49..ad9fda39 100644 --- a/php-82/cpu-x86.Dockerfile +++ b/php-82/cpu-x86.Dockerfile @@ -1,174 +1,120 @@ +# syntax = docker/dockerfile:1.4 FROM bref/base-devel-x86 as build-environment -# Specifying the exact PHP version lets us avoid the Docker cache when a new version comes out -ENV VERSION_PHP=8.2.0-1 -# Check out the latest version available on this page: -# https://rpms.remirepo.net/enterprise/7/php82/x86_64/repoview/php-cli.html -# See also https://github.com/remicollet/remirepo/issues/206 - - -# Work in a temporary /bref dir to avoid any conflict/mixup with other /opt files -# /bref will eventually be moved to /opt -RUN mkdir /bref \ -&& mkdir /bref/bin \ -&& mkdir /bref/lib \ -&& mkdir -p /bref/bref/extensions - -RUN yum-config-manager --enable remi-php82 - -RUN yum update -y && yum upgrade -y - -# --setopt=skip_missing_names_on_install=False makes sure we get an error if a package is missing -RUN yum install --setopt=skip_missing_names_on_install=False -y \ - php-cli-${VERSION_PHP}.el7.remi.x86_64 - -# These files are included on Amazon Linux 2 - -# RUN cp /lib64/librt.so.1 /bref/lib/librt.so.1 -# RUN cp /lib64/libstdc++.so.6 /bref/lib/libstdc++.so.6 -# RUN cp /lib64/libutil.so.1 /bref/lib/libutil.so.1 -# RUN cp /lib64/libxml2.so.2 /bref/lib/libxml2.so.2 -# RUN cp /lib64/libssl.so.10 /bref/lib/libssl.so.10 -# RUN cp /lib64/libz.so.1 /bref/lib/libz.so.1 -# RUN cp /lib64/libselinux.so.1 /bref/lib/libselinux.so.1 -# RUN cp /lib64/libssh2.so.1 /bref/lib/libssh2.so.1 -# RUN cp /lib64/libunistring.so.0 /bref/lib/libunistring.so.0 -# RUN cp /lib64/libsasl2.so.3 /bref/lib/libsasl2.so.3 -# RUN cp /lib64/libssl3.so /bref/lib/libssl3.so -# RUN cp /lib64/libsmime3.so /bref/lib/libsmime3.so - -# PHP Binary -RUN cp /usr/bin/php /bref/bin/php && chmod +x /bref/bin/php -RUN cp /lib64/libtinfo.so.5 /bref/lib/libtinfo.so.5 -RUN cp /lib64/libedit.so.0 /bref/lib/libedit.so.0 -RUN cp /lib64/libncurses.so.5 /bref/lib/libncurses.so.5 -#RUN cp /lib64/libcrypt.so.1 /bref/lib/libcrypt.so.1 -#RUN cp /lib64/libresolv.so.2 /bref/lib/libresolv.so.2 -#RUN cp /lib64/libm.so.6 /bref/lib/libm.so.6 -#RUN cp /lib64/libdl.so.2 /bref/lib/libdl.so.2 -#RUN cp /lib64/libgssapi_krb5.so.2 /bref/lib/libgssapi_krb5.so.2 -#RUN cp /lib64/libkrb5.so.3 /bref/lib/libkrb5.so.3 -#RUN cp /lib64/libk5crypto.so.3 /bref/lib/libk5crypto.so.3 -#RUN cp /lib64/libcom_err.so.2 /bref/lib/libcom_err.so.2 -#RUN cp /lib64/libcrypto.so.10 /bref/lib/libcrypto.so.10 -#RUN cp /lib64/libc.so.6 /bref/lib/libc.so.6 -#RUN cp /lib64/libpthread.so.0 /bref/lib/libpthread.so.0 -#RUN cp /lib64/ld-linux-x86-64.so.2 /bref/lib/ld-linux-x86-64.so.2 -#RUN cp /lib64/libgcc_s.so.1 /bref/lib/libgcc_s.so.1 -#RUN cp /lib64/liblzma.so.5 /bref/lib/liblzma.so.5 -#RUN cp /lib64/libkrb5support.so.0 /bref/lib/libkrb5support.so.0 -#RUN cp /lib64/libkeyutils.so.1 /bref/lib/libkeyutils.so.1 -#RUN cp /lib64/libtinfo.so.6 /bref/lib/libtinfo.so.6 -#RUN cp /lib64/libpcre.so.1 /bref/lib/libpcre.so.1 - -# Default Extensions -RUN cp /lib64/php/modules/ctype.so /bref/bref/extensions/ctype.so -RUN cp /lib64/php/modules/exif.so /bref/bref/extensions/exif.so -RUN cp /lib64/php/modules/fileinfo.so /bref/bref/extensions/fileinfo.so -RUN cp /lib64/php/modules/ftp.so /bref/bref/extensions/ftp.so -RUN cp /lib64/php/modules/gettext.so /bref/bref/extensions/gettext.so -RUN cp /lib64/php/modules/iconv.so /bref/bref/extensions/iconv.so -RUN cp /lib64/php/modules/sockets.so /bref/bref/extensions/sockets.so -RUN cp /lib64/php/modules/tokenizer.so /bref/bref/extensions/tokenizer.so - -# cURL -RUN cp /lib64/php/modules/curl.so /bref/bref/extensions/curl.so -#RUN cp /lib64/libcurl.so.4 /bref/lib/libcurl.so.4 -#RUN cp /lib64/libnghttp2.so.14 /bref/lib/libnghttp2.so.14 -#RUN cp /lib64/libidn2.so.0 /bref/lib/libidn2.so.0 -#RUN cp /lib64/libldap-2.4.so.2 /bref/lib/libldap-2.4.so.2 -#RUN cp /lib64/liblber-2.4.so.2 /bref/lib/liblber-2.4.so.2 -#RUN cp /lib64/libnss3.so /bref/lib/libnss3.so -#RUN cp /lib64/libnssutil3.so /bref/lib/libnssutil3.so -#RUN cp /lib64/libplds4.so /bref/lib/libplds4.so -#RUN cp /lib64/libplc4.so /bref/lib/libplc4.so -#RUN cp /lib64/libnspr4.so /bref/lib/libnspr4.so - -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-mbstring \ - php-bcmath \ - php-dom \ - php-mysqli \ - php-mysqlnd \ - php-opcache \ - php-pdo \ - php-pdo_mysql \ - php-phar \ - php-posix \ - php-simplexml \ - php-soap \ - php-sodium \ - php-xml \ - php-xmlreader \ - php-xmlwriter \ - php-xsl \ - php-intl \ - php-apcu \ - php-pdo_pgsql \ - php-zip - -# Install development tools to compile extra PHP extensions -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-devel \ - php-pear - -RUN cp /lib64/php/modules/mbstring.so /bref/bref/extensions/mbstring.so -RUN cp /usr/lib64/libonig.so.105 /bref/lib/libonig.so.105 - -# mysqli depends on mysqlnd -RUN cp /lib64/php/modules/mysqli.so /bref/bref/extensions/mysqli.so -RUN cp /lib64/php/modules/mysqlnd.so /bref/bref/extensions/mysqlnd.so - -#RUN cp /usr/lib64/libsqlite3.so.0 /bref/lib/libsqlite3.so.0 -RUN cp /lib64/php/modules/sqlite3.so /bref/bref/extensions/sqlite3.so - -RUN cp /usr/lib64/libgpg-error.so.0 /bref/lib/libgpg-error.so.0 -RUN cp /usr/lib64/libgcrypt.so.11 /bref/lib/libgcrypt.so.11 -RUN cp /usr/lib64/libexslt.so.0 /bref/lib/libexslt.so.0 -RUN cp /usr/lib64/libxslt.so.1 /bref/lib/libxslt.so.1 -RUN cp /lib64/php/modules/xsl.so /bref/bref/extensions/xsl.so - -RUN cp /usr/lib64/libicuio.so.71 /bref/lib/libicuio.so.71 -RUN cp /usr/lib64/libicui18n.so.71 /bref/lib/libicui18n.so.71 -RUN cp /usr/lib64/libicuuc.so.71 /bref/lib/libicuuc.so.71 -RUN cp /usr/lib64/libicudata.so.71 /bref/lib/libicudata.so.71 -RUN cp /lib64/php/modules/intl.so /bref/bref/extensions/intl.so - -RUN cp /lib64/php/modules/apcu.so /bref/bref/extensions/apcu.so - -RUN cp /usr/lib64/libpq.so.5 /bref/lib/libpq.so.5 -#RUN cp /usr/lib64/libldap_r-2.4.so.2 /bref/lib/libldap_r-2.4.so.2 -RUN cp /lib64/php/modules/pdo_pgsql.so /bref/bref/extensions/pdo_pgsql.so - -RUN cp /usr/lib64/libzip.so.5 /bref/lib/libzip.so.5 -RUN cp /usr/lib64/libzstd.so.1 /bref/lib/libzstd.so.1 -RUN cp /lib64/php/modules/zip.so /bref/bref/extensions/zip.so - -# sodium -RUN cp /lib64/php/modules/sodium.so /bref/bref/extensions/sodium.so -RUN cp /usr/lib64/libsodium.so.23 /bref/lib/libsodium.so.23 - -# other extensions without system dependencies -RUN cp /lib64/php/modules/bcmath.so /bref/bref/extensions/bcmath.so -RUN cp /lib64/php/modules/dom.so /bref/bref/extensions/dom.so -RUN cp /lib64/php/modules/opcache.so /bref/bref/extensions/opcache.so -RUN cp /lib64/php/modules/pdo.so /bref/bref/extensions/pdo.so -RUN cp /lib64/php/modules/pdo_mysql.so /bref/bref/extensions/pdo_mysql.so -RUN cp /lib64/php/modules/pdo_sqlite.so /bref/bref/extensions/pdo_sqlite.so -RUN cp /lib64/php/modules/phar.so /bref/bref/extensions/phar.so -RUN cp /lib64/php/modules/posix.so /bref/bref/extensions/posix.so -RUN cp /lib64/php/modules/simplexml.so /bref/bref/extensions/simplexml.so -RUN cp /lib64/php/modules/soap.so /bref/bref/extensions/soap.so -RUN cp /lib64/php/modules/xml.so /bref/bref/extensions/xml.so -RUN cp /lib64/php/modules/xmlreader.so /bref/bref/extensions/xmlreader.so -RUN cp /lib64/php/modules/xmlwriter.so /bref/bref/extensions/xmlwriter.so - +ENV VERSION_PHP=8.2.0 + +RUN mkdir -p /tmp/php +WORKDIR /tmp/php + +# PHP Build +# https://github.com/php/php-src/releases +# Needs: +# - zlib +# - libxml2 +# - openssl +# - readline +# - sodium + +# Download and unpack the source code +# --location will follow redirects +# --silent will hide the progress, but also the errors: we restore error messages with --show-error +# --fail makes sure that curl returns an error instead of fetching the 404 page +RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ + | tar xzC . --strip-components=1 + +# Configure the build +# -fstack-protector-strong : Be paranoid about stack overflows +# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# -fpie : Support Address Space Layout Randomization (see -fpic) +# -O3 : Optimize for fastest binaries possible. +# -I : Add the path to the list of directories to be searched for header files during preprocessing. +# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings +# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) +# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) +# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 +RUN ./buildconf --force +RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ + ./configure \ + --build=x86_64-pc-linux-gnu \ + --prefix=${INSTALL_DIR} \ + --enable-option-checking=fatal \ + --enable-sockets \ + --with-config-file-path=/opt/bref/etc/php \ + --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ + --enable-fpm \ + --disable-cgi \ + --enable-cli \ + --disable-phpdbg \ + --with-sodium \ + --with-readline \ + --with-openssl \ + --with-zlib=${INSTALL_DIR} \ + --with-zlib-dir=${INSTALL_DIR} \ + --with-curl \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pdo-mysql=shared,mysqlnd \ + --with-mysqli \ + --enable-pcntl \ + --with-zip \ + --enable-bcmath \ + --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --enable-intl=shared \ + --enable-soap \ + --with-xsl=${INSTALL_DIR} \ + # necessary for `pecl` to work (to install PHP extensions) + --with-pear +RUN make -j $(nproc) +# Run `make install` and override PEAR's PHAR URL because pear.php.net is down +RUN set -xe; \ + make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ + { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ + make clean; \ + cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini + + +# Install extensions +# We can install extensions manually or using `pecl` +RUN pecl install APCu + + +# --------------------------------------------------------------- +# Now we copy everything we need for the layers into /opt (location of the layers) +RUN mkdir /opt/bin \ +&& mkdir /opt/lib \ +&& mkdir -p /opt/bref/extensions + +# Copy the PHP binary into /opt/bin +RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php + +# Copy all the external PHP extensions +RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ + +# Copy all the required system libraries from: +# - /lib | /lib64 (system libraries installed with `yum`) +# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) +# into `/opt` (the directory of Lambda layers) +COPY --link utils/lib-check /bref/lib-copy +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib + + +# --------------------------------------------------------------- # Start from a clean image to copy only the files we need FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation -COPY --from=build-environment /bref /opt +COPY --link --from=build-environment /opt /opt # This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) +# TODO delete ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" FROM isolation as function From 955df3720c038f43048a2695f355161513f859a3 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 18:12:53 +0100 Subject: [PATCH 16/97] Get rid of PHP_INI_SCAN_DIR We don't need that variable anymore since we set it when compiling PHP --- layers/fpm/bootstrap.sh | 6 ------ layers/function/bootstrap.sh | 6 ------ php-80/cpu-x86.Dockerfile | 4 ---- php-81/cpu-x86.Dockerfile | 4 ---- php-82/cpu-x86.Dockerfile | 4 ---- 5 files changed, 24 deletions(-) diff --git a/layers/fpm/bootstrap.sh b/layers/fpm/bootstrap.sh index 2b242a71..d7a63106 100644 --- a/layers/fpm/bootstrap.sh +++ b/layers/fpm/bootstrap.sh @@ -3,12 +3,6 @@ # Fail on error set -e -# We don't compile PHP anymore, so the only way to configure where PHP looks for -# .ini files is via the PHP_INI_SCAN_DIR environment variable. -# Note: we use that weird syntax to set the variable only if it's not already set (can be overridden) -: "${PHP_INI_SCAN_DIR:=/opt/bref/etc/php/conf.d:/var/task/php/conf.d}" -export PHP_INI_SCAN_DIR - # We redirect stderr to stdout so that everything # written on the output ends up in Cloudwatch automatically /opt/bin/php "/opt/bref/php-fpm-runtime/vendor/bref/php-fpm-runtime/src/bootstrap.php" 2>&1 diff --git a/layers/function/bootstrap.sh b/layers/function/bootstrap.sh index 1a117888..7b18a551 100644 --- a/layers/function/bootstrap.sh +++ b/layers/function/bootstrap.sh @@ -3,12 +3,6 @@ # Fail on error set -e -# We don't compile PHP anymore, so the only way to configure where PHP looks for -# .ini files is via the PHP_INI_SCAN_DIR environment variable. -# Note: we use that weird syntax to set the variable only if it's not already set (can be overridden) -: "${PHP_INI_SCAN_DIR:=/opt/bref/etc/php/conf.d:/var/task/php/conf.d}" -export PHP_INI_SCAN_DIR - while true do if [ -z "${EXPERIMENTAL_AWS_LAMBDA_EXEC_WRAPPER}" ]; then diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile index d58256a0..67d7b6b8 100644 --- a/php-80/cpu-x86.Dockerfile +++ b/php-80/cpu-x86.Dockerfile @@ -113,10 +113,6 @@ FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation COPY --link --from=build-environment /opt /opt -# This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) -# TODO delete -ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" - FROM isolation as function COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index 8e136b94..1ea976c1 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -113,10 +113,6 @@ FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation COPY --link --from=build-environment /opt /opt -# This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) -# TODO delete -ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" - FROM isolation as function COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile index ad9fda39..fc2855e9 100644 --- a/php-82/cpu-x86.Dockerfile +++ b/php-82/cpu-x86.Dockerfile @@ -113,10 +113,6 @@ FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation COPY --link --from=build-environment /opt /opt -# This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) -# TODO delete -ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" - FROM isolation as function COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ From 7a9681741630b90c5ab7a809528f5af4d2527bba Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 18:21:43 +0100 Subject: [PATCH 17/97] Use the new `COPY --link` syntax to accelerate builds --- layers/console/Dockerfile | 11 ++++++----- layers/fpm-dev/Dockerfile | 7 ++++--- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/layers/console/Dockerfile b/layers/console/Dockerfile index 5285d9ba..9f209a80 100644 --- a/layers/console/Dockerfile +++ b/layers/console/Dockerfile @@ -1,3 +1,4 @@ +# syntax = docker/dockerfile:1.4 ARG PHP_VERSION ARG CPU_PREFIX @@ -7,23 +8,23 @@ RUN apk add composer RUN mkdir -p /opt/bref/console-runtime WORKDIR /opt/bref/console-runtime -COPY composer.json composer.json +COPY --link composer.json composer.json RUN composer install --ignore-platform-req=ext-posix --ignore-platform-req=ext-simplexml FROM bref/${CPU_PREFIX}php-$PHP_VERSION as console # Overwrite the "function" bootstrap file -COPY bref/bootstrap.php /opt/bref/bootstrap.php +COPY --link bref/bootstrap.php /opt/bref/bootstrap.php -COPY --from=composer /opt/bref/console-runtime /opt/bref/console-runtime +COPY --link --from=composer /opt/bref/console-runtime /opt/bref/console-runtime FROM alpine:3.14 as zip-console RUN apk add zip RUN mkdir -p /opt/bref -COPY --from=console /opt/bref/bootstrap.php /opt/bref/bootstrap.php -COPY --from=console /opt/bref/console-runtime /opt/bref/console-runtime +COPY --link --from=console /opt/bref/bootstrap.php /opt/bref/bootstrap.php +COPY --link --from=console /opt/bref/console-runtime /opt/bref/console-runtime WORKDIR /opt diff --git a/layers/fpm-dev/Dockerfile b/layers/fpm-dev/Dockerfile index a1d462f9..8d853960 100644 --- a/layers/fpm-dev/Dockerfile +++ b/layers/fpm-dev/Dockerfile @@ -1,3 +1,4 @@ +# syntax = docker/dockerfile:1.4 ARG CPU_PREFIX ARG PHP_VERSION @@ -21,8 +22,8 @@ RUN if [[ $CPU_PREFIX == "arm-" ]]; then curl -A "Docker" -o /opt/bref/extension FROM bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm -COPY --from=build_extensions /opt /opt -COPY bref-entrypoint.sh / +COPY --link --from=build_extensions /opt /opt +COPY --link bref-entrypoint.sh / RUN chmod +x /bref-entrypoint.sh # Install node to run the JS app below @@ -30,7 +31,7 @@ RUN curl --silent --location https://rpm.nodesource.com/setup_16.x | bash - RUN yum install --setopt=skip_missing_names_on_install=False -y nodejs # Install the bref/local-api-gateway app in our container (avoids running 2 containers) -COPY --from=bref/local-api-gateway /app /local-api-gateway +COPY --link --from=bref/local-api-gateway /app /local-api-gateway EXPOSE 8000 # Add `php/conf.dev.d` to the path where PHP looks for configuration files From adb5504dfdbab43affb717ba3d8fdfd0b8be765b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 18:27:42 +0100 Subject: [PATCH 18/97] Package PHP-FPM from the compiled binary --- layers/fpm/bref-extensions.ini | 28 +-------------------- php-80/cpu-x86.Dockerfile | 44 ++++++++++++++------------------- php-81/cpu-x86.Dockerfile | 45 ++++++++++++++-------------------- php-82/cpu-x86.Dockerfile | 44 ++++++++++++++------------------- 4 files changed, 56 insertions(+), 105 deletions(-) diff --git a/layers/fpm/bref-extensions.ini b/layers/fpm/bref-extensions.ini index 96d78712..16e3e2e6 100644 --- a/layers/fpm/bref-extensions.ini +++ b/layers/fpm/bref-extensions.ini @@ -1,31 +1,5 @@ extension_dir=/opt/bref/extensions -extension=bcmath.so -extension=ctype.so -extension=curl.so -extension=dom.so -extension=exif.so -extension=fileinfo.so -extension=ftp.so -extension=gettext.so -extension=iconv.so -extension=mbstring.so -extension=mysqlnd.so -extension=mysqli.so -extension=pdo.so extension=pdo_mysql.so -extension=pdo_sqlite.so -extension=phar.so -extension=posix.so -extension=simplexml.so -extension=sodium.so -extension=soap.so -extension=sockets.so -extension=sqlite3.so -extension=tokenizer.so -extension=xml.so -extension=xmlreader.so -extension=xmlwriter.so -extension=xsl.so -extension=zip.so + zend_extension=opcache.so diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile index 67d7b6b8..30945bbf 100644 --- a/php-80/cpu-x86.Dockerfile +++ b/php-80/cpu-x86.Dockerfile @@ -115,21 +115,21 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function -COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bootstrap.sh /opt/bootstrap +COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/function/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/function/bootstrap.php /opt/bref/bootstrap.php +COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php FROM alpine:3.14 as zip-function RUN apk add zip -COPY --from=function /opt /opt +COPY --link --from=function /opt /opt WORKDIR /opt @@ -142,40 +142,32 @@ RUN zip --quiet --recurse-paths /tmp/layer.zip . FROM build-environment as fpm-extension -RUN yum install -y php-fpm +RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib -FROM isolation as fpm -COPY --from=fpm-extension /sbin/php-fpm /opt/bin/php-fpm +FROM isolation as fpm -COPY --from=fpm-extension /usr/lib64/libsystemd.so.0 /opt/lib/libsystemd.so.0 -COPY --from=fpm-extension /usr/lib64/liblz4.so.1 /opt/lib/liblz4.so.1 -COPY --from=fpm-extension /usr/lib64/libgcrypt.so.11 /opt/lib/libgcrypt.so.11 -COPY --from=fpm-extension /usr/lib64/libgpg-error.so.0 /opt/lib/libgpg-error.so.0 -COPY --from=fpm-extension /usr/lib64/libdw.so.1 /opt/lib/libdw.so.1 -#COPY --from=fpm-extension /usr/lib64/libacl.so.1 /opt/lib/libacl.so.1 -#COPY --from=fpm-extension /usr/lib64/libattr.so.1 /opt/lib/libattr.so.1 -#COPY --from=fpm-extension /usr/lib64/libcap.so.2 /opt/lib/libcap.so.2 -#COPY --from=fpm-extension /usr/lib64/libelf.so.1 /opt/lib/libelf.so.1 -#COPY --from=fpm-extension /usr/lib64/libbz2.so.1 /opt/lib/libbz2.so.1 +COPY --link --from=fpm-extension /opt /opt -COPY layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ +# TODO merge in the first file now that it's a much simpler file? +COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bootstrap.sh /opt/bootstrap +COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/fpm/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf +COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -COPY --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime +COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime FROM alpine:3.14 as zip-fpm RUN apk add zip -COPY --from=fpm /opt /opt +COPY --link --from=fpm /opt /opt WORKDIR /opt diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index 1ea976c1..a2072a73 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -115,26 +115,27 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function -COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bootstrap.sh /opt/bootstrap +COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/function/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/function/bootstrap.php /opt/bref/bootstrap.php +COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php FROM alpine:3.14 as zip-function RUN apk add zip -COPY --from=function /opt /opt +COPY --link --from=function /opt /opt WORKDIR /opt RUN zip --quiet --recurse-paths /tmp/layer.zip . + # Up until here the entire file has been designed as a top-down reading/execution. # Everything necessary for the `function` layer has been installed, isolated and # packaged. Now we'll go back one step and start from the extensions so that we @@ -142,40 +143,32 @@ RUN zip --quiet --recurse-paths /tmp/layer.zip . FROM build-environment as fpm-extension -RUN yum install -y php-fpm +RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib -FROM isolation as fpm -COPY --from=fpm-extension /sbin/php-fpm /opt/bin/php-fpm +FROM isolation as fpm -COPY --from=fpm-extension /usr/lib64/libsystemd.so.0 /opt/lib/libsystemd.so.0 -COPY --from=fpm-extension /usr/lib64/liblz4.so.1 /opt/lib/liblz4.so.1 -COPY --from=fpm-extension /usr/lib64/libgcrypt.so.11 /opt/lib/libgcrypt.so.11 -COPY --from=fpm-extension /usr/lib64/libgpg-error.so.0 /opt/lib/libgpg-error.so.0 -COPY --from=fpm-extension /usr/lib64/libdw.so.1 /opt/lib/libdw.so.1 -#COPY --from=fpm-extension /usr/lib64/libacl.so.1 /opt/lib/libacl.so.1 -#COPY --from=fpm-extension /usr/lib64/libattr.so.1 /opt/lib/libattr.so.1 -#COPY --from=fpm-extension /usr/lib64/libcap.so.2 /opt/lib/libcap.so.2 -#COPY --from=fpm-extension /usr/lib64/libelf.so.1 /opt/lib/libelf.so.1 -#COPY --from=fpm-extension /usr/lib64/libbz2.so.1 /opt/lib/libbz2.so.1 +COPY --link --from=fpm-extension /opt /opt -COPY layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ +# TODO merge in the first file now that it's a much simpler file? +COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bootstrap.sh /opt/bootstrap +COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/fpm/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf +COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -COPY --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime +COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime FROM alpine:3.14 as zip-fpm RUN apk add zip -COPY --from=fpm /opt /opt +COPY --link --from=fpm /opt /opt WORKDIR /opt diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile index fc2855e9..7b1b5d78 100644 --- a/php-82/cpu-x86.Dockerfile +++ b/php-82/cpu-x86.Dockerfile @@ -115,21 +115,21 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function -COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bootstrap.sh /opt/bootstrap +COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/function/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/function/bootstrap.php /opt/bref/bootstrap.php +COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php FROM alpine:3.14 as zip-function RUN apk add zip -COPY --from=function /opt /opt +COPY --link --from=function /opt /opt WORKDIR /opt @@ -142,40 +142,32 @@ RUN zip --quiet --recurse-paths /tmp/layer.zip . FROM build-environment as fpm-extension -RUN yum install -y php-fpm +RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib -FROM isolation as fpm -COPY --from=fpm-extension /sbin/php-fpm /opt/bin/php-fpm +FROM isolation as fpm -COPY --from=fpm-extension /usr/lib64/libsystemd.so.0 /opt/lib/libsystemd.so.0 -COPY --from=fpm-extension /usr/lib64/liblz4.so.1 /opt/lib/liblz4.so.1 -COPY --from=fpm-extension /usr/lib64/libgcrypt.so.11 /opt/lib/libgcrypt.so.11 -COPY --from=fpm-extension /usr/lib64/libgpg-error.so.0 /opt/lib/libgpg-error.so.0 -COPY --from=fpm-extension /usr/lib64/libdw.so.1 /opt/lib/libdw.so.1 -#COPY --from=fpm-extension /usr/lib64/libacl.so.1 /opt/lib/libacl.so.1 -#COPY --from=fpm-extension /usr/lib64/libattr.so.1 /opt/lib/libattr.so.1 -#COPY --from=fpm-extension /usr/lib64/libcap.so.2 /opt/lib/libcap.so.2 -#COPY --from=fpm-extension /usr/lib64/libelf.so.1 /opt/lib/libelf.so.1 -#COPY --from=fpm-extension /usr/lib64/libbz2.so.1 /opt/lib/libbz2.so.1 +COPY --link --from=fpm-extension /opt /opt -COPY layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ +# TODO merge in the first file now that it's a much simpler file? +COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bootstrap.sh /opt/bootstrap +COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/fpm/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf +COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -COPY --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime +COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime FROM alpine:3.14 as zip-fpm RUN apk add zip -COPY --from=fpm /opt /opt +COPY --link --from=fpm /opt /opt WORKDIR /opt From d9f6867d7c4b419eeac2f396c5be54b5a616b4f2 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 18:35:44 +0100 Subject: [PATCH 19/97] Set up Docker buildx to use BuildKit features --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9b375b56..67f47311 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -12,6 +12,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - name: Set up Docker buildx to use BuildKit features + uses: docker/setup-buildx-action@v2 - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test From d943ae23af9d0c0e662b5d89779bb6b53e6cc833 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 18:43:16 +0100 Subject: [PATCH 20/97] Set up Docker buildx to use BuildKit features --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 67f47311..df47526e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,6 +14,9 @@ jobs: - uses: actions/checkout@v3 - name: Set up Docker buildx to use BuildKit features uses: docker/setup-buildx-action@v2 + with: + # Sets up `docker build` command as an alias to `docker buildx` + install: true - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test From 555d39b8f93814783cce0778212f2bdfa604bbf6 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 18:58:31 +0100 Subject: [PATCH 21/97] Set up Docker buildx to use BuildKit features --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index df47526e..23b5d399 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,6 +18,9 @@ jobs: # Sets up `docker build` command as an alias to `docker buildx` install: true - run: make -f cpu-x86.Makefile layers + env: + # Enable buildx/BuildKit in Docker Compose + COMPOSE_DOCKER_CLI_BUILD: 1 - run: make -f cpu-x86.Makefile test tests-arm: From effc939be3b8bcf24623c700a8274863c28941d4 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 19:08:41 +0100 Subject: [PATCH 22/97] Switch to Docker Compose v2 --- README.md | 4 ++-- base-devel/Makefile | 2 +- cpu-arm.Makefile | 18 +++++++++--------- cpu-x86.Makefile | 22 +++++++++++----------- tests/Makefile | 40 ++++++++++++++++++++-------------------- utils/lib-check/Makefile | 4 ++-- 6 files changed, 45 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 47fc9f8d..dca57b44 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ The `bref-internal-src` images (see layers/fpm) are used to load Bref classes into the layer. The 4th layer is `zip-function`, where we get a small and fast Linux (Alpine) just to install and zip the entire -`/opt` content. We use docker-compose volumes to map `/tmp/bref-zip` from host to the container so that we can +`/opt` content. We use docker compose volumes to map `/tmp/bref-zip` from host to the container so that we can zip everything and get the zipped file out of the container. The 5th layer goes back to `extensions` and start `fpm-extension`. Here we're back at step 2 so that we can install @@ -211,7 +211,7 @@ The benefits of maintaining a lightweight layer long-term didn't outweigh the co Before landing on the current architecture, there was several attempts (7 to be exact) on a back-and-forth between more environment variables vs more repetitive code. Environment variables grows complexity because they require contributors to understand how they intertwine with each other. We have layers, php version and -CPU architecture. A more "reusable" Dockerfile or docker-compose requires a more complex Makefile. In contrast, +CPU architecture. A more "reusable" Dockerfile or docker compose requires a more complex Makefile. In contrast, a simpler and straight-forward Makefile requires more code duplication for Docker and Docker Compose. The current format makes it so that old PHP layers can easily be removed by dropping an entire folder and a new PHP Version can be added by copying an existing folder and doing search/replace on the diff --git a/base-devel/Makefile b/base-devel/Makefile index d0f16617..1a6c2f06 100644 --- a/base-devel/Makefile +++ b/base-devel/Makefile @@ -1,5 +1,5 @@ build: - docker-compose build --parallel + docker compose build upload-to-docker-hub: build docker tag bref/base-devel-arm bref/base-devel-arm diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 716ba170..555c5eff 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -16,30 +16,30 @@ everything: clean upload-layers upload-to-docker-hub # Build Docker images *locally* docker-images: # Prepare the content of `/opt` that will be copied in each layer - docker-compose -f ./layers/docker-compose.yml build --parallel + docker compose -f ./layers/docker-compose.yml build # Build images for "build environment" - docker-compose build --parallel build-php-80 build-php-81 + docker compose build build-php-80 build-php-81 # Build images for function layers - docker-compose build --parallel php-80 php-81 + docker compose build php-80 php-81 # Build images for FPM layers - docker-compose build --parallel php-80-fpm php-81-fpm + docker compose build php-80-fpm php-81-fpm # Build images for console layers - docker-compose build --parallel php-80-console php-81-console + docker compose build php-80-console php-81-console # Build dev images - docker-compose build --parallel php-80-fpm-dev php-81-fpm-dev + docker compose build php-80-fpm-dev php-81-fpm-dev # Build Lambda layers (zip files) *locally* layers: docker-images # Build the containers that will zip the layers - docker-compose build --parallel php-80-zip php-81-zip \ + docker compose build php-80-zip php-81-zip \ php-80-zip-fpm php-81-zip-fpm # Run the zip containers: the layers will be copied to `./output/` - docker-compose up php-80-zip php-81-zip \ + docker compose up php-80-zip php-81-zip \ php-80-zip-fpm php-81-zip-fpm # Clean up containers - docker-compose down + docker compose down # Upload the layers to AWS Lambda diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index bb5da2ca..6f645ad6 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -16,32 +16,32 @@ everything: clean upload-layers upload-to-docker-hub # Build Docker images *locally* docker-images: # Prepare the content of `/opt` that will be copied in each layer - docker-compose -f ./layers/docker-compose.yml build --parallel + docker compose -f ./layers/docker-compose.yml build # Build images for "build environment" - docker-compose build --parallel build-php-80 build-php-81 build-php-82 + docker compose build build-php-80 build-php-81 build-php-82 # Build images for function layers - docker-compose build --parallel php-80 php-81 php-82 + docker compose build php-80 php-81 php-82 # Build images for FPM layers - docker-compose build --parallel php-80-fpm php-81-fpm php-82-fpm + docker compose build php-80-fpm php-81-fpm php-82-fpm # Build images for console layers - docker-compose build --parallel php-80-console php-81-console php-82-console + docker compose build php-80-console php-81-console php-82-console # Build dev images - docker-compose build --parallel php-80-fpm-dev php-81-fpm-dev php-82-fpm-dev + docker compose build php-80-fpm-dev php-81-fpm-dev php-82-fpm-dev # Build Lambda layers (zip files) *locally* layers: docker-images # Build the containers that will zip the layers - docker-compose build --parallel php-80-zip php-81-zip php-82-zip - docker-compose build --parallel php-80-zip-fpm php-81-zip-fpm php-82-zip-fpm - docker-compose build --parallel php-80-zip-console + docker compose build php-80-zip php-81-zip php-82-zip + docker compose build php-80-zip-fpm php-81-zip-fpm php-82-zip-fpm + docker compose build php-80-zip-console # Run the zip containers: the layers will be copied to `./output/` - docker-compose up php-80-zip php-81-zip php-82-zip \ + docker compose up php-80-zip php-81-zip php-82-zip \ php-80-zip-fpm php-81-zip-fpm php-82-zip-fpm \ php-80-zip-console # Clean up containers - docker-compose down + docker compose down # Upload the layers to AWS Lambda diff --git a/tests/Makefile b/tests/Makefile index 6ca10e2f..c6bb509e 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -8,33 +8,33 @@ test: test-80 test-81 test-82 # The `$*` variable will contained the matched part, in this case `80`. test-%: vendor # Clean up containers from previous failed runs - docker-compose down - docker-compose run --rm -- php-$* test_1_binary.php $* - docker-compose run --rm -- php-$* test_2_extensions.php - docker-compose run --rm -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" \ + docker compose down + docker compose run --rm -- php-$* test_1_binary.php $* + docker compose run --rm -- php-$* test_2_extensions.php + docker compose run --rm -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" \ -- php-$* test_3_manual_enabling_extensions.php # Test function handler - docker-compose up --detach php-$*-handler - docker-compose exec -T php-$*-handler php test_4_function_invocation.php \ - || (docker-compose logs php-$*-handler && exit 1) # print logs in case of failure + docker compose up --detach php-$*-handler + docker compose exec -T php-$*-handler php test_4_function_invocation.php \ + || (docker compose logs php-$*-handler && exit 1) # print logs in case of failure # Test FPM handler - docker-compose up --detach php-$*-fpm-handler - docker-compose exec -T php-$*-fpm-handler php test_5_fpm_invocation.php \ - || (docker-compose logs php-$*-fpm-handler && exit 1) # print logs in case of failure + docker compose up --detach php-$*-fpm-handler + docker compose exec -T php-$*-fpm-handler php test_5_fpm_invocation.php \ + || (docker compose logs php-$*-fpm-handler && exit 1) # print logs in case of failure # Test console handler - docker-compose up --detach php-$*-console-handler - docker-compose exec -T php-$*-console-handler php test_6_console_invocation.php \ - || (docker-compose logs php-$*-console-handler && exit 1) # print logs in case of failure + docker compose up --detach php-$*-console-handler + docker compose exec -T php-$*-console-handler php test_6_console_invocation.php \ + || (docker compose logs php-$*-console-handler && exit 1) # print logs in case of failure # Test that we can override PHP_INI_SCAN_DIR - docker-compose up --detach php-$*-handler-test7 - docker-compose exec -T php-$*-handler-test7 php test_7_custom_ini_scan_dir.php \ - || (docker-compose logs php-$*-handler && exit 1) # print logs in case of failure + docker compose up --detach php-$*-handler-test7 + docker compose exec -T php-$*-handler-test7 php test_7_custom_ini_scan_dir.php \ + || (docker compose logs php-$*-handler && exit 1) # print logs in case of failure # Clean up containers - docker-compose down + docker compose down echo "\033[1;32m✓ Tests succeeded\033[0m" start-containers: vendor - docker-compose up php-80-handler php-80-fpm-handler + docker compose up php-80-handler php-80-fpm-handler test-function: curl -X POST "http://localhost:9001/2015-03-31/functions/function/invocations" -d '{"name": "World"}' @@ -43,8 +43,8 @@ test-fpm: curl -X POST "http://localhost:9002/2015-03-31/functions/function/invocations" --data-binary "@test_5_event.json" vendor: - docker-compose run --rm composer install + docker compose run --rm composer install clean: - docker-compose down + docker compose down rm -rf vendor composer.lock diff --git a/utils/lib-check/Makefile b/utils/lib-check/Makefile index 70411348..83e6dfe6 100644 --- a/utils/lib-check/Makefile +++ b/utils/lib-check/Makefile @@ -6,5 +6,5 @@ check: @php verify.php php-81/cpu-arm.Dockerfile arm update: - docker-compose run --rm update-x86 - docker-compose run --rm update-arm + docker compose run --rm update-x86 + docker compose run --rm update-arm From f3e2345b8eda3d877d3dddd73bfd98b3bbaad06c Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 19:10:15 +0100 Subject: [PATCH 23/97] Simplify the CI config --- .github/workflows/tests.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 23b5d399..df47526e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,9 +18,6 @@ jobs: # Sets up `docker build` command as an alias to `docker buildx` install: true - run: make -f cpu-x86.Makefile layers - env: - # Enable buildx/BuildKit in Docker Compose - COMPOSE_DOCKER_CLI_BUILD: 1 - run: make -f cpu-x86.Makefile test tests-arm: From cdad0bd389f2da384b38f94f89c55a31a638d6f4 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 19:14:57 +0100 Subject: [PATCH 24/97] Build base-devel images in GitHub CI --- .github/workflows/tests.yml | 1 + base-devel/Makefile | 8 ++++++-- cpu-x86.Makefile | 4 ++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index df47526e..b51b6bb0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,6 +17,7 @@ jobs: with: # Sets up `docker build` command as an alias to `docker buildx` install: true + - run: make -f cpu-x86.Makefile base-devel - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test diff --git a/base-devel/Makefile b/base-devel/Makefile index 1a6c2f06..54f12574 100644 --- a/base-devel/Makefile +++ b/base-devel/Makefile @@ -1,5 +1,9 @@ -build: - docker compose build +build: build-x86 build-arm + +build-x86: + docker compose build x86 +build-arm: + docker compose build arm upload-to-docker-hub: build docker tag bref/base-devel-arm bref/base-devel-arm diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 6f645ad6..0eb2c534 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -13,6 +13,10 @@ export CPU_PREFIX = everything: clean upload-layers upload-to-docker-hub +base-devel: + cd base-devel && $(MAKE) build-x86 + + # Build Docker images *locally* docker-images: # Prepare the content of `/opt` that will be copied in each layer From 1b2517cb8351568f0881c90eb5e23ee05fd8b924 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 19:17:21 +0100 Subject: [PATCH 25/97] Bugfix --- cpu-x86.Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 0eb2c534..af9ccaf3 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -111,3 +111,5 @@ clean: docker image rm --force bref/php-82-console # Clear the build cache, else all images will be rebuilt using cached layers docker builder prune + +.PHONY: base-devel From e0eb48c6ca84a8138b7731554223eb5e81da2d8c Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 20:47:34 +0100 Subject: [PATCH 26/97] Always build base-devel --- .github/workflows/tests.yml | 1 - cpu-x86.Makefile | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b51b6bb0..df47526e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,7 +17,6 @@ jobs: with: # Sets up `docker build` command as an alias to `docker buildx` install: true - - run: make -f cpu-x86.Makefile base-devel - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index af9ccaf3..1b691c13 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -18,7 +18,7 @@ base-devel: # Build Docker images *locally* -docker-images: +docker-images: base-devel # Prepare the content of `/opt` that will be copied in each layer docker compose -f ./layers/docker-compose.yml build # Build images for "build environment" From 73486ee6058ca3250473f1288f134e5221092f2e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 23:54:35 +0100 Subject: [PATCH 27/97] Fix Docker build --- .github/workflows/tests.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index df47526e..d53e9b64 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,6 +17,19 @@ jobs: with: # Sets up `docker build` command as an alias to `docker buildx` install: true + - name: Build base-devel-x86 + uses: docker/build-push-action@v3 + with: + context: base-devel + file: cpu-x86.Dockerfile + tags: bref/base-devel-x86:latest + # This is needed to make the built image available in later steps + # https://docs.docker.com/engine/reference/commandline/buildx_build/#load + load: true + # Cache Docker layers in the GitHub Actions cache + # https://docs.docker.com/build/cache/backends/gha/ + cache-from: type=gha + cache-to: type=gha,mode=max - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test From 8184f341aab1b34849112d89796e4b7f05cb264b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 13 Jan 2023 23:56:13 +0100 Subject: [PATCH 28/97] Fix Docker build --- .github/workflows/tests.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d53e9b64..3985c5c7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -20,8 +20,7 @@ jobs: - name: Build base-devel-x86 uses: docker/build-push-action@v3 with: - context: base-devel - file: cpu-x86.Dockerfile + file: base-devel/cpu-x86.Dockerfile tags: bref/base-devel-x86:latest # This is needed to make the built image available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load From 4c5a8a525e894fe5a86352e97e0d0f110157d6e1 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 00:07:39 +0100 Subject: [PATCH 29/97] Fix Docker build --- cpu-x86.Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 1b691c13..af9ccaf3 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -18,7 +18,7 @@ base-devel: # Build Docker images *locally* -docker-images: base-devel +docker-images: # Prepare the content of `/opt` that will be copied in each layer docker compose -f ./layers/docker-compose.yml build # Build images for "build environment" From a088947696b99e63b8eba865581277224e2c9500 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 14:22:06 +0100 Subject: [PATCH 30/97] Build images in CI --- .github/workflows/tests.yml | 39 ++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3985c5c7..0ed7cc33 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,8 +7,29 @@ on: branches: [ '*' ] jobs: + build-base-devel-x86: + name: Build base-devel-x86 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-buildx-action@v2 # to use BuildKit features + - uses: docker/build-push-action@v3 + with: + file: base-devel/cpu-x86.Dockerfile + tags: bref/base-devel-x86:latest + outputs: type=docker,dest=/tmp/base-devel-x86.tar + # Cache Docker layers in the GitHub Actions cache + # https://docs.docker.com/build/cache/backends/gha/ + cache-from: type=gha + cache-to: type=gha,mode=max + - uses: actions/upload-artifact@v3 # Expose /tmp/base-devel-x86.tar to other jobs + with: + name: base-devel-x86 + path: /tmp/base-devel-x86.tar + tests-x86: name: Build x86 images, layers, and run tests + needs: build-base-devel-x86 runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -17,18 +38,14 @@ jobs: with: # Sets up `docker build` command as an alias to `docker buildx` install: true - - name: Build base-devel-x86 - uses: docker/build-push-action@v3 + - uses: actions/download-artifact@v3 with: - file: base-devel/cpu-x86.Dockerfile - tags: bref/base-devel-x86:latest - # This is needed to make the built image available in later steps - # https://docs.docker.com/engine/reference/commandline/buildx_build/#load - load: true - # Cache Docker layers in the GitHub Actions cache - # https://docs.docker.com/build/cache/backends/gha/ - cache-from: type=gha - cache-to: type=gha,mode=max + name: base-devel-x86 + path: /tmp/base-devel-x86.tar + - name: Load the bref/base-devel-x86 image + run: | + docker load --input /tmp/base-devel-x86.tar + docker image ls -a - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test From f209c334ba89f1861157a0af84d8fc730a2cb72b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 14:26:46 +0100 Subject: [PATCH 31/97] Revert "Build images in CI" This reverts commit a088947696b99e63b8eba865581277224e2c9500. --- .github/workflows/tests.yml | 39 +++++++++++-------------------------- 1 file changed, 11 insertions(+), 28 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0ed7cc33..3985c5c7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,29 +7,8 @@ on: branches: [ '*' ] jobs: - build-base-devel-x86: - name: Build base-devel-x86 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: docker/setup-buildx-action@v2 # to use BuildKit features - - uses: docker/build-push-action@v3 - with: - file: base-devel/cpu-x86.Dockerfile - tags: bref/base-devel-x86:latest - outputs: type=docker,dest=/tmp/base-devel-x86.tar - # Cache Docker layers in the GitHub Actions cache - # https://docs.docker.com/build/cache/backends/gha/ - cache-from: type=gha - cache-to: type=gha,mode=max - - uses: actions/upload-artifact@v3 # Expose /tmp/base-devel-x86.tar to other jobs - with: - name: base-devel-x86 - path: /tmp/base-devel-x86.tar - tests-x86: name: Build x86 images, layers, and run tests - needs: build-base-devel-x86 runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -38,14 +17,18 @@ jobs: with: # Sets up `docker build` command as an alias to `docker buildx` install: true - - uses: actions/download-artifact@v3 + - name: Build base-devel-x86 + uses: docker/build-push-action@v3 with: - name: base-devel-x86 - path: /tmp/base-devel-x86.tar - - name: Load the bref/base-devel-x86 image - run: | - docker load --input /tmp/base-devel-x86.tar - docker image ls -a + file: base-devel/cpu-x86.Dockerfile + tags: bref/base-devel-x86:latest + # This is needed to make the built image available in later steps + # https://docs.docker.com/engine/reference/commandline/buildx_build/#load + load: true + # Cache Docker layers in the GitHub Actions cache + # https://docs.docker.com/build/cache/backends/gha/ + cache-from: type=gha + cache-to: type=gha,mode=max - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test From 6ebeabb26c39366f9b47a80daf0d27b4664f3839 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 14:28:10 +0100 Subject: [PATCH 32/97] Debug CI --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3985c5c7..4fa329e4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -29,6 +29,8 @@ jobs: # https://docs.docker.com/build/cache/backends/gha/ cache-from: type=gha cache-to: type=gha,mode=max + - run: docker image inspect bref/base-devel-x86:latest + - run: docker image ls -a - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test From a9df04140fca706d45e67f0fee7ce92e404cb887 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 23:15:32 +0100 Subject: [PATCH 33/97] Attempt at using `docker bake` --- .github/workflows/tests.yml | 13 ++------- docker-bake.hcl | 28 +++++++++++++++++++ ...r-compose.yml => docker-compose-backup.yml | 0 3 files changed, 30 insertions(+), 11 deletions(-) create mode 100644 docker-bake.hcl rename docker-compose.yml => docker-compose-backup.yml (100%) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4fa329e4..63d8bc68 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,20 +18,11 @@ jobs: # Sets up `docker build` command as an alias to `docker buildx` install: true - name: Build base-devel-x86 - uses: docker/build-push-action@v3 + uses: docker/bake-action@v2.3.0 with: - file: base-devel/cpu-x86.Dockerfile - tags: bref/base-devel-x86:latest - # This is needed to make the built image available in later steps + # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load load: true - # Cache Docker layers in the GitHub Actions cache - # https://docs.docker.com/build/cache/backends/gha/ - cache-from: type=gha - cache-to: type=gha,mode=max - - run: docker image inspect bref/base-devel-x86:latest - - run: docker image ls -a - - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test tests-arm: diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 00000000..0c40f319 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,28 @@ +group "default" { + targets = ["base-devel", "build-php"] +} + +variable "CPU" { + default = "x86" +} +variable "CPU_PREFIX" { + default = "" +} +variable "PHP_VERSION" { + default = "80" +} + +target "base-devel" { + dockerfile = "base-devel/cpu-${CPU}.Dockerfile" + tags = ["bref/base-devel-${CPU}"] +} + +target "build-php" { + dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" + target = "build-environment" + tags = ["bref/${CPU_PREFIX}build-php-${PHP_VERSION}"] + contexts = { + // Dependency to the base image + "bref/base-devel-x86" = "target:base-devel" + } +} diff --git a/docker-compose.yml b/docker-compose-backup.yml similarity index 100% rename from docker-compose.yml rename to docker-compose-backup.yml From 7cc04b1d368e9501a96f8dbc91940bd2e5298cd6 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 23:31:22 +0100 Subject: [PATCH 34/97] Build multiple PHP versions in GitHub Actions --- .github/workflows/tests.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 63d8bc68..6e047360 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -10,6 +10,11 @@ jobs: tests-x86: name: Build x86 images, layers, and run tests runs-on: ubuntu-latest + strategy: + matrix: + php_version: + - 80 + - 81 steps: - uses: actions/checkout@v3 - name: Set up Docker buildx to use BuildKit features @@ -17,12 +22,23 @@ jobs: with: # Sets up `docker build` command as an alias to `docker buildx` install: true - - name: Build base-devel-x86 + - name: Build Docker images uses: docker/bake-action@v2.3.0 with: + targets: build-php # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load load: true + # Cache Docker layers in GitHub Actions cache, scoped per image + # https://github.com/docker/bake-action/issues/87#issuecomment-1184659151 + set: | + base-devel.cache-from=type=gha,scope=base-devel-x86 + base-devel.cache-to=type=gha,scope=base-devel-x86,mode=max + build-php.cache-from=type=gha,scope=build-php-${{ matrix.php_version }} + build-php.cache-to=type=gha,scope=build-php-${{ matrix.php_version }},mode=max + env: + PHP_VERSION: ${{ matrix.php_version }} + CPU: x86 - run: make -f cpu-x86.Makefile test tests-arm: From 86b987bc834ca715d69ff5ad66ae3e59d57e7905 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 14 Jan 2023 23:47:08 +0100 Subject: [PATCH 35/97] Improve CI and Docker caching --- .github/workflows/tests.yml | 12 +++++++----- docker-bake.hcl | 11 ++++++++++- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6e047360..284c50f9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -8,7 +8,7 @@ on: jobs: tests-x86: - name: Build x86 images, layers, and run tests + name: Build and tests x86 layers runs-on: ubuntu-latest strategy: matrix: @@ -24,8 +24,11 @@ jobs: install: true - name: Build Docker images uses: docker/bake-action@v2.3.0 + env: + PHP_VERSION: ${{ matrix.php_version }} + CPU: x86 with: - targets: build-php + targets: php # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load load: true @@ -36,9 +39,8 @@ jobs: base-devel.cache-to=type=gha,scope=base-devel-x86,mode=max build-php.cache-from=type=gha,scope=build-php-${{ matrix.php_version }} build-php.cache-to=type=gha,scope=build-php-${{ matrix.php_version }},mode=max - env: - PHP_VERSION: ${{ matrix.php_version }} - CPU: x86 + php.cache-from=type=gha,scope=php-${{ matrix.php_version }} + php.cache-to=type=gha,scope=php-${{ matrix.php_version }},mode=max - run: make -f cpu-x86.Makefile test tests-arm: diff --git a/docker-bake.hcl b/docker-bake.hcl index 0c40f319..be22c5a3 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -23,6 +23,15 @@ target "build-php" { tags = ["bref/${CPU_PREFIX}build-php-${PHP_VERSION}"] contexts = { // Dependency to the base image - "bref/base-devel-x86" = "target:base-devel" + "bref/base-devel-${CPU}" = "target:base-devel" + } +} + +target "php" { + dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" + target = "function" + tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}"] + contexts = { + "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" } } From cdc085912037d5b61239ad80e8265e539822a680 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 00:00:47 +0100 Subject: [PATCH 36/97] Improve CI and Docker caching --- docker-bake.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-bake.hcl b/docker-bake.hcl index be22c5a3..5916886a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -32,6 +32,7 @@ target "php" { target = "function" tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}"] contexts = { + "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" } } From 99360ab78d3fbe073649fac3f90f33b378c5481d Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 00:07:32 +0100 Subject: [PATCH 37/97] Replace more Docker Compose with `docker run` --- tests/Makefile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index c6bb509e..bb66eb21 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -9,10 +9,13 @@ test: test-80 test-81 test-82 test-%: vendor # Clean up containers from previous failed runs docker compose down - docker compose run --rm -- php-$* test_1_binary.php $* - docker compose run --rm -- php-$* test_2_extensions.php - docker compose run --rm -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" \ - -- php-$* test_3_manual_enabling_extensions.php + docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ + test_1_binary.php $* + docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ + test_2_extensions.php + docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php \ + -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" bref/${CPU_PREFIX}php-$* \ + test_3_manual_enabling_extensions.php # Test function handler docker compose up --detach php-$*-handler docker compose exec -T php-$*-handler php test_4_function_invocation.php \ From c12869099e99c0016f35c0968e431affc60b139a Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 00:16:21 +0100 Subject: [PATCH 38/97] Build more images in GitHub Actions --- .github/workflows/tests.yml | 1 + docker-bake.hcl | 41 +++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 284c50f9..96ae2b39 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,6 +15,7 @@ jobs: php_version: - 80 - 81 + - 82 steps: - uses: actions/checkout@v3 - name: Set up Docker buildx to use BuildKit features diff --git a/docker-bake.hcl b/docker-bake.hcl index 5916886a..a133f34a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -36,3 +36,44 @@ target "php" { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" } } + +target "php-fpm" { + dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" + target = "fpm" + tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm"] + contexts = { + "bref/base-devel-${CPU}" = "target:base-devel" + "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" + "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" + } +} + +target "console" { + context = "layers/console" + target = "console" + tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}-console"] + args = { + PHP_VERSION = "${PHP_VERSION}" + CPU_PREFIX = "${CPU_PREFIX}" + } + contexts = { + "bref/base-devel-${CPU}" = "target:base-devel" + "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" + "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" + } +} + +target "php-fpm-dev" { + context = "layers/fpm-dev" + tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm"] + args = { + PHP_VERSION = "${PHP_VERSION}" + CPU_PREFIX = "${CPU_PREFIX}" + } + contexts = { + "bref/base-devel-${CPU}" = "target:base-devel" + "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" + "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" + "bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm" = "target:php-fpm" + } +} From 6ccc6a33a1903fc023a28d621befbee398933c8e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 00:19:38 +0100 Subject: [PATCH 39/97] Build more images in GitHub Actions --- docker-bake.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index a133f34a..53fb1592 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ group "default" { - targets = ["base-devel", "build-php"] + targets = ["build-php", "php", "php-fpm", "console", "php-fpm-dev"] } variable "CPU" { From d4ade8e78f2068a809b42a791a3362e01888d905 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 00:23:12 +0100 Subject: [PATCH 40/97] Build more images in GitHub Actions --- .github/workflows/tests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 96ae2b39..85c429b9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -29,7 +29,6 @@ jobs: PHP_VERSION: ${{ matrix.php_version }} CPU: x86 with: - targets: php # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load load: true From 16db22ebd3490a176c07fa4db0a130da016558ec Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 00:33:04 +0100 Subject: [PATCH 41/97] Build more images in GitHub Actions --- .github/workflows/tests.yml | 8 ++++++++ docker-bake.hcl | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 85c429b9..9d265414 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -41,6 +41,14 @@ jobs: build-php.cache-to=type=gha,scope=build-php-${{ matrix.php_version }},mode=max php.cache-from=type=gha,scope=php-${{ matrix.php_version }} php.cache-to=type=gha,scope=php-${{ matrix.php_version }},mode=max + php-fpm.cache-from=type=gha,scope=php-fpm-${{ matrix.php_version }} + php-fpm.cache-to=type=gha,scope=php-fpm-${{ matrix.php_version }},mode=max + fpm-internal-src.cache-from=type=gha,scope=fpm-internal-src-${{ matrix.php_version }} + fpm-internal-src.cache-to=type=gha,scope=fpm-internal-src-${{ matrix.php_version }},mode=max + console.cache-from=type=gha,scope=console-${{ matrix.php_version }} + console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max + php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} + php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max - run: make -f cpu-x86.Makefile test tests-arm: diff --git a/docker-bake.hcl b/docker-bake.hcl index 53fb1592..ad2da069 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -37,6 +37,11 @@ target "php" { } } +target "fpm-internal-src" { + context = "layers/fpm" + tags = ["bref/fpm-internal-src"] +} + target "php-fpm" { dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" target = "fpm" @@ -45,6 +50,7 @@ target "php-fpm" { "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" + "bref/fpm-internal-src" = "target:fpm-internal-src" } } @@ -75,5 +81,6 @@ target "php-fpm-dev" { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" "bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm" = "target:php-fpm" + "bref/local-api-gateway" = "docker-image://bref/local-api-gateway:latest" } } From fdf48daee5b2c1e3c6f698a116119414b62c2987 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 22:50:57 +0100 Subject: [PATCH 42/97] Remove more Docker Compose because of its incompatibility with bake --- tests/Makefile | 58 ++++++++++++---------- tests/docker-compose.yml | 103 --------------------------------------- 2 files changed, 32 insertions(+), 129 deletions(-) delete mode 100644 tests/docker-compose.yml diff --git a/tests/Makefile b/tests/Makefile index bb66eb21..270d5270 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -7,47 +7,53 @@ test: test-80 test-81 test-82 # This rule matches with a wildcard, for example `test-80`. # The `$*` variable will contained the matched part, in this case `80`. test-%: vendor - # Clean up containers from previous failed runs - docker compose down docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_1_binary.php $* + docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_2_extensions.php + docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php \ -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" bref/${CPU_PREFIX}php-$* \ test_3_manual_enabling_extensions.php + # Test function handler - docker compose up --detach php-$*-handler - docker compose exec -T php-$*-handler php test_4_function_invocation.php \ - || (docker compose logs php-$*-handler && exit 1) # print logs in case of failure + docker stop test-${CPU_PREFIX}php-$* 2> /dev/null || true # silence errors + docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$* \ + bref/${CPU_PREFIX}php-$* test_4_function_handler.php + docker exec test-${CPU_PREFIX}php-$* php test_4_function_invocation.php \ + || (docker logs test-${CPU_PREFIX}php-$* && exit 1) + docker stop test-${CPU_PREFIX}php-$* + # Test FPM handler - docker compose up --detach php-$*-fpm-handler - docker compose exec -T php-$*-fpm-handler php test_5_fpm_invocation.php \ - || (docker compose logs php-$*-fpm-handler && exit 1) # print logs in case of failure - # Test console handler - docker compose up --detach php-$*-console-handler - docker compose exec -T php-$*-console-handler php test_6_console_invocation.php \ - || (docker compose logs php-$*-console-handler && exit 1) # print logs in case of failure - # Test that we can override PHP_INI_SCAN_DIR - docker compose up --detach php-$*-handler-test7 - docker compose exec -T php-$*-handler-test7 php test_7_custom_ini_scan_dir.php \ - || (docker compose logs php-$*-handler && exit 1) # print logs in case of failure - # Clean up containers - docker compose down - echo "\033[1;32m✓ Tests succeeded\033[0m" + docker stop test-${CPU_PREFIX}php-$*-fpm 2> /dev/null || true # silence errors + docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-fpm \ + bref/${CPU_PREFIX}php-$*-fpm test_5_fpm_handler.php + docker exec test-${CPU_PREFIX}php-$*-fpm php test_5_fpm_invocation.php \ + || (docker logs test-${CPU_PREFIX}php-$*-fpm && exit 1) # print logs in case of failure + docker stop test-${CPU_PREFIX}php-$*-fpm -start-containers: vendor - docker compose up php-80-handler php-80-fpm-handler + # Test console handler + docker stop test-${CPU_PREFIX}php-$*-console 2> /dev/null || true # silence errors + docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-console \ + bref/${CPU_PREFIX}php-$*-console test_6_console_handler.php + docker exec test-${CPU_PREFIX}php-$*-console php test_6_console_invocation.php \ + || (docker logs test-${CPU_PREFIX}php-$*-console && exit 1) # print logs in case of failure + docker stop test-${CPU_PREFIX}php-$*-console -test-function: - curl -X POST "http://localhost:9001/2015-03-31/functions/function/invocations" -d '{"name": "World"}' + # Test that we can override PHP_INI_SCAN_DIR + docker stop test-${CPU_PREFIX}php-$*-test7 2> /dev/null || true # silence errors + docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-test7 \ + -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" \ + bref/${CPU_PREFIX}php-$* test_4_function_handler.php + docker exec test-${CPU_PREFIX}php-$*-test7 php test_7_custom_ini_scan_dir.php \ + || (docker logs test-${CPU_PREFIX}php-$*-test7 && exit 1) # print logs in case of failure + docker stop test-${CPU_PREFIX}php-$*-test7 -test-fpm: - curl -X POST "http://localhost:9002/2015-03-31/functions/function/invocations" --data-binary "@test_5_event.json" + echo "\033[1;32m✓ Tests succeeded\033[0m" vendor: docker compose run --rm composer install clean: - docker compose down rm -rf vendor composer.lock diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml deleted file mode 100644 index 0f9e8efc..00000000 --- a/tests/docker-compose.yml +++ /dev/null @@ -1,103 +0,0 @@ -version: '3.8' - -services: - - php-80: - image: bref/${CPU_PREFIX}php-80 - volumes: [ '.:/var/task:ro' ] - entrypoint: php - - php-80-handler: - image: bref/${CPU_PREFIX}php-80 - volumes: [ '.:/var/task:ro' ] - ports: [ '9001:8080' ] - command: test_4_function_handler.php - - php-80-handler-test7: - image: bref/${CPU_PREFIX}php-80 - volumes: [ '.:/var/task:ro' ] - ports: [ '9004:8080' ] - command: test_4_function_handler.php - environment: - # Override for test 7 - PHP_INI_SCAN_DIR: "/opt/bref/etc/php/conf.d/:/var/task/" - - php-80-fpm-handler: - image: bref/${CPU_PREFIX}php-80-fpm - volumes: [ '.:/var/task:ro' ] - ports: [ '9002:8080' ] - command: test_5_fpm_handler.php - - php-80-console-handler: - image: bref/${CPU_PREFIX}php-80-console - volumes: [ '.:/var/task:ro' ] - ports: [ '9003:8080' ] - command: test_6_console_handler.php - - php-81: - image: bref/${CPU_PREFIX}php-81 - volumes: [ '.:/var/task:ro' ] - entrypoint: php - - php-81-handler: - image: bref/${CPU_PREFIX}php-81 - volumes: [ '.:/var/task:ro' ] - ports: [ '9001:8080' ] - command: test_4_function_handler.php - - php-81-handler-test7: - image: bref/${CPU_PREFIX}php-81 - volumes: [ '.:/var/task:ro' ] - ports: [ '9004:8080' ] - command: test_4_function_handler.php - environment: - # Override for test 7 - PHP_INI_SCAN_DIR: "/opt/bref/etc/php/conf.d/:/var/task/" - - php-81-fpm-handler: - image: bref/${CPU_PREFIX}php-81-fpm - volumes: [ '.:/var/task:ro' ] - ports: [ '9002:8080' ] - command: test_5_fpm_handler.php - - php-81-console-handler: - image: bref/${CPU_PREFIX}php-81-console - volumes: [ '.:/var/task:ro' ] - ports: [ '9003:8080' ] - command: test_6_console_handler.php - - php-82: - image: bref/${CPU_PREFIX}php-82 - volumes: [ '.:/var/task:ro' ] - entrypoint: php - - php-82-handler: - image: bref/${CPU_PREFIX}php-82 - volumes: [ '.:/var/task:ro' ] - ports: [ '9001:8080' ] - command: test_4_function_handler.php - - php-82-handler-test7: - image: bref/${CPU_PREFIX}php-82 - volumes: [ '.:/var/task:ro' ] - ports: [ '9004:8080' ] - command: test_4_function_handler.php - environment: - # Override for test 7 - PHP_INI_SCAN_DIR: "/opt/bref/etc/php/conf.d/:/var/task/" - - php-82-fpm-handler: - image: bref/${CPU_PREFIX}php-82-fpm - volumes: [ '.:/var/task:ro' ] - ports: [ '9002:8080' ] - command: test_5_fpm_handler.php - - php-82-console-handler: - image: bref/${CPU_PREFIX}php-82-console - volumes: [ '.:/var/task:ro' ] - ports: [ '9003:8080' ] - command: test_6_console_handler.php - - composer: - image: composer - volumes: [ '.:/app' ] From 67d13bf838217f40c18b640d303346c459b76d70 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 23:03:39 +0100 Subject: [PATCH 43/97] Debug CI --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9d265414..726b3484 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -49,6 +49,8 @@ jobs: console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max + - run: ls -lah + - run: pwd - run: make -f cpu-x86.Makefile test tests-arm: From e9ca837ed27c2cac4f5e3b4f4d68e1e2d797376b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 23:07:38 +0100 Subject: [PATCH 44/97] Debug CI --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 726b3484..dd21059b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -49,8 +49,8 @@ jobs: console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max - - run: ls -lah - - run: pwd + - run: ls -lah tests + - run: cd tests && make test - run: make -f cpu-x86.Makefile test tests-arm: From ba21352a1ba440a01d5116010d8d7d0601ff45dc Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 23:16:25 +0100 Subject: [PATCH 45/97] Fix tests --- .github/workflows/tests.yml | 2 -- tests/Makefile | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index dd21059b..9d265414 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -49,8 +49,6 @@ jobs: console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max - - run: ls -lah tests - - run: cd tests && make test - run: make -f cpu-x86.Makefile test tests-arm: diff --git a/tests/Makefile b/tests/Makefile index 270d5270..8978add1 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -53,7 +53,7 @@ test-%: vendor echo "\033[1;32m✓ Tests succeeded\033[0m" vendor: - docker compose run --rm composer install + docker run --rm -v=$(PWD):/app composer install clean: rm -rf vendor composer.lock From fe64ad243b513cdd0f2dadcdb75eb89820bc0d14 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 15 Jan 2023 23:27:39 +0100 Subject: [PATCH 46/97] Build all PHP versions to get all failure information --- .github/workflows/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9d265414..3ab9fede 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,6 +11,7 @@ jobs: name: Build and tests x86 layers runs-on: ubuntu-latest strategy: + fail-fast: false matrix: php_version: - 80 From 3692e38ffd600c0e267b5d5be2777bb96c7d07ef Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 15:34:09 +0100 Subject: [PATCH 47/97] Debug CI --- tests/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Makefile b/tests/Makefile index 8978add1..a23ead75 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -7,6 +7,8 @@ test: test-80 test-81 test-82 # This rule matches with a wildcard, for example `test-80`. # The `$*` variable will contained the matched part, in this case `80`. test-%: vendor + docker inspect bref/php-80 + docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_1_binary.php $* From 0ea011668095a5eaee1e1fb568f3cdccaef20daf Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 15:47:09 +0100 Subject: [PATCH 48/97] CI --- .github/workflows/tests.yml | 2 +- tests/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3ab9fede..4f60d6a7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -50,7 +50,7 @@ jobs: console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max - - run: make -f cpu-x86.Makefile test + - run: cd tests && make test-${{ matrix.php_version }} tests-arm: name: Build ARM images, layers, and run tests diff --git a/tests/Makefile b/tests/Makefile index a23ead75..fb857401 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -7,7 +7,7 @@ test: test-80 test-81 test-82 # This rule matches with a wildcard, for example `test-80`. # The `$*` variable will contained the matched part, in this case `80`. test-%: vendor - docker inspect bref/php-80 + docker image ls docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_1_binary.php $* From a8cdbcc8ad5a903aa69899680268ae357b1e3087 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 16:03:36 +0100 Subject: [PATCH 49/97] Fix image name --- docker-bake.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index ad2da069..62d154e9 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -71,7 +71,7 @@ target "console" { target "php-fpm-dev" { context = "layers/fpm-dev" - tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm"] + tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm-dev"] args = { PHP_VERSION = "${PHP_VERSION}" CPU_PREFIX = "${CPU_PREFIX}" From ff880a024a34cb3e8240d24c8c22c589c57ac59b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 17:10:56 +0100 Subject: [PATCH 50/97] Adopt bake for local build --- cpu-x86.Makefile | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index af9ccaf3..d3a920b0 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -19,18 +19,7 @@ base-devel: # Build Docker images *locally* docker-images: - # Prepare the content of `/opt` that will be copied in each layer - docker compose -f ./layers/docker-compose.yml build - # Build images for "build environment" - docker compose build build-php-80 build-php-81 build-php-82 - # Build images for function layers - docker compose build php-80 php-81 php-82 - # Build images for FPM layers - docker compose build php-80-fpm php-81-fpm php-82-fpm - # Build images for console layers - docker compose build php-80-console php-81-console php-82-console - # Build dev images - docker compose build php-80-fpm-dev php-81-fpm-dev php-82-fpm-dev + docker buildx bake --load # Build Lambda layers (zip files) *locally* From 8c666c7845bc8452cb01191f35343df20fdb9507 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 17:16:09 +0100 Subject: [PATCH 51/97] Document not to enable [the experimental Rosetta emulation](https://docs.docker.com/desktop/release-notes/#4160) --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index dca57b44..39f65494 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,10 @@ If you are submitting a pull request to this repository, you probably want to te ### Building +> **Warning:** +> +> On macOS, do not enable [the experimental Rosetta emulation](https://docs.docker.com/desktop/release-notes/#4160). This causes a Segmentation Fault when running `php-fpm` in the Docker images. + You can build Docker images and Lambda layers locally: ```sh From 897a5344f888d2b5434937529bcc580f336f3aa6 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 17:16:25 +0100 Subject: [PATCH 52/97] Cleanup CI debug line --- tests/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index fb857401..8978add1 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -7,8 +7,6 @@ test: test-80 test-81 test-82 # This rule matches with a wildcard, for example `test-80`. # The `$*` variable will contained the matched part, in this case `80`. test-%: vendor - docker image ls - docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_1_binary.php $* From fab1937373535d56bf33bf2edc282c349e9d0d64 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 18:02:34 +0100 Subject: [PATCH 53/97] Get rid of `docker compose` for exporting zip layers --- .github/workflows/tests.yml | 2 ++ README.md | 1 + cpu-x86.Makefile | 19 +++++++------------ php-80/cpu-x86.Dockerfile | 19 ------------------- php-81/cpu-x86.Dockerfile | 20 -------------------- php-82/cpu-x86.Dockerfile | 19 ------------------- utils/docker-zip-dir.sh | 15 +++++++++++++++ 7 files changed, 25 insertions(+), 70 deletions(-) create mode 100755 utils/docker-zip-dir.sh diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4f60d6a7..9c30d604 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -50,6 +50,8 @@ jobs: console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max + - name: Test that layers can be exported + run: make -f cpu-x86.Makefile layers - run: cd tests && make test-${{ matrix.php_version }} tests-arm: diff --git a/README.md b/README.md index 39f65494..d57a99f1 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ If you are submitting a pull request to this repository, you probably want to te ### Requirements - `make` +- `zip` - Docker - AWS CLI (if publishing layers) - AWS credentials set up locally (if publishing layers) diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index d3a920b0..9f998c7b 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -23,18 +23,13 @@ docker-images: # Build Lambda layers (zip files) *locally* -layers: docker-images - # Build the containers that will zip the layers - docker compose build php-80-zip php-81-zip php-82-zip - docker compose build php-80-zip-fpm php-81-zip-fpm php-82-zip-fpm - docker compose build php-80-zip-console - - # Run the zip containers: the layers will be copied to `./output/` - docker compose up php-80-zip php-81-zip php-82-zip \ - php-80-zip-fpm php-81-zip-fpm php-82-zip-fpm \ - php-80-zip-console - # Clean up containers - docker compose down +layers: docker-images layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm + # Handle this layer specifically + ./utils/docker-zip-dir.sh bref/php-80-console-zip console +# This rule matches with a wildcard, for example `layer-php-80`. +# The `$*` variable will contained the matched part, in this case `php-80`. +layer-%: + ./utils/docker-zip-dir.sh bref/$* $* # Upload the layers to AWS Lambda diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile index 30945bbf..4ac1bd65 100644 --- a/php-80/cpu-x86.Dockerfile +++ b/php-80/cpu-x86.Dockerfile @@ -125,15 +125,6 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php -FROM alpine:3.14 as zip-function - -RUN apk add zip - -COPY --link --from=function /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . # Up until here the entire file has been designed as a top-down reading/execution. # Everything necessary for the `function` layer has been installed, isolated and @@ -162,13 +153,3 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime - -FROM alpine:3.14 as zip-fpm - -RUN apk add zip - -COPY --link --from=fpm /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index a2072a73..1e0a9c8f 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -125,16 +125,6 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php -FROM alpine:3.14 as zip-function - -RUN apk add zip - -COPY --link --from=function /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . - # Up until here the entire file has been designed as a top-down reading/execution. # Everything necessary for the `function` layer has been installed, isolated and @@ -163,13 +153,3 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime - -FROM alpine:3.14 as zip-fpm - -RUN apk add zip - -COPY --link --from=fpm /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile index 7b1b5d78..e9554ac2 100644 --- a/php-82/cpu-x86.Dockerfile +++ b/php-82/cpu-x86.Dockerfile @@ -125,15 +125,6 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php -FROM alpine:3.14 as zip-function - -RUN apk add zip - -COPY --link --from=function /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . # Up until here the entire file has been designed as a top-down reading/execution. # Everything necessary for the `function` layer has been installed, isolated and @@ -162,13 +153,3 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime - -FROM alpine:3.14 as zip-fpm - -RUN apk add zip - -COPY --link --from=fpm /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . diff --git a/utils/docker-zip-dir.sh b/utils/docker-zip-dir.sh new file mode 100755 index 00000000..a75122ab --- /dev/null +++ b/utils/docker-zip-dir.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +# Fail on error +set -e + +rm -rf "output/$2" +mkdir "output/$2" + +docker create --name bref-export-zip "$1" + +docker cp bref-export-zip:/opt "output/$2" + +zip --quiet --recurse-paths "output/$2.zip" "output/$2" + +docker rm -f bref-export-zip From 47c21ec01bc274b4f9b4f99e53414329838ee398 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 18:22:36 +0100 Subject: [PATCH 54/97] Fix the zip script --- utils/docker-zip-dir.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/utils/docker-zip-dir.sh b/utils/docker-zip-dir.sh index a75122ab..2403cb1e 100755 --- a/utils/docker-zip-dir.sh +++ b/utils/docker-zip-dir.sh @@ -3,13 +3,19 @@ # Fail on error set -e +rm -f "output/$2.zip" rm -rf "output/$2" mkdir "output/$2" +# Remove any previously failed container if it exists +docker rm -f bref-export-zip 2>/dev/null || true + docker create --name bref-export-zip "$1" -docker cp bref-export-zip:/opt "output/$2" +docker cp bref-export-zip:/opt/. "output/$2" + +cd "output/$2" -zip --quiet --recurse-paths "output/$2.zip" "output/$2" +zip --quiet --recurse-paths "../$2.zip" . docker rm -f bref-export-zip From fd777f93ae3c36c4ee8747d29cde10e8793f4d5b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 19:34:47 +0100 Subject: [PATCH 55/97] Locally build all images --- cpu-x86.Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 9f998c7b..eb4d53fc 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -19,7 +19,9 @@ base-devel: # Build Docker images *locally* docker-images: - docker buildx bake --load + PHP_VERSION=80 docker buildx bake --load + PHP_VERSION=81 docker buildx bake --load + PHP_VERSION=82 docker buildx bake --load # Build Lambda layers (zip files) *locally* From c33d364f9db9d0e0033d970d168229fb25dff76d Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 19:35:15 +0100 Subject: [PATCH 56/97] Too many system libraries were copied in layers --- utils/lib-check/copy-dependencies.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/utils/lib-check/copy-dependencies.php b/utils/lib-check/copy-dependencies.php index 2837c660..939027c5 100644 --- a/utils/lib-check/copy-dependencies.php +++ b/utils/lib-check/copy-dependencies.php @@ -37,6 +37,7 @@ } $librariesThatExistOnLambda = file(__DIR__ . "/libs-$arch.txt"); +$librariesThatExistOnLambda = array_map('trim', $librariesThatExistOnLambda); // For some reason some libraries are actually not in Lambda, despite being in the docker image 🤷 $librariesThatExistOnLambda = array_filter($librariesThatExistOnLambda, function ($library) { return ! str_contains($library, 'libgcrypt.so') && ! str_contains($library, 'libgpg-error.so'); @@ -44,7 +45,13 @@ $requiredLibraries = listAllDependenciesRecursively($pathToCheck); // Exclude existing system libraries -$requiredLibraries = array_filter($requiredLibraries, fn(string $lib) => !in_array($lib, $librariesThatExistOnLambda, true)); +$requiredLibraries = array_filter($requiredLibraries, function (string $lib) use ($librariesThatExistOnLambda) { + $keep = ! in_array(basename($lib), $librariesThatExistOnLambda, true); + if (! $keep) { + echo "Skipping $lib because it's already in Lambda" . PHP_EOL; + } + return $keep; +}); // Copy all the libraries foreach ($requiredLibraries as $libraryPath) { From e1e73f3450273b70d32c481d066c681791390e0e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 19:37:28 +0100 Subject: [PATCH 57/97] Improve code formatting --- base-devel/cpu-x86.Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index d194bb14..d676b6db 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -91,6 +91,7 @@ RUN set -xe; \ make install \ && rm ${INSTALL_DIR}/lib/libz.a + ############################################################################### # OPENSSL # https://github.com/openssl/openssl/releases @@ -126,6 +127,7 @@ RUN CFLAGS="" \ RUN make -j1 install_sw install_ssldirs RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} + ############################################################################### # LIBSSH2 # https://github.com/libssh2/libssh2/releases @@ -155,6 +157,7 @@ RUN CFLAGS="" \ -DCMAKE_BUILD_TYPE=RELEASE RUN cmake --build . --target install + ############################################################################### # LIBNGHTTP2 # This adds support for HTTP 2 requests in curl. @@ -224,6 +227,7 @@ RUN ./buildconf \ --with-nghttp2 RUN make install + ############################################################################### # LIBXML2 # https://github.com/GNOME/libxml2/releases @@ -255,6 +259,7 @@ RUN CFLAGS="" \ RUN make install \ && cp xml2-config ${INSTALL_DIR}/bin/xml2-config + ############################################################################### # LIBZIP # https://github.com/nih-at/libzip/releases @@ -275,6 +280,7 @@ RUN CFLAGS="" \ -DCMAKE_BUILD_TYPE=RELEASE RUN cmake --build . --target install + ############################################################################### # LIBSODIUM # https://github.com/jedisct1/libsodium/releases @@ -294,6 +300,7 @@ RUN CFLAGS="" \ && ./configure --prefix=${INSTALL_DIR} RUN make install + ############################################################################### # Postgres # https://github.com/postgres/postgres/releases @@ -347,6 +354,8 @@ RUN make && make install # sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel +# TODO Remove the following lines? + RUN cp -a /usr/lib64/libgcrypt.so* ${INSTALL_DIR}/lib64/ # Copy readline shared libs that are not present in amazonlinux2 From 8ddb7559c08c36721e0e0fa0aaac555ebdcb53e6 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 19:56:53 +0100 Subject: [PATCH 58/97] Do not re-build Docker images when building layer zip files That will avoid re-building Docker images twice in GitHub Actions --- README.md | 6 +++++- cpu-x86.Makefile | 23 ++++++++--------------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index d57a99f1..ac3cd164 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ If you are submitting a pull request to this repository, you probably want to te You can build Docker images and Lambda layers locally: ```sh -make layers +make ``` The process takes about 4 minutes. It will create the Docker images on your machine, and generate the Lambda layer zip files in `./output`. @@ -70,6 +70,9 @@ cp .env.example .env # Now edit the .env file +# Then build layers: +make + # Then publish layers: make upload-layers ``` @@ -77,6 +80,7 @@ make upload-layers You can also limit to ARM or X86 layers: ```sh +make -f cpu-x86.Makefile make -f cpu-x86.Makefile upload-layers ``` diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index eb4d53fc..35dd8a92 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -5,16 +5,9 @@ export CPU = x86 export CPU_PREFIX = -# - Build all layers -# - Publish all Docker images to Docker Hub -# - Publish all layers to AWS Lambda -# Uses the current AWS_PROFILE. Most users will not want to use this option -# as this will publish all layers to all regions + publish all Docker images. -everything: clean upload-layers upload-to-docker-hub - - -base-devel: - cd base-devel && $(MAKE) build-x86 +# Build all Docker images and layers *locally* +# Use this to test your changes +default: docker-images layers # Build Docker images *locally* @@ -25,7 +18,7 @@ docker-images: # Build Lambda layers (zip files) *locally* -layers: docker-images layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm +layers: layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm # Handle this layer specifically ./utils/docker-zip-dir.sh bref/php-80-console-zip console # This rule matches with a wildcard, for example `layer-php-80`. @@ -35,6 +28,8 @@ layer-%: # Upload the layers to AWS Lambda +# Uses the current AWS_PROFILE. Most users will not want to use this option +# as this will publish all layers to all regions + publish all Docker images. upload-layers: layers # Upload the function layers to AWS LAYER_NAME=php-80 $(MAKE) -C ./utils/lambda-publish publish-parallel @@ -50,8 +45,8 @@ upload-layers: layers LAYER_NAME=console $(MAKE) -C ./utils/lambda-publish publish-parallel -# Build and publish Docker images to Docker Hub. -upload-to-docker-hub: docker-images +# Publish Docker images to Docker Hub. +upload-to-docker-hub: # While in beta we tag and push the `:2` version, later we'll push `:latest` as well for image in \ "bref/php-80" "bref/php-80-fpm" "bref/php-80-console" "bref/build-php-80" "bref/php-80-fpm-dev" \ @@ -97,5 +92,3 @@ clean: docker image rm --force bref/php-82-console # Clear the build cache, else all images will be rebuilt using cached layers docker builder prune - -.PHONY: base-devel From c385bd4bb9025cfc921813c000d4756c329285ca Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 20:07:55 +0100 Subject: [PATCH 59/97] Build ARM layers by compiling PHP --- .github/workflows/tests.yml | 63 +++--- base-devel/cpu-arm.Dockerfile | 355 +++++++++++++++++++++++++++++++++- cpu-arm.Makefile | 82 ++++---- cpu-x86.Makefile | 5 +- php-80/cpu-arm.Dockerfile | 339 ++++++++++++-------------------- php-81/cpu-arm.Dockerfile | 339 ++++++++++++-------------------- php-82/cpu-arm.Dockerfile | 156 +++++++++++++++ 7 files changed, 834 insertions(+), 505 deletions(-) create mode 100644 php-82/cpu-arm.Dockerfile diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9c30d604..07b3eb91 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,28 +7,38 @@ on: branches: [ '*' ] jobs: - tests-x86: - name: Build and tests x86 layers + tests: + name: Build and tests layers runs-on: ubuntu-latest strategy: fail-fast: false matrix: + cpu: + - x86 + - arm php_version: - 80 - 81 - 82 steps: + - uses: actions/checkout@v3 + + # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images + - name: Set up QEMU to build ARM images + uses: docker/setup-qemu-action@v2 + - name: Set up Docker buildx to use BuildKit features uses: docker/setup-buildx-action@v2 with: # Sets up `docker build` command as an alias to `docker buildx` install: true + - name: Build Docker images uses: docker/bake-action@v2.3.0 env: PHP_VERSION: ${{ matrix.php_version }} - CPU: x86 + CPU: ${{ matrix.cpu }} with: # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load @@ -36,33 +46,24 @@ jobs: # Cache Docker layers in GitHub Actions cache, scoped per image # https://github.com/docker/bake-action/issues/87#issuecomment-1184659151 set: | - base-devel.cache-from=type=gha,scope=base-devel-x86 - base-devel.cache-to=type=gha,scope=base-devel-x86,mode=max - build-php.cache-from=type=gha,scope=build-php-${{ matrix.php_version }} - build-php.cache-to=type=gha,scope=build-php-${{ matrix.php_version }},mode=max - php.cache-from=type=gha,scope=php-${{ matrix.php_version }} - php.cache-to=type=gha,scope=php-${{ matrix.php_version }},mode=max - php-fpm.cache-from=type=gha,scope=php-fpm-${{ matrix.php_version }} - php-fpm.cache-to=type=gha,scope=php-fpm-${{ matrix.php_version }},mode=max - fpm-internal-src.cache-from=type=gha,scope=fpm-internal-src-${{ matrix.php_version }} - fpm-internal-src.cache-to=type=gha,scope=fpm-internal-src-${{ matrix.php_version }},mode=max - console.cache-from=type=gha,scope=console-${{ matrix.php_version }} - console.cache-to=type=gha,scope=console-${{ matrix.php_version }},mode=max - php-fpm-dev.cache-from=type=gha,scope=php-fpm-dev-${{ matrix.php_version }} - php-fpm-dev.cache-to=type=gha,scope=php-fpm-dev-${{ matrix.php_version }},mode=max + base-devel.cache-from=type=gha,scope=base-devel-${{ matrix.cpu }} + base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }},mode=max + build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} + build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }},mode=max + php.cache-from=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} + php.cache-to=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }},mode=max + php-fpm.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }} + php-fpm.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }},mode=max + fpm-internal-src.cache-from=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} + fpm-internal-src.cache-to=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }},mode=max + console.cache-from=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} + console.cache-to=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }},mode=max + php-fpm-dev.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} + php-fpm-dev.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }},mode=max + - name: Test that layers can be exported - run: make -f cpu-x86.Makefile layers - - run: cd tests && make test-${{ matrix.php_version }} + run: | + make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }} + make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }}-fpm - tests-arm: - name: Build ARM images, layers, and run tests - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images - - name: Set up QEMU to build ARM images - uses: docker/setup-qemu-action@v2 - - name: Set up Docker buildx to build ARM images - uses: docker/setup-buildx-action@v2 - - run: make -f cpu-arm.Makefile layers - - run: make -f cpu-arm.Makefile test + - run: make -f cpu-${{ matrix.cpu }}.Makefile test-${{ matrix.php_version }} diff --git a/base-devel/cpu-arm.Dockerfile b/base-devel/cpu-arm.Dockerfile index 0858d928..bb75a6a1 100644 --- a/base-devel/cpu-arm.Dockerfile +++ b/base-devel/cpu-arm.Dockerfile @@ -1,6 +1,355 @@ +# The container we build here contains everything needed to compile PHP. +# We build in here everything that is stable (e.g. system tools) so that we don't +# recompile them every time we change PHP. + + +# Lambda uses a custom AMI named Amazon Linux 2 +# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html +# AWS provides a Docker image that we use here: +# https://github.com/amazonlinux/container-images/tree/amzn2 FROM public.ecr.aws/lambda/provided:al2-arm64 -RUN yum install -y unzip curl -# Install development tools to compile extra PHP extensions -RUN yum groupinstall -y "Development Tools" +# Temp directory in which all compilation happens +WORKDIR /tmp + + +RUN set -xe \ + # Download yum repository data to cache + && yum makecache \ + # Default Development Tools + && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default + + +# The default version of cmake is 2.8.12. We need cmake to build a few of +# our libraries, and at least one library requires a version of cmake greater than that. +# Needed to build: +# - libzip: minimum required CMAKE version 3.0. +RUN LD_LIBRARY_PATH= yum install -y cmake3 +# Override the default `cmake` +RUN ln -s /usr/bin/cmake3 /usr/bin/cmake + +# Use the bash shell, instead of /bin/sh +# Why? We need to document this. +SHELL ["/bin/bash", "-c"] + +# We need a base path for all the sourcecode we will build from. +ENV BUILD_DIR="/tmp/build" + +# Target installation path for all the packages we will compile +ENV INSTALL_DIR="/tmp/bref" + +# We need some default compiler variables setup +ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ + PKG_CONFIG="/usr/bin/pkg-config" \ + PATH="${INSTALL_DIR}/bin:${PATH}" + +ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" + +# Enable parallelism by default for make and cmake (like make -j) +# See https://stackoverflow.com/a/50883540/245552 +ENV CMAKE_BUILD_PARALLEL_LEVEL=4 +ENV MAKEFLAGS='-j4' + +# Ensure we have all the directories we require in the container. +RUN mkdir -p ${BUILD_DIR} \ + ${INSTALL_DIR}/bin \ + ${INSTALL_DIR}/doc \ + ${INSTALL_DIR}/etc/php \ + ${INSTALL_DIR}/etc/php/conf.d \ + ${INSTALL_DIR}/include \ + ${INSTALL_DIR}/lib \ + ${INSTALL_DIR}/lib64 \ + ${INSTALL_DIR}/libexec \ + ${INSTALL_DIR}/sbin \ + ${INSTALL_DIR}/share + + +############################################################################### +# ZLIB +# https://github.com/madler/zlib/releases +# Needed for: +# - openssl +# - curl +# - php +# Used By: +# - xml2 +ENV VERSION_ZLIB=1.2.13 +ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib +RUN set -xe; \ + mkdir -p ${ZLIB_BUILD_DIR}; \ + curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ + | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 +WORKDIR ${ZLIB_BUILD_DIR}/ +RUN set -xe; \ + make distclean \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure --prefix=${INSTALL_DIR} --64 +RUN set -xe; \ + make install \ + && rm ${INSTALL_DIR}/lib/libz.a + + +############################################################################### +# OPENSSL +# https://github.com/openssl/openssl/releases +# Needs: +# - zlib +# Needed by: +# - curl +# - php +ENV VERSION_OPENSSL=1.1.1s +ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl +ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" +ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" +RUN set -xe; \ + mkdir -p ${OPENSSL_BUILD_DIR}; \ + curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ + | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 +WORKDIR ${OPENSSL_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./config \ + --prefix=${INSTALL_DIR} \ + --openssldir=${INSTALL_DIR}/ssl \ + --release \ + no-tests \ + shared \ + zlib +# Explicitly compile make without parallelism because it fails if we use -jX (no error message) +# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: +# https://github.com/openssl/openssl/issues/9931 +# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 +# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 +RUN make -j1 install_sw install_ssldirs +RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} + + +############################################################################### +# LIBSSH2 +# https://github.com/libssh2/libssh2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_LIBSSH2=1.10.0 +ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 +RUN set -xe; \ + mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ + curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ + | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + # Build as a shared library (.so) instead of a static one + -DBUILD_SHARED_LIBS=ON \ + # Build with OpenSSL support + -DCRYPTO_BACKEND=OpenSSL \ + # Build with zlib support + -DENABLE_ZLIB_COMPRESSION=ON \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBNGHTTP2 +# This adds support for HTTP 2 requests in curl. +# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 +# https://github.com/nghttp2/nghttp2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_NGHTTP2=1.51.0 +ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 +RUN set -xe; \ + mkdir -p ${NGHTTP2_BUILD_DIR}; \ + curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ + | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 +WORKDIR ${NGHTTP2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --enable-lib-only \ + --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# CURL +# # https://github.com/curl/curl/releases +# # Needs: +# # - zlib +# # - OpenSSL +# # - libssh2 +# # Needed by: +# # - php +ENV VERSION_CURL=7.85.0 +ENV CURL_BUILD_DIR=${BUILD_DIR}/curl +RUN set -xe; \ + mkdir -p ${CURL_BUILD_DIR}/bin; \ + curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ + | tar xzC ${CURL_BUILD_DIR} --strip-components=1 +WORKDIR ${CURL_BUILD_DIR}/ +RUN ./buildconf \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-ca-bundle=${CA_BUNDLE} \ + --enable-shared \ + --disable-static \ + --enable-optimize \ + --disable-warnings \ + --disable-dependency-tracking \ + --with-zlib \ + --enable-http \ + --enable-ftp \ + --enable-file \ + --enable-proxy \ + --enable-tftp \ + --enable-ipv6 \ + --enable-openssl-auto-load-config \ + --enable-cookies \ + --with-gnu-ld \ + --with-ssl \ + --with-libssh2 \ + --with-nghttp2 +RUN make install + + +############################################################################### +# LIBXML2 +# https://github.com/GNOME/libxml2/releases +# Uses: +# - zlib +# Needed by: +# - php +ENV VERSION_XML2=2.10.3 +ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 +RUN set -xe; \ + mkdir -p ${XML2_BUILD_DIR}; \ + curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ + | tar xJC ${XML2_BUILD_DIR} --strip-components=1 +WORKDIR ${XML2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-sysroot=${INSTALL_DIR} \ + --enable-shared \ + --disable-static \ + --with-html \ + --with-history \ + --enable-ipv6=no \ + --with-icu \ + --with-zlib=${INSTALL_DIR} \ + --without-python +RUN make install \ + && cp xml2-config ${INSTALL_DIR}/bin/xml2-config + + +############################################################################### +# LIBZIP +# https://github.com/nih-at/libzip/releases +# Needed by: +# - php +ENV VERSION_ZIP=1.9.2 +ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip +RUN set -xe; \ + mkdir -p ${ZIP_BUILD_DIR}/bin/; \ + curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ + | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 +WORKDIR ${ZIP_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBSODIUM +# https://github.com/jedisct1/libsodium/releases +# Needed by: +# - php +ENV VERSION_LIBSODIUM=1.0.18 +ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium +RUN set -xe; \ + mkdir -p ${LIBSODIUM_BUILD_DIR}; \ + curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ + | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSODIUM_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./autogen.sh \ +&& ./configure --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# Postgres +# https://github.com/postgres/postgres/releases +# Needs: +# - OpenSSL +# Needed by: +# - php +ENV VERSION_POSTGRES=15.1 +ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres +RUN set -xe; \ + mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ + curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ + | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 +WORKDIR ${POSTGRES_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline +RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers +RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install + + +############################################################################### +# Oniguruma +# This library is not packaged in PHP since PHP 7.4. +# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 +# We do not install the system version because I didn't manage to make it work... +# Ideally we shouldn't compile it ourselves. +# https://github.com/kkos/oniguruma/releases +# Needed by: +# - php mbstring +ENV VERSION_ONIG=6.9.8 +ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma +RUN set -xe; \ + mkdir -p ${ONIG_BUILD_DIR}; \ + curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ + | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 +WORKDIR ${ONIG_BUILD_DIR} +RUN ./configure --prefix=${INSTALL_DIR} +RUN make && make install + + +############################################################################### +# Install some dev files for using old libraries already on the system +# readline-devel : needed for the readline extension +# gettext-devel : needed for the --with-gettext flag +# libicu-devel : needed for intl +# libxslt-devel : needed for the XSL extension +# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) +RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 555c5eff..d7725f0d 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -5,59 +5,48 @@ export CPU = arm export CPU_PREFIX = arm- -# - Build all layers -# - Publish all Docker images to Docker Hub -# - Publish all layers to AWS Lambda -# Uses the current AWS_PROFILE. Most users will not want to use this option -# as this will publish all layers to all regions + publish all Docker images. -everything: clean upload-layers upload-to-docker-hub +# Build all Docker images and layers *locally* +# Use this to test your changes +default: docker-images layers # Build Docker images *locally* docker-images: - # Prepare the content of `/opt` that will be copied in each layer - docker compose -f ./layers/docker-compose.yml build - # Build images for "build environment" - docker compose build build-php-80 build-php-81 - # Build images for function layers - docker compose build php-80 php-81 - # Build images for FPM layers - docker compose build php-80-fpm php-81-fpm - # Build images for console layers - docker compose build php-80-console php-81-console - # Build dev images - docker compose build php-80-fpm-dev php-81-fpm-dev + PHP_VERSION=80 docker buildx bake --load + PHP_VERSION=81 docker buildx bake --load + PHP_VERSION=82 docker buildx bake --load # Build Lambda layers (zip files) *locally* -layers: docker-images - # Build the containers that will zip the layers - docker compose build php-80-zip php-81-zip \ - php-80-zip-fpm php-81-zip-fpm - - # Run the zip containers: the layers will be copied to `./output/` - docker compose up php-80-zip php-81-zip \ - php-80-zip-fpm php-81-zip-fpm - # Clean up containers - docker compose down +layers: layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm +# This rule matches with a wildcard, for example `layer-php-80`. +# The `$*` variable will contained the matched part, in this case `php-80`. +layer-%: + ./utils/docker-zip-dir.sh bref/$* $* # Upload the layers to AWS Lambda +# Uses the current AWS_PROFILE. Most users will not want to use this option +# as this will publish all layers to all regions + publish all Docker images. upload-layers: layers # Upload the function layers to AWS - LAYER_NAME=arm-php-80 $(MAKE) -C ./utils/lambda-publish/ publish-parallel - LAYER_NAME=arm-php-81 $(MAKE) -C ./utils/lambda-publish/ publish-parallel + LAYER_NAME=arm-php-80 $(MAKE) -C ./utils/lambda-publish publish-parallel + LAYER_NAME=arm-php-81 $(MAKE) -C ./utils/lambda-publish publish-parallel + LAYER_NAME=arm-php-82 $(MAKE) -C ./utils/lambda-publish publish-parallel # Upload the FPM layers to AWS - LAYER_NAME=arm-php-80-fpm $(MAKE) -C ./utils/lambda-publish/ publish-parallel - LAYER_NAME=arm-php-81-fpm $(MAKE) -C ./utils/lambda-publish/ publish-parallel + LAYER_NAME=arm-php-80-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel + LAYER_NAME=arm-php-81-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel + LAYER_NAME=arm-php-82-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel -# Build and publish Docker images to Docker Hub. -upload-to-docker-hub: docker-images +# Publish Docker images to Docker Hub. +upload-to-docker-hub: + # While in beta we tag and push the `:2` version, later we'll push `:latest` as well for image in \ "bref/arm-php-80" "bref/arm-php-80-fpm" "bref/arm-php-80-console" "bref/arm-build-php-80" "bref/arm-php-80-fpm-dev" \ "bref/arm-php-81" "bref/arm-php-81-fpm" "bref/arm-php-81-console" "bref/arm-build-php-81" "bref/arm-php-81-fpm-dev"; \ + "bref/arm-php-82" "bref/arm-php-82-fpm" "bref/arm-php-82-console" "bref/arm-build-php-82" "bref/arm-php-82-fpm-dev"; \ do \ docker tag $$image $$image:2 ; \ docker push $$image:2 ; \ @@ -66,9 +55,9 @@ upload-to-docker-hub: docker-images # We could actually use `docker push --all-tags` at the end probably? -test: - cd tests && $(MAKE) test-80 - cd tests && $(MAKE) test-81 +test: test-80 test-81 test-82 +test-%: + cd tests && $(MAKE) test-$* clean: @@ -77,18 +66,25 @@ clean: # Clean Docker images to force rebuilding them docker image rm --force bref/arm-fpm-internal-src docker image rm --force bref/arm-build-php-80 - docker image rm --force bref/arm-php-80 - docker image rm --force bref/arm-php-80-zip - docker image rm --force bref/arm-php-80-fpm - docker image rm --force bref/arm-php-80-fpm-zip - docker image rm --force bref/arm-php-80-fpm-dev - docker image rm --force bref/arm-php-80-console docker image rm --force bref/arm-build-php-81 + docker image rm --force bref/arm-build-php-82 + docker image rm --force bref/arm-php-80 docker image rm --force bref/arm-php-81 + docker image rm --force bref/arm-php-82 + docker image rm --force bref/arm-php-80-zip docker image rm --force bref/arm-php-81-zip + docker image rm --force bref/arm-php-82-zip + docker image rm --force bref/arm-php-80-fpm docker image rm --force bref/arm-php-81-fpm + docker image rm --force bref/arm-php-82-fpm + docker image rm --force bref/arm-php-80-fpm-zip docker image rm --force bref/arm-php-81-fpm-zip + docker image rm --force bref/arm-php-82-fpm-zip + docker image rm --force bref/arm-php-80-fpm-dev docker image rm --force bref/arm-php-81-fpm-dev + docker image rm --force bref/arm-php-82-fpm-dev + docker image rm --force bref/arm-php-80-console docker image rm --force bref/arm-php-81-console + docker image rm --force bref/arm-php-82-console # Clear the build cache, else all images will be rebuilt using cached layers docker builder prune diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 35dd8a92..db0a68d7 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -60,8 +60,9 @@ upload-to-docker-hub: # We could actually use `docker push --all-tags` at the end probably? -test: - cd tests && $(MAKE) test +test: test-80 test-81 test-82 +test-%: + cd tests && $(MAKE) test-$* clean: diff --git a/php-80/cpu-arm.Dockerfile b/php-80/cpu-arm.Dockerfile index fbe2555d..ad0b542b 100644 --- a/php-80/cpu-arm.Dockerfile +++ b/php-80/cpu-arm.Dockerfile @@ -1,200 +1,131 @@ +# syntax = docker/dockerfile:1.4 FROM bref/base-devel-arm as build-environment -# Specifying the exact PHP version lets us avoid the Docker cache when a new version comes out -ENV VERSION_PHP=8.0.25-1 -# Check out the latest version available by running: -# docker run --rm -it --entrypoint=bash public.ecr.aws/lambda/provided:al2-arm64 -c "yum install -y amazon-linux-extras && amazon-linux-extras enable php8.0 && yum list php-cli" - - -# Work in a temporary /bref dir to avoid any conflict/mixup with other /opt files -# /bref will eventually be moved to /opt -RUN mkdir /bref \ -&& mkdir /bref/bin \ -&& mkdir /bref/lib \ -&& mkdir -p /bref/bref/extensions - -RUN yum install -y amazon-linux-extras - -RUN amazon-linux-extras enable php8.0 - -# --setopt=skip_missing_names_on_install=False makes sure we get an error if a package is missing -RUN yum install --setopt=skip_missing_names_on_install=False -y \ - php-cli-${VERSION_PHP}.amzn2 - -# These files are included on Amazon Linux 2 - -# RUN cp /lib64/librt.so.1 /bref/lib/librt.so.1 -# RUN cp /lib64/libstdc++.so.6 /bref/lib/libstdc++.so.6 -# RUN cp /lib64/libutil.so.1 /bref/lib/libutil.so.1 -# RUN cp /lib64/libxml2.so.2 /bref/lib/libxml2.so.2 -# RUN cp /lib64/libssl.so.10 /bref/lib/libssl.so.10 -# RUN cp /lib64/libz.so.1 /bref/lib/libz.so.1 -# RUN cp /lib64/libselinux.so.1 /bref/lib/libselinux.so.1 -# RUN cp /lib64/libssh2.so.1 /bref/lib/libssh2.so.1 -# RUN cp /lib64/libunistring.so.0 /bref/lib/libunistring.so.0 -# RUN cp /lib64/libsasl2.so.3 /bref/lib/libsasl2.so.3 -# RUN cp /lib64/libssl3.so /bref/lib/libssl3.so -# RUN cp /lib64/libsmime3.so /bref/lib/libsmime3.so - -# PHP Binary -RUN cp /usr/bin/php /bref/bin/php && chmod +x /bref/bin/php -RUN cp /lib64/libedit.so.0 /bref/lib/libedit.so.0 -#RUN cp /lib64/libncurses.so.6 /bref/lib/libncurses.so.6 # already in AL2 -#RUN cp /lib64/libcrypt.so.1 /bref/lib/libcrypt.so.1 -#RUN cp /lib64/libresolv.so.2 /bref/lib/libresolv.so.2 -#RUN cp /lib64/libm.so.6 /bref/lib/libm.so.6 -#RUN cp /lib64/libdl.so.2 /bref/lib/libdl.so.2 -#RUN cp /lib64/libgssapi_krb5.so.2 /bref/lib/libgssapi_krb5.so.2 -#RUN cp /lib64/libkrb5.so.3 /bref/lib/libkrb5.so.3 -#RUN cp /lib64/libk5crypto.so.3 /bref/lib/libk5crypto.so.3 -#RUN cp /lib64/libcom_err.so.2 /bref/lib/libcom_err.so.2 -#RUN cp /lib64/libcrypto.so.10 /bref/lib/libcrypto.so.10 -#RUN cp /lib64/libc.so.6 /bref/lib/libc.so.6 -#RUN cp /lib64/libpthread.so.0 /bref/lib/libpthread.so.0 -#RUN cp /lib64/ld-linux-x86-64.so.2 /bref/lib/ld-linux-x86-64.so.2 -#RUN cp /lib64/libgcc_s.so.1 /bref/lib/libgcc_s.so.1 -#RUN cp /lib64/liblzma.so.5 /bref/lib/liblzma.so.5 -#RUN cp /lib64/libkrb5support.so.0 /bref/lib/libkrb5support.so.0 -#RUN cp /lib64/libkeyutils.so.1 /bref/lib/libkeyutils.so.1 -#RUN cp /lib64/libtinfo.so.6 /bref/lib/libtinfo.so.6 -#RUN cp /lib64/libpcre.so.1 /bref/lib/libpcre.so.1 - -# Default Extensions -RUN cp /usr/lib64/php/modules/ctype.so /bref/bref/extensions/ctype.so -RUN cp /usr/lib64/php/modules/exif.so /bref/bref/extensions/exif.so -RUN cp /usr/lib64/php/modules/fileinfo.so /bref/bref/extensions/fileinfo.so -RUN cp /usr/lib64/php/modules/ftp.so /bref/bref/extensions/ftp.so -RUN cp /usr/lib64/php/modules/gettext.so /bref/bref/extensions/gettext.so -RUN cp /usr/lib64/php/modules/iconv.so /bref/bref/extensions/iconv.so -RUN cp /usr/lib64/php/modules/sockets.so /bref/bref/extensions/sockets.so -RUN cp /usr/lib64/php/modules/tokenizer.so /bref/bref/extensions/tokenizer.so - -# cURL -RUN cp /usr/lib64/php/modules/curl.so /bref/bref/extensions/curl.so -#RUN cp /lib64/libcurl.so.4 /bref/lib/libcurl.so.4 -#RUN cp /lib64/libnghttp2.so.14 /bref/lib/libnghttp2.so.14 -#RUN cp /lib64/libidn2.so.0 /bref/lib/libidn2.so.0 -#RUN cp /lib64/libldap-2.4.so.2 /bref/lib/libldap-2.4.so.2 -#RUN cp /lib64/liblber-2.4.so.2 /bref/lib/liblber-2.4.so.2 -#RUN cp /lib64/libnss3.so /bref/lib/libnss3.so -#RUN cp /lib64/libnssutil3.so /bref/lib/libnssutil3.so -#RUN cp /lib64/libplds4.so /bref/lib/libplds4.so -#RUN cp /lib64/libplc4.so /bref/lib/libplc4.so -#RUN cp /lib64/libnspr4.so /bref/lib/libnspr4.so - -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-mbstring \ - php-bcmath \ - php-dom \ - php-mysqli \ - php-mysqlnd \ - php-opcache \ - php-pdo \ - php-pdo_mysql \ - php-phar \ - php-posix \ - php-simplexml \ - php-soap \ - php-sodium \ - php-xml \ - php-xmlreader \ - php-xmlwriter \ - php-xsl \ - php-intl \ - php-pdo_pgsql \ - php-zip - -# Install development tools to compile extra PHP extensions -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-devel \ - php-pear - -# Extra PHP extensions not provided compiled by default -RUN pecl install apcu - -RUN cp /usr/lib64/php/modules/mbstring.so /bref/bref/extensions/mbstring.so -RUN cp /usr/lib64/libonig.so.2 /bref/lib/libonig.so.2 - -# mysqli depends on mysqlnd -RUN cp /usr/lib64/php/modules/mysqli.so /bref/bref/extensions/mysqli.so -RUN cp /usr/lib64/php/modules/mysqlnd.so /bref/bref/extensions/mysqlnd.so - -#RUN cp /usr/lib64/libsqlite3.so.0 /bref/lib/libsqlite3.so.0 -RUN cp /usr/lib64/php/modules/sqlite3.so /bref/bref/extensions/sqlite3.so - -RUN cp /usr/lib64/libgpg-error.so.0 /bref/lib/libgpg-error.so.0 -RUN cp /usr/lib64/libgcrypt.so.11 /bref/lib/libgcrypt.so.11 -RUN cp /usr/lib64/libexslt.so.0 /bref/lib/libexslt.so.0 -RUN cp /usr/lib64/libxslt.so.1 /bref/lib/libxslt.so.1 -RUN cp /usr/lib64/php/modules/xsl.so /bref/bref/extensions/xsl.so - -#RUN cp /usr/lib64/libicuio.so.50 /bref/lib/libicuio.so.50 # already in AL2 -#RUN cp /usr/lib64/libicui18n.so.50 /bref/lib/libicui18n.so.50 # already in AL2 -#RUN cp /usr/lib64/libicuuc.so.50 /bref/lib/libicuuc.so.50 # already in AL2 -#RUN cp /usr/lib64/libicudata.so.50 /bref/lib/libicudata.so.50 # already in AL2 -RUN cp /usr/lib64/php/modules/intl.so /bref/bref/extensions/intl.so - -RUN cp /usr/lib64/libpq.so.5 /bref/lib/libpq.so.5 -#RUN cp /usr/lib64/libldap_r-2.4.so.2 /bref/lib/libldap_r-2.4.so.2 -RUN cp /usr/lib64/php/modules/pdo_pgsql.so /bref/bref/extensions/pdo_pgsql.so - -RUN cp /usr/lib64/libzip.so.5 /bref/lib/libzip.so.5 -RUN cp /usr/lib64/php/modules/zip.so /bref/bref/extensions/zip.so - -# sodium -RUN cp /usr/lib64/php/modules/sodium.so /bref/bref/extensions/sodium.so -RUN cp /usr/lib64/libsodium.so.23 /bref/lib/libsodium.so.23 - -# apcu -#RUN cp /usr/lib64/librt.so.1 /bref/lib/librt.so.1 # already in AL2 -#RUN cp /usr/lib64/libc.so.6 /bref/lib/libc.so.6 # already in AL2 -#RUN cp /usr/lib64/libpthread.so.0 /bref/lib/libpthread.so.0 # already in AL2 -RUN cp /usr/lib64/php/modules/apcu.so /bref/bref/extensions/apcu.so - -# other extensions without system dependencies -RUN cp /usr/lib64/php/modules/bcmath.so /bref/bref/extensions/bcmath.so -RUN cp /usr/lib64/php/modules/dom.so /bref/bref/extensions/dom.so -RUN cp /usr/lib64/php/modules/opcache.so /bref/bref/extensions/opcache.so -RUN cp /usr/lib64/php/modules/pdo.so /bref/bref/extensions/pdo.so -RUN cp /usr/lib64/php/modules/pdo_mysql.so /bref/bref/extensions/pdo_mysql.so -RUN cp /usr/lib64/php/modules/pdo_sqlite.so /bref/bref/extensions/pdo_sqlite.so -RUN cp /usr/lib64/php/modules/phar.so /bref/bref/extensions/phar.so -RUN cp /usr/lib64/php/modules/posix.so /bref/bref/extensions/posix.so -RUN cp /usr/lib64/php/modules/simplexml.so /bref/bref/extensions/simplexml.so -RUN cp /usr/lib64/php/modules/soap.so /bref/bref/extensions/soap.so -RUN cp /usr/lib64/php/modules/xml.so /bref/bref/extensions/xml.so -RUN cp /usr/lib64/php/modules/xmlreader.so /bref/bref/extensions/xmlreader.so -RUN cp /usr/lib64/php/modules/xmlwriter.so /bref/bref/extensions/xmlwriter.so - +ENV VERSION_PHP=8.0.25 + +RUN mkdir -p /tmp/php +WORKDIR /tmp/php + +# PHP Build +# https://github.com/php/php-src/releases +# Needs: +# - zlib +# - libxml2 +# - openssl +# - readline +# - sodium + +# Download and unpack the source code +# --location will follow redirects +# --silent will hide the progress, but also the errors: we restore error messages with --show-error +# --fail makes sure that curl returns an error instead of fetching the 404 page +RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ + | tar xzC . --strip-components=1 + +# Configure the build +# -fstack-protector-strong : Be paranoid about stack overflows +# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# -fpie : Support Address Space Layout Randomization (see -fpic) +# -O3 : Optimize for fastest binaries possible. +# -I : Add the path to the list of directories to be searched for header files during preprocessing. +# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings +# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) +# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) +# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 +RUN ./buildconf --force +RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ + ./configure \ + # TODO can we ignore this? \ +# --build=x86_64-pc-linux-gnu \ + --prefix=${INSTALL_DIR} \ + --enable-option-checking=fatal \ + --enable-sockets \ + --with-config-file-path=/opt/bref/etc/php \ + --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ + --enable-fpm \ + --disable-cgi \ + --enable-cli \ + --disable-phpdbg \ + --with-sodium \ + --with-readline \ + --with-openssl \ + --with-zlib=${INSTALL_DIR} \ + --with-zlib-dir=${INSTALL_DIR} \ + --with-curl \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pdo-mysql=shared,mysqlnd \ + --with-mysqli \ + --enable-pcntl \ + --with-zip \ + --enable-bcmath \ + --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --enable-intl=shared \ + --enable-soap \ + --with-xsl=${INSTALL_DIR} \ + # necessary for `pecl` to work (to install PHP extensions) + --with-pear +RUN make -j $(nproc) +# Run `make install` and override PEAR's PHAR URL because pear.php.net is down +RUN set -xe; \ + make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ + { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ + make clean; \ + cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini + + +# Install extensions +# We can install extensions manually or using `pecl` +RUN pecl install APCu + + +# --------------------------------------------------------------- +# Now we copy everything we need for the layers into /opt (location of the layers) +RUN mkdir /opt/bin \ +&& mkdir /opt/lib \ +&& mkdir -p /opt/bref/extensions + +# Copy the PHP binary into /opt/bin +RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php + +# Copy all the external PHP extensions +RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ + +# Copy all the required system libraries from: +# - /lib | /lib64 (system libraries installed with `yum`) +# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) +# into `/opt` (the directory of Lambda layers) +COPY --link utils/lib-check /bref/lib-copy +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib + + +# --------------------------------------------------------------- # Start from a clean image to copy only the files we need FROM public.ecr.aws/lambda/provided:al2-arm64 as isolation -COPY --from=build-environment /bref /opt - -# This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) -ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" +COPY --link --from=build-environment /opt /opt FROM isolation as function -COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bootstrap.sh /opt/bootstrap +COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/function/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/function/bootstrap.php /opt/bref/bootstrap.php - -FROM alpine:3.14 as zip-function - -RUN apk add zip +COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php -COPY --from=function /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . # Up until here the entire file has been designed as a top-down reading/execution. # Everything necessary for the `function` layer has been installed, isolated and @@ -203,41 +134,23 @@ RUN zip --quiet --recurse-paths /tmp/layer.zip . FROM build-environment as fpm-extension -RUN yum install -y php-fpm +RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib -FROM isolation as fpm -COPY --from=fpm-extension /usr/sbin/php-fpm /opt/bin/php-fpm +FROM isolation as fpm -COPY --from=fpm-extension /usr/lib64/libsystemd.so.0 /opt/lib/libsystemd.so.0 -COPY --from=fpm-extension /usr/lib64/liblz4.so.1 /opt/lib/liblz4.so.1 -COPY --from=fpm-extension /usr/lib64/libgcrypt.so.11 /opt/lib/libgcrypt.so.11 -COPY --from=fpm-extension /usr/lib64/libgpg-error.so.0 /opt/lib/libgpg-error.so.0 -COPY --from=fpm-extension /usr/lib64/libdw.so.1 /opt/lib/libdw.so.1 -#COPY --from=fpm-extension /usr/lib64/libacl.so.1 /opt/lib/libacl.so.1 -#COPY --from=fpm-extension /usr/lib64/libattr.so.1 /opt/lib/libattr.so.1 -#COPY --from=fpm-extension /usr/lib64/libcap.so.2 /opt/lib/libcap.so.2 -#COPY --from=fpm-extension /usr/lib64/libelf.so.1 /opt/lib/libelf.so.1 -#COPY --from=fpm-extension /usr/lib64/libbz2.so.1 /opt/lib/libbz2.so.1 +COPY --link --from=fpm-extension /opt /opt -COPY layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ +# TODO merge in the first file now that it's a much simpler file? +COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bootstrap.sh /opt/bootstrap +COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/fpm/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf - -COPY --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime - -FROM alpine:3.14 as zip-fpm - -RUN apk add zip - -COPY --from=fpm /opt /opt - -WORKDIR /opt +COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -RUN zip --quiet --recurse-paths /tmp/layer.zip . +COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime diff --git a/php-81/cpu-arm.Dockerfile b/php-81/cpu-arm.Dockerfile index 10356c3c..87e58b59 100644 --- a/php-81/cpu-arm.Dockerfile +++ b/php-81/cpu-arm.Dockerfile @@ -1,200 +1,131 @@ +# syntax = docker/dockerfile:1.4 FROM bref/base-devel-arm as build-environment -# Specifying the exact PHP version lets us avoid the Docker cache when a new version comes out -ENV VERSION_PHP=8.1.12-1 -# Check out the latest version available by running: -# docker run --rm -it --entrypoint=bash public.ecr.aws/lambda/provided:al2-arm64 -c "yum install -y amazon-linux-extras && amazon-linux-extras enable php8.1 && yum list php-cli" - - -# Work in a temporary /bref dir to avoid any conflict/mixup with other /opt files -# /bref will eventually be moved to /opt -RUN mkdir /bref \ -&& mkdir /bref/bin \ -&& mkdir /bref/lib \ -&& mkdir -p /bref/bref/extensions - -RUN yum install -y amazon-linux-extras - -RUN amazon-linux-extras enable php8.1 - -# --setopt=skip_missing_names_on_install=False makes sure we get an error if a package is missing -RUN yum install --setopt=skip_missing_names_on_install=False -y \ - php-cli-${VERSION_PHP}.amzn2 - -# These files are included on Amazon Linux 2 - -# RUN cp /lib64/librt.so.1 /bref/lib/librt.so.1 -# RUN cp /lib64/libstdc++.so.6 /bref/lib/libstdc++.so.6 -# RUN cp /lib64/libutil.so.1 /bref/lib/libutil.so.1 -# RUN cp /lib64/libxml2.so.2 /bref/lib/libxml2.so.2 -# RUN cp /lib64/libssl.so.10 /bref/lib/libssl.so.10 -# RUN cp /lib64/libz.so.1 /bref/lib/libz.so.1 -# RUN cp /lib64/libselinux.so.1 /bref/lib/libselinux.so.1 -# RUN cp /lib64/libssh2.so.1 /bref/lib/libssh2.so.1 -# RUN cp /lib64/libunistring.so.0 /bref/lib/libunistring.so.0 -# RUN cp /lib64/libsasl2.so.3 /bref/lib/libsasl2.so.3 -# RUN cp /lib64/libssl3.so /bref/lib/libssl3.so -# RUN cp /lib64/libsmime3.so /bref/lib/libsmime3.so - -# PHP Binary -RUN cp /usr/bin/php /bref/bin/php && chmod +x /bref/bin/php -RUN cp /lib64/libedit.so.0 /bref/lib/libedit.so.0 -#RUN cp /lib64/libncurses.so.6 /bref/lib/libncurses.so.6 # already in AL2 -#RUN cp /lib64/libcrypt.so.1 /bref/lib/libcrypt.so.1 -#RUN cp /lib64/libresolv.so.2 /bref/lib/libresolv.so.2 -#RUN cp /lib64/libm.so.6 /bref/lib/libm.so.6 -#RUN cp /lib64/libdl.so.2 /bref/lib/libdl.so.2 -#RUN cp /lib64/libgssapi_krb5.so.2 /bref/lib/libgssapi_krb5.so.2 -#RUN cp /lib64/libkrb5.so.3 /bref/lib/libkrb5.so.3 -#RUN cp /lib64/libk5crypto.so.3 /bref/lib/libk5crypto.so.3 -#RUN cp /lib64/libcom_err.so.2 /bref/lib/libcom_err.so.2 -#RUN cp /lib64/libcrypto.so.10 /bref/lib/libcrypto.so.10 -#RUN cp /lib64/libc.so.6 /bref/lib/libc.so.6 -#RUN cp /lib64/libpthread.so.0 /bref/lib/libpthread.so.0 -#RUN cp /lib64/ld-linux-x86-64.so.2 /bref/lib/ld-linux-x86-64.so.2 -#RUN cp /lib64/libgcc_s.so.1 /bref/lib/libgcc_s.so.1 -#RUN cp /lib64/liblzma.so.5 /bref/lib/liblzma.so.5 -#RUN cp /lib64/libkrb5support.so.0 /bref/lib/libkrb5support.so.0 -#RUN cp /lib64/libkeyutils.so.1 /bref/lib/libkeyutils.so.1 -#RUN cp /lib64/libtinfo.so.6 /bref/lib/libtinfo.so.6 -#RUN cp /lib64/libpcre.so.1 /bref/lib/libpcre.so.1 - -# Default Extensions -RUN cp /usr/lib64/php/modules/ctype.so /bref/bref/extensions/ctype.so -RUN cp /usr/lib64/php/modules/exif.so /bref/bref/extensions/exif.so -RUN cp /usr/lib64/php/modules/fileinfo.so /bref/bref/extensions/fileinfo.so -RUN cp /usr/lib64/php/modules/ftp.so /bref/bref/extensions/ftp.so -RUN cp /usr/lib64/php/modules/gettext.so /bref/bref/extensions/gettext.so -RUN cp /usr/lib64/php/modules/iconv.so /bref/bref/extensions/iconv.so -RUN cp /usr/lib64/php/modules/sockets.so /bref/bref/extensions/sockets.so -RUN cp /usr/lib64/php/modules/tokenizer.so /bref/bref/extensions/tokenizer.so - -# cURL -RUN cp /usr/lib64/php/modules/curl.so /bref/bref/extensions/curl.so -#RUN cp /lib64/libcurl.so.4 /bref/lib/libcurl.so.4 -#RUN cp /lib64/libnghttp2.so.14 /bref/lib/libnghttp2.so.14 -#RUN cp /lib64/libidn2.so.0 /bref/lib/libidn2.so.0 -#RUN cp /lib64/libldap-2.4.so.2 /bref/lib/libldap-2.4.so.2 -#RUN cp /lib64/liblber-2.4.so.2 /bref/lib/liblber-2.4.so.2 -#RUN cp /lib64/libnss3.so /bref/lib/libnss3.so -#RUN cp /lib64/libnssutil3.so /bref/lib/libnssutil3.so -#RUN cp /lib64/libplds4.so /bref/lib/libplds4.so -#RUN cp /lib64/libplc4.so /bref/lib/libplc4.so -#RUN cp /lib64/libnspr4.so /bref/lib/libnspr4.so - -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-mbstring \ - php-bcmath \ - php-dom \ - php-mysqli \ - php-mysqlnd \ - php-opcache \ - php-pdo \ - php-pdo_mysql \ - php-phar \ - php-posix \ - php-simplexml \ - php-soap \ - php-sodium \ - php-xml \ - php-xmlreader \ - php-xmlwriter \ - php-xsl \ - php-intl \ - php-pdo_pgsql \ - php-zip - -# Install development tools to compile extra PHP extensions -RUN yum install -y --setopt=skip_missing_names_on_install=False \ - php-devel \ - php-pear - -# Extra PHP extensions not provided compiled by default -RUN pecl install apcu - -RUN cp /usr/lib64/php/modules/mbstring.so /bref/bref/extensions/mbstring.so -RUN cp /usr/lib64/libonig.so.2 /bref/lib/libonig.so.2 - -# mysqli depends on mysqlnd -RUN cp /usr/lib64/php/modules/mysqli.so /bref/bref/extensions/mysqli.so -RUN cp /usr/lib64/php/modules/mysqlnd.so /bref/bref/extensions/mysqlnd.so - -#RUN cp /usr/lib64/libsqlite3.so.0 /bref/lib/libsqlite3.so.0 -RUN cp /usr/lib64/php/modules/sqlite3.so /bref/bref/extensions/sqlite3.so - -RUN cp /usr/lib64/libgpg-error.so.0 /bref/lib/libgpg-error.so.0 -RUN cp /usr/lib64/libgcrypt.so.11 /bref/lib/libgcrypt.so.11 -RUN cp /usr/lib64/libexslt.so.0 /bref/lib/libexslt.so.0 -RUN cp /usr/lib64/libxslt.so.1 /bref/lib/libxslt.so.1 -RUN cp /usr/lib64/php/modules/xsl.so /bref/bref/extensions/xsl.so - -#RUN cp /usr/lib64/libicuio.so.50 /bref/lib/libicuio.so.50 # already in AL2 -#RUN cp /usr/lib64/libicui18n.so.50 /bref/lib/libicui18n.so.50 # already in AL2 -#RUN cp /usr/lib64/libicuuc.so.50 /bref/lib/libicuuc.so.50 # already in AL2 -#RUN cp /usr/lib64/libicudata.so.50 /bref/lib/libicudata.so.50 # already in AL2 -RUN cp /usr/lib64/php/modules/intl.so /bref/bref/extensions/intl.so - -RUN cp /usr/lib64/libpq.so.5 /bref/lib/libpq.so.5 -#RUN cp /usr/lib64/libldap_r-2.4.so.2 /bref/lib/libldap_r-2.4.so.2 -RUN cp /usr/lib64/php/modules/pdo_pgsql.so /bref/bref/extensions/pdo_pgsql.so - -RUN cp /usr/lib64/libzip.so.5 /bref/lib/libzip.so.5 -RUN cp /usr/lib64/php/modules/zip.so /bref/bref/extensions/zip.so - -# sodium -RUN cp /usr/lib64/php/modules/sodium.so /bref/bref/extensions/sodium.so -RUN cp /usr/lib64/libsodium.so.23 /bref/lib/libsodium.so.23 - -# apcu -#RUN cp /usr/lib64/librt.so.1 /bref/lib/librt.so.1 # already in AL2 -#RUN cp /usr/lib64/libc.so.6 /bref/lib/libc.so.6 # already in AL2 -#RUN cp /usr/lib64/libpthread.so.0 /bref/lib/libpthread.so.0 # already in AL2 -RUN cp /usr/lib64/php/modules/apcu.so /bref/bref/extensions/apcu.so - -# other extensions without system dependencies -RUN cp /usr/lib64/php/modules/bcmath.so /bref/bref/extensions/bcmath.so -RUN cp /usr/lib64/php/modules/dom.so /bref/bref/extensions/dom.so -RUN cp /usr/lib64/php/modules/opcache.so /bref/bref/extensions/opcache.so -RUN cp /usr/lib64/php/modules/pdo.so /bref/bref/extensions/pdo.so -RUN cp /usr/lib64/php/modules/pdo_mysql.so /bref/bref/extensions/pdo_mysql.so -RUN cp /usr/lib64/php/modules/pdo_sqlite.so /bref/bref/extensions/pdo_sqlite.so -RUN cp /usr/lib64/php/modules/phar.so /bref/bref/extensions/phar.so -RUN cp /usr/lib64/php/modules/posix.so /bref/bref/extensions/posix.so -RUN cp /usr/lib64/php/modules/simplexml.so /bref/bref/extensions/simplexml.so -RUN cp /usr/lib64/php/modules/soap.so /bref/bref/extensions/soap.so -RUN cp /usr/lib64/php/modules/xml.so /bref/bref/extensions/xml.so -RUN cp /usr/lib64/php/modules/xmlreader.so /bref/bref/extensions/xmlreader.so -RUN cp /usr/lib64/php/modules/xmlwriter.so /bref/bref/extensions/xmlwriter.so - +ENV VERSION_PHP=8.1.14 + +RUN mkdir -p /tmp/php +WORKDIR /tmp/php + +# PHP Build +# https://github.com/php/php-src/releases +# Needs: +# - zlib +# - libxml2 +# - openssl +# - readline +# - sodium + +# Download and unpack the source code +# --location will follow redirects +# --silent will hide the progress, but also the errors: we restore error messages with --show-error +# --fail makes sure that curl returns an error instead of fetching the 404 page +RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ + | tar xzC . --strip-components=1 + +# Configure the build +# -fstack-protector-strong : Be paranoid about stack overflows +# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# -fpie : Support Address Space Layout Randomization (see -fpic) +# -O3 : Optimize for fastest binaries possible. +# -I : Add the path to the list of directories to be searched for header files during preprocessing. +# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings +# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) +# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) +# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 +RUN ./buildconf --force +RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ + ./configure \ + # TODO can we ignore this? \ +# --build=x86_64-pc-linux-gnu \ + --prefix=${INSTALL_DIR} \ + --enable-option-checking=fatal \ + --enable-sockets \ + --with-config-file-path=/opt/bref/etc/php \ + --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ + --enable-fpm \ + --disable-cgi \ + --enable-cli \ + --disable-phpdbg \ + --with-sodium \ + --with-readline \ + --with-openssl \ + --with-zlib=${INSTALL_DIR} \ + --with-zlib-dir=${INSTALL_DIR} \ + --with-curl \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pdo-mysql=shared,mysqlnd \ + --with-mysqli \ + --enable-pcntl \ + --with-zip \ + --enable-bcmath \ + --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --enable-intl=shared \ + --enable-soap \ + --with-xsl=${INSTALL_DIR} \ + # necessary for `pecl` to work (to install PHP extensions) + --with-pear +RUN make -j $(nproc) +# Run `make install` and override PEAR's PHAR URL because pear.php.net is down +RUN set -xe; \ + make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ + { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ + make clean; \ + cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini + + +# Install extensions +# We can install extensions manually or using `pecl` +RUN pecl install APCu + + +# --------------------------------------------------------------- +# Now we copy everything we need for the layers into /opt (location of the layers) +RUN mkdir /opt/bin \ +&& mkdir /opt/lib \ +&& mkdir -p /opt/bref/extensions + +# Copy the PHP binary into /opt/bin +RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php + +# Copy all the external PHP extensions +RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ + +# Copy all the required system libraries from: +# - /lib | /lib64 (system libraries installed with `yum`) +# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) +# into `/opt` (the directory of Lambda layers) +COPY --link utils/lib-check /bref/lib-copy +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib + + +# --------------------------------------------------------------- # Start from a clean image to copy only the files we need FROM public.ecr.aws/lambda/provided:al2-arm64 as isolation -COPY --from=build-environment /bref /opt - -# This doesn't do anything on Lambda, but is useful when running via Docker (e.g. local dev) -ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d" +COPY --link --from=build-environment /opt /opt FROM isolation as function -COPY layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/function/bootstrap.sh /opt/bootstrap +COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/function/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/function/bootstrap.php /opt/bref/bootstrap.php - -FROM alpine:3.14 as zip-function - -RUN apk add zip +COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php -COPY --from=function /opt /opt - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . # Up until here the entire file has been designed as a top-down reading/execution. # Everything necessary for the `function` layer has been installed, isolated and @@ -203,41 +134,23 @@ RUN zip --quiet --recurse-paths /tmp/layer.zip . FROM build-environment as fpm-extension -RUN yum install -y php-fpm +RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib -FROM isolation as fpm -COPY --from=fpm-extension /usr/sbin/php-fpm /opt/bin/php-fpm +FROM isolation as fpm -COPY --from=fpm-extension /usr/lib64/libsystemd.so.0 /opt/lib/libsystemd.so.0 -COPY --from=fpm-extension /usr/lib64/liblz4.so.1 /opt/lib/liblz4.so.1 -COPY --from=fpm-extension /usr/lib64/libgcrypt.so.11 /opt/lib/libgcrypt.so.11 -COPY --from=fpm-extension /usr/lib64/libgpg-error.so.0 /opt/lib/libgpg-error.so.0 -COPY --from=fpm-extension /usr/lib64/libdw.so.1 /opt/lib/libdw.so.1 -#COPY --from=fpm-extension /usr/lib64/libacl.so.1 /opt/lib/libacl.so.1 -#COPY --from=fpm-extension /usr/lib64/libattr.so.1 /opt/lib/libattr.so.1 -#COPY --from=fpm-extension /usr/lib64/libcap.so.2 /opt/lib/libcap.so.2 -#COPY --from=fpm-extension /usr/lib64/libelf.so.1 /opt/lib/libelf.so.1 -#COPY --from=fpm-extension /usr/lib64/libbz2.so.1 /opt/lib/libbz2.so.1 +COPY --link --from=fpm-extension /opt /opt -COPY layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ +# TODO merge in the first file now that it's a much simpler file? +COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ -COPY layers/fpm/bootstrap.sh /opt/bootstrap +COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image -COPY layers/fpm/bootstrap.sh /var/runtime/bootstrap +COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap -COPY layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf - -COPY --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime - -FROM alpine:3.14 as zip-fpm - -RUN apk add zip - -COPY --from=fpm /opt /opt - -WORKDIR /opt +COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -RUN zip --quiet --recurse-paths /tmp/layer.zip . +COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime diff --git a/php-82/cpu-arm.Dockerfile b/php-82/cpu-arm.Dockerfile new file mode 100644 index 00000000..069f9f39 --- /dev/null +++ b/php-82/cpu-arm.Dockerfile @@ -0,0 +1,156 @@ +# syntax = docker/dockerfile:1.4 +FROM bref/base-devel-arm as build-environment + +ENV VERSION_PHP=8.2.0 + +RUN mkdir -p /tmp/php +WORKDIR /tmp/php + +# PHP Build +# https://github.com/php/php-src/releases +# Needs: +# - zlib +# - libxml2 +# - openssl +# - readline +# - sodium + +# Download and unpack the source code +# --location will follow redirects +# --silent will hide the progress, but also the errors: we restore error messages with --show-error +# --fail makes sure that curl returns an error instead of fetching the 404 page +RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ + | tar xzC . --strip-components=1 + +# Configure the build +# -fstack-protector-strong : Be paranoid about stack overflows +# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# -fpie : Support Address Space Layout Randomization (see -fpic) +# -O3 : Optimize for fastest binaries possible. +# -I : Add the path to the list of directories to be searched for header files during preprocessing. +# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings +# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) +# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) +# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 +RUN ./buildconf --force +RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ + ./configure \ + # TODO can we ignore this? \ +# --build=x86_64-pc-linux-gnu \ + --prefix=${INSTALL_DIR} \ + --enable-option-checking=fatal \ + --enable-sockets \ + --with-config-file-path=/opt/bref/etc/php \ + --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ + --enable-fpm \ + --disable-cgi \ + --enable-cli \ + --disable-phpdbg \ + --with-sodium \ + --with-readline \ + --with-openssl \ + --with-zlib=${INSTALL_DIR} \ + --with-zlib-dir=${INSTALL_DIR} \ + --with-curl \ + --enable-exif \ + --enable-ftp \ + --with-gettext \ + --enable-mbstring \ + --with-pdo-mysql=shared,mysqlnd \ + --with-mysqli \ + --enable-pcntl \ + --with-zip \ + --enable-bcmath \ + --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --enable-intl=shared \ + --enable-soap \ + --with-xsl=${INSTALL_DIR} \ + # necessary for `pecl` to work (to install PHP extensions) + --with-pear +RUN make -j $(nproc) +# Run `make install` and override PEAR's PHAR URL because pear.php.net is down +RUN set -xe; \ + make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ + { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ + make clean; \ + cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini + + +# Install extensions +# We can install extensions manually or using `pecl` +RUN pecl install APCu + + +# --------------------------------------------------------------- +# Now we copy everything we need for the layers into /opt (location of the layers) +RUN mkdir /opt/bin \ +&& mkdir /opt/lib \ +&& mkdir -p /opt/bref/extensions + +# Copy the PHP binary into /opt/bin +RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php + +# Copy all the external PHP extensions +RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ + +# Copy all the required system libraries from: +# - /lib | /lib64 (system libraries installed with `yum`) +# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) +# into `/opt` (the directory of Lambda layers) +COPY --link utils/lib-check /bref/lib-copy +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib +RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib + + +# --------------------------------------------------------------- +# Start from a clean image to copy only the files we need +FROM public.ecr.aws/lambda/provided:al2-arm64 as isolation + +COPY --link --from=build-environment /opt /opt + +FROM isolation as function + +COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ +COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ + +COPY --link layers/function/bootstrap.sh /opt/bootstrap +# Copy files to /var/runtime to support deploying as a Docker image +COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap +RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap + +COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php + + +# Up until here the entire file has been designed as a top-down reading/execution. +# Everything necessary for the `function` layer has been installed, isolated and +# packaged. Now we'll go back one step and start from the extensions so that we +# can install fpm. Then we'll start the fpm layer and quickly isolate fpm. + +FROM build-environment as fpm-extension + +RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm +RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib + + +FROM isolation as fpm + +COPY --link --from=fpm-extension /opt /opt + +COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ +# TODO merge in the first file now that it's a much simpler file? +COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ + +COPY --link layers/fpm/bootstrap.sh /opt/bootstrap +# Copy files to /var/runtime to support deploying as a Docker image +COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap +RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap + +COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf + +COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime From b893e3f4fd3a24beea6c137b1a06c2504fed3e37 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 20:27:48 +0100 Subject: [PATCH 60/97] Download zlib over HTTPS --- base-devel/cpu-arm.Dockerfile | 2 +- base-devel/cpu-x86.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/base-devel/cpu-arm.Dockerfile b/base-devel/cpu-arm.Dockerfile index bb75a6a1..3e6adf48 100644 --- a/base-devel/cpu-arm.Dockerfile +++ b/base-devel/cpu-arm.Dockerfile @@ -78,7 +78,7 @@ ENV VERSION_ZLIB=1.2.13 ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib RUN set -xe; \ mkdir -p ${ZLIB_BUILD_DIR}; \ - curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ + curl -Ls https://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 WORKDIR ${ZLIB_BUILD_DIR}/ RUN set -xe; \ diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index d676b6db..d5c042aa 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -78,7 +78,7 @@ ENV VERSION_ZLIB=1.2.13 ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib RUN set -xe; \ mkdir -p ${ZLIB_BUILD_DIR}; \ - curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ + curl -Ls https://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 WORKDIR ${ZLIB_BUILD_DIR}/ RUN set -xe; \ From 1c70d43786322f3e6f289ddfd079b58955978fcd Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 23:43:33 +0100 Subject: [PATCH 61/97] Use the system zlib instead of compiling it on ARM --- base-devel/cpu-arm.Dockerfile | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/base-devel/cpu-arm.Dockerfile b/base-devel/cpu-arm.Dockerfile index 3e6adf48..2dd16924 100644 --- a/base-devel/cpu-arm.Dockerfile +++ b/base-devel/cpu-arm.Dockerfile @@ -65,33 +65,6 @@ RUN mkdir -p ${BUILD_DIR} \ ${INSTALL_DIR}/share -############################################################################### -# ZLIB -# https://github.com/madler/zlib/releases -# Needed for: -# - openssl -# - curl -# - php -# Used By: -# - xml2 -ENV VERSION_ZLIB=1.2.13 -ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib -RUN set -xe; \ - mkdir -p ${ZLIB_BUILD_DIR}; \ - curl -Ls https://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ - | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 -WORKDIR ${ZLIB_BUILD_DIR}/ -RUN set -xe; \ - make distclean \ - && CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure --prefix=${INSTALL_DIR} --64 -RUN set -xe; \ - make install \ - && rm ${INSTALL_DIR}/lib/libz.a - - ############################################################################### # OPENSSL # https://github.com/openssl/openssl/releases From 8619edca04a113e268bd1bd4b66bbee99e9ccd5d Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 16 Jan 2023 23:44:00 +0100 Subject: [PATCH 62/97] Fix ARM layer names --- cpu-arm.Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index d7725f0d..2dd20a2f 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -22,7 +22,7 @@ layers: layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm # This rule matches with a wildcard, for example `layer-php-80`. # The `$*` variable will contained the matched part, in this case `php-80`. layer-%: - ./utils/docker-zip-dir.sh bref/$* $* + ./utils/docker-zip-dir.sh bref/arm-$* arm-$* # Upload the layers to AWS Lambda From fe1d96300ad307263269cf1d022a37e70318368b Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 09:45:05 +0100 Subject: [PATCH 63/97] Debug CI --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 07b3eb91..0f0ddabc 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -61,6 +61,8 @@ jobs: php-fpm-dev.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }},mode=max + - run: docker image ls + - name: Test that layers can be exported run: | make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }} From b7d4e192648e8ac2a9161c0d97c87515981ffcab Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 10:18:04 +0100 Subject: [PATCH 64/97] Disable Docker cache mode=max for some layers in GitHub Actions to avoid timeouts May be related to https://github.com/docker/buildx/issues/841 --- .github/workflows/tests.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0f0ddabc..3e193476 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -51,15 +51,15 @@ jobs: build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }},mode=max php.cache-from=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} - php.cache-to=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }},mode=max + php.cache-to=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} php-fpm.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }} - php-fpm.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }},mode=max + php-fpm.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }} fpm-internal-src.cache-from=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} - fpm-internal-src.cache-to=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }},mode=max + fpm-internal-src.cache-to=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} console.cache-from=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} - console.cache-to=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }},mode=max + console.cache-to=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} php-fpm-dev.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} - php-fpm-dev.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }},mode=max + php-fpm-dev.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} - run: docker image ls From dcc86142657ad4712a88cc7f9546315fbfaca2af Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 10:22:54 +0100 Subject: [PATCH 65/97] Fix CPU_PREFIX in CI --- .github/workflows/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3e193476..accf6c4e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -39,6 +39,7 @@ jobs: env: PHP_VERSION: ${{ matrix.php_version }} CPU: ${{ matrix.cpu }} + CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} with: # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load From 9ac29199227bbf4197fcc4a66845167f29ca8f20 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 14:14:13 +0100 Subject: [PATCH 66/97] Disable Docker cache mode=max for some layers in GitHub Actions to avoid timeouts May be related to https://github.com/docker/buildx/issues/841 --- .github/workflows/tests.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index accf6c4e..e0b62c6d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -46,11 +46,13 @@ jobs: load: true # Cache Docker layers in GitHub Actions cache, scoped per image # https://github.com/docker/bake-action/issues/87#issuecomment-1184659151 + # We use `mode=max` (cache ALL layers instead of just tags) only on specific images + # else it creates a huge cache and we get GitHub Actions cache timeouts. set: | base-devel.cache-from=type=gha,scope=base-devel-${{ matrix.cpu }} base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }},mode=max build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} - build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }},mode=max + build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} php.cache-from=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} php.cache-to=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} php-fpm.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }} From 4ba263411ec08375a157993bb0275872186d629c Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 14:28:39 +0100 Subject: [PATCH 67/97] Disable Docker cache mode=max entirely in GitHub Actions to avoid timeouts May be related to https://github.com/docker/buildx/issues/841 and https://github.com/moby/buildkit/issues/2804 --- .github/workflows/tests.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e0b62c6d..0b9092ad 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -46,11 +46,12 @@ jobs: load: true # Cache Docker layers in GitHub Actions cache, scoped per image # https://github.com/docker/bake-action/issues/87#issuecomment-1184659151 - # We use `mode=max` (cache ALL layers instead of just tags) only on specific images - # else it creates a huge cache and we get GitHub Actions cache timeouts. + # We unfortunately don't use `mode=max` (which caches ALL layers instead of just tags) + # because it creates a huge cache and we get GitHub Actions cache timeouts: + # https://github.com/moby/buildkit/issues/2804 set: | base-devel.cache-from=type=gha,scope=base-devel-${{ matrix.cpu }} - base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }},mode=max + base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }} build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} php.cache-from=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} From dd2296b5c5a112106c2213707e360635104ab246 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 18:24:04 +0100 Subject: [PATCH 68/97] Cleanup unused code --- layers/console/Dockerfile | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/layers/console/Dockerfile b/layers/console/Dockerfile index 9f209a80..87e1d424 100644 --- a/layers/console/Dockerfile +++ b/layers/console/Dockerfile @@ -17,15 +17,3 @@ FROM bref/${CPU_PREFIX}php-$PHP_VERSION as console COPY --link bref/bootstrap.php /opt/bref/bootstrap.php COPY --link --from=composer /opt/bref/console-runtime /opt/bref/console-runtime - -FROM alpine:3.14 as zip-console - -RUN apk add zip - -RUN mkdir -p /opt/bref -COPY --link --from=console /opt/bref/bootstrap.php /opt/bref/bootstrap.php -COPY --link --from=console /opt/bref/console-runtime /opt/bref/console-runtime - -WORKDIR /opt - -RUN zip --quiet --recurse-paths /tmp/layer.zip . From 3008e1f310d570ade16791bf53e0c2975a8c5693 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Tue, 17 Jan 2023 18:24:50 +0100 Subject: [PATCH 69/97] Disable Docker cache for some images to avoid timeouts May be related to https://github.com/docker/buildx/issues/841 and https://github.com/moby/buildkit/issues/2804 --- .github/workflows/tests.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0b9092ad..9f83b3db 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -47,17 +47,14 @@ jobs: # Cache Docker layers in GitHub Actions cache, scoped per image # https://github.com/docker/bake-action/issues/87#issuecomment-1184659151 # We unfortunately don't use `mode=max` (which caches ALL layers instead of just tags) - # because it creates a huge cache and we get GitHub Actions cache timeouts: + # nor do we cache all images because it creates a huge number of cache requests + # and we get GitHub Actions cache timeouts: # https://github.com/moby/buildkit/issues/2804 set: | base-devel.cache-from=type=gha,scope=base-devel-${{ matrix.cpu }} base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }} build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} - php.cache-from=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} - php.cache-to=type=gha,scope=${{ matrix.cpu }}-php-${{ matrix.php_version }} - php-fpm.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }} - php-fpm.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-${{ matrix.php_version }} fpm-internal-src.cache-from=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} fpm-internal-src.cache-to=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} console.cache-from=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} @@ -65,8 +62,6 @@ jobs: php-fpm-dev.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} php-fpm-dev.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} - - run: docker image ls - - name: Test that layers can be exported run: | make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }} From 7c79643f99c129b186aefc8542953480a4197f7a Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 18 Jan 2023 22:34:10 +0100 Subject: [PATCH 70/97] Avoid compiling zlib if we can --- base-devel/cpu-arm.Dockerfile | 2 +- base-devel/cpu-x86.Dockerfile | 29 +---------------------------- cpu-arm.Makefile | 2 +- cpu-x86.Makefile | 2 +- php-80/cpu-arm.Dockerfile | 4 ++-- php-80/cpu-x86.Dockerfile | 4 ++-- php-81/cpu-arm.Dockerfile | 4 ++-- php-81/cpu-x86.Dockerfile | 4 ++-- php-82/cpu-arm.Dockerfile | 4 ++-- php-82/cpu-x86.Dockerfile | 4 ++-- 10 files changed, 16 insertions(+), 43 deletions(-) diff --git a/base-devel/cpu-arm.Dockerfile b/base-devel/cpu-arm.Dockerfile index 2dd16924..c501e583 100644 --- a/base-devel/cpu-arm.Dockerfile +++ b/base-devel/cpu-arm.Dockerfile @@ -227,7 +227,7 @@ RUN CFLAGS="" \ --with-history \ --enable-ipv6=no \ --with-icu \ - --with-zlib=${INSTALL_DIR} \ + --with-zlib \ --without-python RUN make install \ && cp xml2-config ${INSTALL_DIR}/bin/xml2-config diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index d5c042aa..6109ec19 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -65,33 +65,6 @@ RUN mkdir -p ${BUILD_DIR} \ ${INSTALL_DIR}/share -############################################################################### -# ZLIB -# https://github.com/madler/zlib/releases -# Needed for: -# - openssl -# - curl -# - php -# Used By: -# - xml2 -ENV VERSION_ZLIB=1.2.13 -ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib -RUN set -xe; \ - mkdir -p ${ZLIB_BUILD_DIR}; \ - curl -Ls https://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ - | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 -WORKDIR ${ZLIB_BUILD_DIR}/ -RUN set -xe; \ - make distclean \ - && CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure --prefix=${INSTALL_DIR} --64 -RUN set -xe; \ - make install \ - && rm ${INSTALL_DIR}/lib/libz.a - - ############################################################################### # OPENSSL # https://github.com/openssl/openssl/releases @@ -254,7 +227,7 @@ RUN CFLAGS="" \ --with-history \ --enable-ipv6=no \ --with-icu \ - --with-zlib=${INSTALL_DIR} \ + --with-zlib \ --without-python RUN make install \ && cp xml2-config ${INSTALL_DIR}/bin/xml2-config diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 2dd20a2f..1c25925c 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -28,7 +28,7 @@ layer-%: # Upload the layers to AWS Lambda # Uses the current AWS_PROFILE. Most users will not want to use this option # as this will publish all layers to all regions + publish all Docker images. -upload-layers: layers +upload-layers: # Upload the function layers to AWS LAYER_NAME=arm-php-80 $(MAKE) -C ./utils/lambda-publish publish-parallel LAYER_NAME=arm-php-81 $(MAKE) -C ./utils/lambda-publish publish-parallel diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index db0a68d7..6d5a4184 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -30,7 +30,7 @@ layer-%: # Upload the layers to AWS Lambda # Uses the current AWS_PROFILE. Most users will not want to use this option # as this will publish all layers to all regions + publish all Docker images. -upload-layers: layers +upload-layers: # Upload the function layers to AWS LAYER_NAME=php-80 $(MAKE) -C ./utils/lambda-publish publish-parallel LAYER_NAME=php-81 $(MAKE) -C ./utils/lambda-publish publish-parallel diff --git a/php-80/cpu-arm.Dockerfile b/php-80/cpu-arm.Dockerfile index ad0b542b..c256996b 100644 --- a/php-80/cpu-arm.Dockerfile +++ b/php-80/cpu-arm.Dockerfile @@ -51,8 +51,8 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --with-sodium \ --with-readline \ --with-openssl \ - --with-zlib=${INSTALL_DIR} \ - --with-zlib-dir=${INSTALL_DIR} \ + --with-zlib \ + --with-zlib-dir \ --with-curl \ --enable-exif \ --enable-ftp \ diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile index 4ac1bd65..e6d278c7 100644 --- a/php-80/cpu-x86.Dockerfile +++ b/php-80/cpu-x86.Dockerfile @@ -50,8 +50,8 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --with-sodium \ --with-readline \ --with-openssl \ - --with-zlib=${INSTALL_DIR} \ - --with-zlib-dir=${INSTALL_DIR} \ + --with-zlib \ + --with-zlib-dir \ --with-curl \ --enable-exif \ --enable-ftp \ diff --git a/php-81/cpu-arm.Dockerfile b/php-81/cpu-arm.Dockerfile index 87e58b59..34dc13b8 100644 --- a/php-81/cpu-arm.Dockerfile +++ b/php-81/cpu-arm.Dockerfile @@ -51,8 +51,8 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --with-sodium \ --with-readline \ --with-openssl \ - --with-zlib=${INSTALL_DIR} \ - --with-zlib-dir=${INSTALL_DIR} \ + --with-zlib \ + --with-zlib-dir \ --with-curl \ --enable-exif \ --enable-ftp \ diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index 1e0a9c8f..a2d1b8e5 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -50,8 +50,8 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --with-sodium \ --with-readline \ --with-openssl \ - --with-zlib=${INSTALL_DIR} \ - --with-zlib-dir=${INSTALL_DIR} \ + --with-zlib \ + --with-zlib-dir \ --with-curl \ --enable-exif \ --enable-ftp \ diff --git a/php-82/cpu-arm.Dockerfile b/php-82/cpu-arm.Dockerfile index 069f9f39..bc35a7b2 100644 --- a/php-82/cpu-arm.Dockerfile +++ b/php-82/cpu-arm.Dockerfile @@ -51,8 +51,8 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --with-sodium \ --with-readline \ --with-openssl \ - --with-zlib=${INSTALL_DIR} \ - --with-zlib-dir=${INSTALL_DIR} \ + --with-zlib \ + --with-zlib-dir \ --with-curl \ --enable-exif \ --enable-ftp \ diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile index e9554ac2..ecccf6c1 100644 --- a/php-82/cpu-x86.Dockerfile +++ b/php-82/cpu-x86.Dockerfile @@ -50,8 +50,8 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --with-sodium \ --with-readline \ --with-openssl \ - --with-zlib=${INSTALL_DIR} \ - --with-zlib-dir=${INSTALL_DIR} \ + --with-zlib \ + --with-zlib-dir \ --with-curl \ --enable-exif \ --enable-ftp \ From 5f16d7627dcda86fd196c4b4b8523baf531c42fd Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 18 Jan 2023 22:35:37 +0100 Subject: [PATCH 71/97] Remove useless flag --- php-80/cpu-arm.Dockerfile | 2 -- php-81/cpu-arm.Dockerfile | 2 -- php-82/cpu-arm.Dockerfile | 2 -- 3 files changed, 6 deletions(-) diff --git a/php-80/cpu-arm.Dockerfile b/php-80/cpu-arm.Dockerfile index c256996b..6e2919be 100644 --- a/php-80/cpu-arm.Dockerfile +++ b/php-80/cpu-arm.Dockerfile @@ -37,8 +37,6 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ ./configure \ - # TODO can we ignore this? \ -# --build=x86_64-pc-linux-gnu \ --prefix=${INSTALL_DIR} \ --enable-option-checking=fatal \ --enable-sockets \ diff --git a/php-81/cpu-arm.Dockerfile b/php-81/cpu-arm.Dockerfile index 34dc13b8..e9c0e1cf 100644 --- a/php-81/cpu-arm.Dockerfile +++ b/php-81/cpu-arm.Dockerfile @@ -37,8 +37,6 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ ./configure \ - # TODO can we ignore this? \ -# --build=x86_64-pc-linux-gnu \ --prefix=${INSTALL_DIR} \ --enable-option-checking=fatal \ --enable-sockets \ diff --git a/php-82/cpu-arm.Dockerfile b/php-82/cpu-arm.Dockerfile index bc35a7b2..6d760eb7 100644 --- a/php-82/cpu-arm.Dockerfile +++ b/php-82/cpu-arm.Dockerfile @@ -37,8 +37,6 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ ./configure \ - # TODO can we ignore this? \ -# --build=x86_64-pc-linux-gnu \ --prefix=${INSTALL_DIR} \ --enable-option-checking=fatal \ --enable-sockets \ From e07128745a89db4fd0e5e2e194008f3063197f4e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 18 Jan 2023 22:38:01 +0100 Subject: [PATCH 72/97] Merge ini files because we have fewer extensions to load now --- layers/fpm/bref-extensions.ini | 5 ----- layers/fpm/bref.ini | 5 +++++ layers/function/bref-extensions.ini | 5 ----- layers/function/bref.ini | 5 +++++ php-80/cpu-arm.Dockerfile | 3 --- php-80/cpu-x86.Dockerfile | 3 --- php-81/cpu-arm.Dockerfile | 3 --- php-81/cpu-x86.Dockerfile | 3 --- php-82/cpu-arm.Dockerfile | 3 --- php-82/cpu-x86.Dockerfile | 3 --- 10 files changed, 10 insertions(+), 28 deletions(-) delete mode 100644 layers/fpm/bref-extensions.ini delete mode 100644 layers/function/bref-extensions.ini diff --git a/layers/fpm/bref-extensions.ini b/layers/fpm/bref-extensions.ini deleted file mode 100644 index 16e3e2e6..00000000 --- a/layers/fpm/bref-extensions.ini +++ /dev/null @@ -1,5 +0,0 @@ -extension_dir=/opt/bref/extensions - -extension=pdo_mysql.so - -zend_extension=opcache.so diff --git a/layers/fpm/bref.ini b/layers/fpm/bref.ini index d265205f..bffdba3a 100644 --- a/layers/fpm/bref.ini +++ b/layers/fpm/bref.ini @@ -43,3 +43,8 @@ max_execution_time=28 ; API Gateway has a 10Mb limit, but Lambda's is 6Mb post_max_size=6M upload_max_filesize=6M + +extension_dir=/opt/bref/extensions +; Extensions enabled by default +extension=pdo_mysql.so +zend_extension=opcache.so diff --git a/layers/function/bref-extensions.ini b/layers/function/bref-extensions.ini deleted file mode 100644 index 16e3e2e6..00000000 --- a/layers/function/bref-extensions.ini +++ /dev/null @@ -1,5 +0,0 @@ -extension_dir=/opt/bref/extensions - -extension=pdo_mysql.so - -zend_extension=opcache.so diff --git a/layers/function/bref.ini b/layers/function/bref.ini index 7f6f041b..3fe3ae43 100644 --- a/layers/function/bref.ini +++ b/layers/function/bref.ini @@ -37,3 +37,8 @@ opcache.max_accelerated_files=10000 ; We explicitly populate all variables else ENV is not populated by default. ; See https://github.com/brefphp/bref/pull/291 variables_order="EGPCS" + +extension_dir=/opt/bref/extensions +; Extensions enabled by default +extension=pdo_mysql.so +zend_extension=opcache.so diff --git a/php-80/cpu-arm.Dockerfile b/php-80/cpu-arm.Dockerfile index 6e2919be..29643c93 100644 --- a/php-80/cpu-arm.Dockerfile +++ b/php-80/cpu-arm.Dockerfile @@ -115,7 +115,6 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image @@ -141,8 +140,6 @@ FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -# TODO merge in the first file now that it's a much simpler file? -COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile index e6d278c7..4f1c366c 100644 --- a/php-80/cpu-x86.Dockerfile +++ b/php-80/cpu-x86.Dockerfile @@ -116,7 +116,6 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image @@ -142,8 +141,6 @@ FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -# TODO merge in the first file now that it's a much simpler file? -COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image diff --git a/php-81/cpu-arm.Dockerfile b/php-81/cpu-arm.Dockerfile index e9c0e1cf..1ba5fd03 100644 --- a/php-81/cpu-arm.Dockerfile +++ b/php-81/cpu-arm.Dockerfile @@ -115,7 +115,6 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image @@ -141,8 +140,6 @@ FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -# TODO merge in the first file now that it's a much simpler file? -COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile index a2d1b8e5..7981204c 100644 --- a/php-81/cpu-x86.Dockerfile +++ b/php-81/cpu-x86.Dockerfile @@ -116,7 +116,6 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image @@ -142,8 +141,6 @@ FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -# TODO merge in the first file now that it's a much simpler file? -COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image diff --git a/php-82/cpu-arm.Dockerfile b/php-82/cpu-arm.Dockerfile index 6d760eb7..8c7b9ffa 100644 --- a/php-82/cpu-arm.Dockerfile +++ b/php-82/cpu-arm.Dockerfile @@ -115,7 +115,6 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image @@ -141,8 +140,6 @@ FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -# TODO merge in the first file now that it's a much simpler file? -COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile index ecccf6c1..7148003f 100644 --- a/php-82/cpu-x86.Dockerfile +++ b/php-82/cpu-x86.Dockerfile @@ -116,7 +116,6 @@ COPY --link --from=build-environment /opt /opt FROM isolation as function COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ -COPY --link layers/function/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/function/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image @@ -142,8 +141,6 @@ FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ -# TODO merge in the first file now that it's a much simpler file? -COPY --link layers/fpm/bref-extensions.ini /opt/bref/etc/php/conf.d/ COPY --link layers/fpm/bootstrap.sh /opt/bootstrap # Copy files to /var/runtime to support deploying as a Docker image From 58c1bb593b6a4eabc02114581cc087576ff22fec Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 18 Jan 2023 22:38:53 +0100 Subject: [PATCH 73/97] Remove useless file copies --- base-devel/cpu-x86.Dockerfile | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile index 6109ec19..c6ecbf1d 100644 --- a/base-devel/cpu-x86.Dockerfile +++ b/base-devel/cpu-x86.Dockerfile @@ -326,24 +326,3 @@ RUN make && make install # libxslt-devel : needed for the XSL extension # sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel - -# TODO Remove the following lines? - -RUN cp -a /usr/lib64/libgcrypt.so* ${INSTALL_DIR}/lib64/ - -# Copy readline shared libs that are not present in amazonlinux2 -RUN cp -a /usr/lib64/libreadline.so?* ${INSTALL_DIR}/lib64/ - -# Copy gpg-error shared libds that are not present in amazonlinux2 -RUN cp -a /usr/lib64/libgpg-error.so* ${INSTALL_DIR}/lib64/ - -# Copy gettext shared libs that are not present in amazonlinux2 -RUN cp -a /usr/lib64/libasprintf.so* ${INSTALL_DIR}/lib64/ -RUN cp -a /usr/lib64/libgettextpo.so* ${INSTALL_DIR}/lib64/ -RUN cp -a /usr/lib64/preloadable_libintl.so* ${INSTALL_DIR}/lib64/ - -# Copy xslt shared libs that are not present in amazonlinux2 -RUN cp -a /usr/lib64/lib*xslt*.so* ${INSTALL_DIR}/lib64/ - -# Copy sqlite3 shared libs that are not present in amazonlinux2 -RUN cp -a /usr/lib64/libsqlite3*.so* ${INSTALL_DIR}/lib64/ From 7fcc48739981ea67973ae2ddf9c3c5df5b33b3ce Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 18 Jan 2023 22:41:59 +0100 Subject: [PATCH 74/97] We don't publish base-devel images separately (every night) as they change based on the code in this repo --- .../workflows/release-base-devel-image.yml | 26 ------------------- base-devel/Makefile | 12 --------- base-devel/README.md | 5 ---- base-devel/docker-compose.yml | 15 ----------- 4 files changed, 58 deletions(-) delete mode 100644 .github/workflows/release-base-devel-image.yml delete mode 100644 base-devel/Makefile delete mode 100644 base-devel/README.md delete mode 100644 base-devel/docker-compose.yml diff --git a/.github/workflows/release-base-devel-image.yml b/.github/workflows/release-base-devel-image.yml deleted file mode 100644 index baf21b3c..00000000 --- a/.github/workflows/release-base-devel-image.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Update base-devel images - -on: - # This workflow can be manually triggered - workflow_dispatch: - schedule: - # Once a week - - cron: '0 0 * * 0' - -jobs: - publish-base-devel: - name: Build and publish base-devel - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Log in to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images - - name: Set up QEMU to build ARM images - uses: docker/setup-qemu-action@v2 - - name: Set up Docker buildx to build ARM images - uses: docker/setup-buildx-action@v2 - - run: cd base-devel && make upload-to-docker-hub diff --git a/base-devel/Makefile b/base-devel/Makefile deleted file mode 100644 index 54f12574..00000000 --- a/base-devel/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -build: build-x86 build-arm - -build-x86: - docker compose build x86 -build-arm: - docker compose build arm - -upload-to-docker-hub: build - docker tag bref/base-devel-arm bref/base-devel-arm - docker tag bref/base-devel-x86 bref/base-devel-x86 - docker push bref/base-devel-arm - docker push bref/base-devel-x86 diff --git a/base-devel/README.md b/base-devel/README.md deleted file mode 100644 index 72d4b226..00000000 --- a/base-devel/README.md +++ /dev/null @@ -1,5 +0,0 @@ -These images provide Amazon Linux 2 images with some packages pre-installed. - -These packages are the same for all layers, and we don't need to rebuild everything every time we build layers. So to optimize the builds, we build these base layers once (every now and then) and publish them to Docker Hub. - -Then the layers build can use the published versions without having to rebuild them every time. That accelerates the build process. diff --git a/base-devel/docker-compose.yml b/base-devel/docker-compose.yml deleted file mode 100644 index 25b1963d..00000000 --- a/base-devel/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3.8' - -services: - - arm: - image: bref/base-devel-arm - build: - context: . - dockerfile: cpu-arm.Dockerfile - - x86: - image: bref/base-devel-x86 - build: - context: . - dockerfile: cpu-x86.Dockerfile From 30d38c369cc11949bc3affa3a88193e07e31e93d Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 21 Jan 2023 12:32:21 +0100 Subject: [PATCH 75/97] Cache fpm-internal-src once for all PHP versions and CPU architectures --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9f83b3db..be64b0c9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,8 +55,8 @@ jobs: base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }} build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} - fpm-internal-src.cache-from=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} - fpm-internal-src.cache-to=type=gha,scope=${{ matrix.cpu }}-fpm-internal-src-${{ matrix.php_version }} + fpm-internal-src.cache-from=type=gha,scope=fpm-internal-src + fpm-internal-src.cache-to=type=gha,scope=fpm-internal-src console.cache-from=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} console.cache-to=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} php-fpm-dev.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} From 19616216ef97ceba7dd0ddcf24fa858f23170375 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 22 Jan 2023 19:45:08 +0100 Subject: [PATCH 76/97] Simplify the base-devel image by merging into a single Dockerfile --- .github/workflows/tests.yml | 1 + base-devel/{cpu-arm.Dockerfile => Dockerfile} | 6 +- base-devel/cpu-x86.Dockerfile | 328 ------------------ cpu-arm.Makefile | 1 + cpu-x86.Makefile | 1 + docker-bake.hcl | 8 +- 6 files changed, 15 insertions(+), 330 deletions(-) rename base-devel/{cpu-arm.Dockerfile => Dockerfile} (98%) delete mode 100644 base-devel/cpu-x86.Dockerfile diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index be64b0c9..999bf770 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -40,6 +40,7 @@ jobs: PHP_VERSION: ${{ matrix.php_version }} CPU: ${{ matrix.cpu }} CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} + IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} with: # This is needed to make the built images available in later steps # https://docs.docker.com/engine/reference/commandline/buildx_build/#load diff --git a/base-devel/cpu-arm.Dockerfile b/base-devel/Dockerfile similarity index 98% rename from base-devel/cpu-arm.Dockerfile rename to base-devel/Dockerfile index c501e583..fa8a0447 100644 --- a/base-devel/cpu-arm.Dockerfile +++ b/base-devel/Dockerfile @@ -3,11 +3,15 @@ # recompile them every time we change PHP. +# Can be "x86_64" or "arm64" +ARG IMAGE_VERSION_SUFFIX + + # Lambda uses a custom AMI named Amazon Linux 2 # https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html # AWS provides a Docker image that we use here: # https://github.com/amazonlinux/container-images/tree/amzn2 -FROM public.ecr.aws/lambda/provided:al2-arm64 +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} # Temp directory in which all compilation happens diff --git a/base-devel/cpu-x86.Dockerfile b/base-devel/cpu-x86.Dockerfile deleted file mode 100644 index c6ecbf1d..00000000 --- a/base-devel/cpu-x86.Dockerfile +++ /dev/null @@ -1,328 +0,0 @@ -# The container we build here contains everything needed to compile PHP. -# We build in here everything that is stable (e.g. system tools) so that we don't -# recompile them every time we change PHP. - - -# Lambda uses a custom AMI named Amazon Linux 2 -# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html -# AWS provides a Docker image that we use here: -# https://github.com/amazonlinux/container-images/tree/amzn2 -FROM public.ecr.aws/lambda/provided:al2-x86_64 - - -# Temp directory in which all compilation happens -WORKDIR /tmp - - -RUN set -xe \ - # Download yum repository data to cache - && yum makecache \ - # Default Development Tools - && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default - - -# The default version of cmake is 2.8.12. We need cmake to build a few of -# our libraries, and at least one library requires a version of cmake greater than that. -# Needed to build: -# - libzip: minimum required CMAKE version 3.0. -RUN LD_LIBRARY_PATH= yum install -y cmake3 -# Override the default `cmake` -RUN ln -s /usr/bin/cmake3 /usr/bin/cmake - -# Use the bash shell, instead of /bin/sh -# Why? We need to document this. -SHELL ["/bin/bash", "-c"] - -# We need a base path for all the sourcecode we will build from. -ENV BUILD_DIR="/tmp/build" - -# Target installation path for all the packages we will compile -ENV INSTALL_DIR="/tmp/bref" - -# We need some default compiler variables setup -ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ - PKG_CONFIG="/usr/bin/pkg-config" \ - PATH="${INSTALL_DIR}/bin:${PATH}" - -ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" - -# Enable parallelism by default for make and cmake (like make -j) -# See https://stackoverflow.com/a/50883540/245552 -ENV CMAKE_BUILD_PARALLEL_LEVEL=4 -ENV MAKEFLAGS='-j4' - -# Ensure we have all the directories we require in the container. -RUN mkdir -p ${BUILD_DIR} \ - ${INSTALL_DIR}/bin \ - ${INSTALL_DIR}/doc \ - ${INSTALL_DIR}/etc/php \ - ${INSTALL_DIR}/etc/php/conf.d \ - ${INSTALL_DIR}/include \ - ${INSTALL_DIR}/lib \ - ${INSTALL_DIR}/lib64 \ - ${INSTALL_DIR}/libexec \ - ${INSTALL_DIR}/sbin \ - ${INSTALL_DIR}/share - - -############################################################################### -# OPENSSL -# https://github.com/openssl/openssl/releases -# Needs: -# - zlib -# Needed by: -# - curl -# - php -ENV VERSION_OPENSSL=1.1.1s -ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl -ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" -ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" -RUN set -xe; \ - mkdir -p ${OPENSSL_BUILD_DIR}; \ - curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ - | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 -WORKDIR ${OPENSSL_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./config \ - --prefix=${INSTALL_DIR} \ - --openssldir=${INSTALL_DIR}/ssl \ - --release \ - no-tests \ - shared \ - zlib -# Explicitly compile make without parallelism because it fails if we use -jX (no error message) -# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: -# https://github.com/openssl/openssl/issues/9931 -# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 -# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 -RUN make -j1 install_sw install_ssldirs -RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} - - -############################################################################### -# LIBSSH2 -# https://github.com/libssh2/libssh2/releases -# Needs: -# - zlib -# - OpenSSL -# Needed by: -# - curl -ENV VERSION_LIBSSH2=1.10.0 -ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 -RUN set -xe; \ - mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ - curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ - | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - cmake .. \ - # Build as a shared library (.so) instead of a static one - -DBUILD_SHARED_LIBS=ON \ - # Build with OpenSSL support - -DCRYPTO_BACKEND=OpenSSL \ - # Build with zlib support - -DENABLE_ZLIB_COMPRESSION=ON \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN cmake --build . --target install - - -############################################################################### -# LIBNGHTTP2 -# This adds support for HTTP 2 requests in curl. -# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 -# https://github.com/nghttp2/nghttp2/releases -# Needs: -# - zlib -# - OpenSSL -# Needed by: -# - curl -ENV VERSION_NGHTTP2=1.51.0 -ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 -RUN set -xe; \ - mkdir -p ${NGHTTP2_BUILD_DIR}; \ - curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ - | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 -WORKDIR ${NGHTTP2_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --enable-lib-only \ - --prefix=${INSTALL_DIR} -RUN make install - - -############################################################################### -# CURL -# # https://github.com/curl/curl/releases -# # Needs: -# # - zlib -# # - OpenSSL -# # - libssh2 -# # Needed by: -# # - php -ENV VERSION_CURL=7.85.0 -ENV CURL_BUILD_DIR=${BUILD_DIR}/curl -RUN set -xe; \ - mkdir -p ${CURL_BUILD_DIR}/bin; \ - curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ - | tar xzC ${CURL_BUILD_DIR} --strip-components=1 -WORKDIR ${CURL_BUILD_DIR}/ -RUN ./buildconf \ - && CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --with-ca-bundle=${CA_BUNDLE} \ - --enable-shared \ - --disable-static \ - --enable-optimize \ - --disable-warnings \ - --disable-dependency-tracking \ - --with-zlib \ - --enable-http \ - --enable-ftp \ - --enable-file \ - --enable-proxy \ - --enable-tftp \ - --enable-ipv6 \ - --enable-openssl-auto-load-config \ - --enable-cookies \ - --with-gnu-ld \ - --with-ssl \ - --with-libssh2 \ - --with-nghttp2 -RUN make install - - -############################################################################### -# LIBXML2 -# https://github.com/GNOME/libxml2/releases -# Uses: -# - zlib -# Needed by: -# - php -ENV VERSION_XML2=2.10.3 -ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 -RUN set -xe; \ - mkdir -p ${XML2_BUILD_DIR}; \ - curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ - | tar xJC ${XML2_BUILD_DIR} --strip-components=1 -WORKDIR ${XML2_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --with-sysroot=${INSTALL_DIR} \ - --enable-shared \ - --disable-static \ - --with-html \ - --with-history \ - --enable-ipv6=no \ - --with-icu \ - --with-zlib \ - --without-python -RUN make install \ - && cp xml2-config ${INSTALL_DIR}/bin/xml2-config - - -############################################################################### -# LIBZIP -# https://github.com/nih-at/libzip/releases -# Needed by: -# - php -ENV VERSION_ZIP=1.9.2 -ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip -RUN set -xe; \ - mkdir -p ${ZIP_BUILD_DIR}/bin/; \ - curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ - | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 -WORKDIR ${ZIP_BUILD_DIR}/bin/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - cmake .. \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN cmake --build . --target install - - -############################################################################### -# LIBSODIUM -# https://github.com/jedisct1/libsodium/releases -# Needed by: -# - php -ENV VERSION_LIBSODIUM=1.0.18 -ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium -RUN set -xe; \ - mkdir -p ${LIBSODIUM_BUILD_DIR}; \ - curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ - | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBSODIUM_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./autogen.sh \ -&& ./configure --prefix=${INSTALL_DIR} -RUN make install - - -############################################################################### -# Postgres -# https://github.com/postgres/postgres/releases -# Needs: -# - OpenSSL -# Needed by: -# - php -ENV VERSION_POSTGRES=15.1 -ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres -RUN set -xe; \ - mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ - curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ - | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 -WORKDIR ${POSTGRES_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline -RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install -RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install -RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers -RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install - - -############################################################################### -# Oniguruma -# This library is not packaged in PHP since PHP 7.4. -# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 -# We do not install the system version because I didn't manage to make it work... -# Ideally we shouldn't compile it ourselves. -# https://github.com/kkos/oniguruma/releases -# Needed by: -# - php mbstring -ENV VERSION_ONIG=6.9.8 -ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma -RUN set -xe; \ - mkdir -p ${ONIG_BUILD_DIR}; \ - curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ - | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 -WORKDIR ${ONIG_BUILD_DIR} -RUN ./configure --prefix=${INSTALL_DIR} -RUN make && make install - - -############################################################################### -# Install some dev files for using old libraries already on the system -# readline-devel : needed for the readline extension -# gettext-devel : needed for the --with-gettext flag -# libicu-devel : needed for intl -# libxslt-devel : needed for the XSL extension -# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) -RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 1c25925c..bbbb5f8f 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -3,6 +3,7 @@ export # export all variables defined in .env export CPU = arm export CPU_PREFIX = arm- +export IMAGE_VERSION_SUFFIX = arm64 # Build all Docker images and layers *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 6d5a4184..b904b3bf 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -3,6 +3,7 @@ export # export all variables defined in .env export CPU = x86 export CPU_PREFIX = +export IMAGE_VERSION_SUFFIX = x86_64 # Build all Docker images and layers *locally* diff --git a/docker-bake.hcl b/docker-bake.hcl index 62d154e9..b0049d0b 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -11,10 +11,16 @@ variable "CPU_PREFIX" { variable "PHP_VERSION" { default = "80" } +variable "IMAGE_VERSION_SUFFIX" { + default = "x86_64" +} target "base-devel" { - dockerfile = "base-devel/cpu-${CPU}.Dockerfile" + context = "base-devel" tags = ["bref/base-devel-${CPU}"] + args = { + "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" + } } target "build-php" { From 807f2b49c14107bbaed3d3b0304fa6e10e5764bb Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 22 Jan 2023 19:45:16 +0100 Subject: [PATCH 77/97] Cleanup useless file --- docker-compose-backup.yml | 213 -------------------------------------- 1 file changed, 213 deletions(-) delete mode 100644 docker-compose-backup.yml diff --git a/docker-compose-backup.yml b/docker-compose-backup.yml deleted file mode 100644 index 11c426ad..00000000 --- a/docker-compose-backup.yml +++ /dev/null @@ -1,213 +0,0 @@ -version: '3.8' - -services: - -#### PHP 8.0 - - build-php-80: - image: bref/${CPU_PREFIX}build-php-80 - build: - context: . - dockerfile: php-80/cpu-${CPU}.Dockerfile - target: build-environment - - - php-80: - image: bref/${CPU_PREFIX}php-80 - build: - context: . - dockerfile: php-80/cpu-${CPU}.Dockerfile - target: function - - php-80-zip: - image: bref/${CPU_PREFIX}php-80-zip - build: - context: . - dockerfile: php-80/cpu-${CPU}.Dockerfile - target: zip-function - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}php-80.zip"] - volumes: - - ./output:/tmp/bref-zip - - - php-80-fpm: - image: bref/${CPU_PREFIX}php-80-fpm - build: - context: . - dockerfile: php-80/cpu-${CPU}.Dockerfile - target: fpm - - php-80-zip-fpm: - image: bref/${CPU_PREFIX}php-80-fpm-zip - build: - context: . - dockerfile: php-80/cpu-${CPU}.Dockerfile - target: zip-fpm - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}php-80-fpm.zip"] - volumes: - - ./output:/tmp/bref-zip - - php-80-fpm-dev: - image: bref/${CPU_PREFIX}php-80-fpm-dev - build: - context: layers/fpm-dev - args: - PHP_VERSION: 80 - CPU_PREFIX: ${CPU_PREFIX} - - - php-80-console: - image: bref/${CPU_PREFIX}php-80-console - build: - context: ./layers/console - target: console - args: - PHP_VERSION: 80 - CPU_PREFIX: ${CPU_PREFIX} - - php-80-zip-console: - image: bref/${CPU_PREFIX}php-80-console-zip - build: - context: ./layers/console - target: zip-console - args: - PHP_VERSION: 80 - CPU_PREFIX: ${CPU_PREFIX} - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}console.zip"] - volumes: - - ./output:/tmp/bref-zip - - -#### PHP 8.1 - - build-php-81: - image: bref/${CPU_PREFIX}build-php-81 - build: - context: . - dockerfile: php-81/cpu-${CPU}.Dockerfile - target: build-environment - - - php-81: - image: bref/${CPU_PREFIX}php-81 - build: - context: . - dockerfile: php-81/cpu-${CPU}.Dockerfile - target: function - - php-81-zip: - image: bref/${CPU_PREFIX}php-81-zip - build: - context: . - dockerfile: php-81/cpu-${CPU}.Dockerfile - target: zip-function - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}php-81.zip"] - volumes: - - ./output:/tmp/bref-zip - - - php-81-fpm: - image: bref/${CPU_PREFIX}php-81-fpm - build: - context: . - dockerfile: php-81/cpu-${CPU}.Dockerfile - target: fpm - - php-81-zip-fpm: - image: bref/${CPU_PREFIX}php-81-fpm-zip - build: - context: . - dockerfile: php-81/cpu-${CPU}.Dockerfile - target: zip-fpm - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}php-81-fpm.zip"] - volumes: - - ./output:/tmp/bref-zip - - php-81-fpm-dev: - image: bref/${CPU_PREFIX}php-81-fpm-dev - build: - context: layers/fpm-dev - args: - PHP_VERSION: 81 - CPU_PREFIX: ${CPU_PREFIX} - - - php-81-console: - image: bref/${CPU_PREFIX}php-81-console - build: - context: ./layers/console - target: console - args: - PHP_VERSION: 81 - CPU_PREFIX: ${CPU_PREFIX} - - -#### PHP 8.2 - - build-php-82: - image: bref/${CPU_PREFIX}build-php-82 - build: - context: . - dockerfile: php-82/cpu-${CPU}.Dockerfile - target: build-environment - - - php-82: - image: bref/${CPU_PREFIX}php-82 - build: - context: . - dockerfile: php-82/cpu-${CPU}.Dockerfile - target: function - - php-82-zip: - image: bref/${CPU_PREFIX}php-82-zip - build: - context: . - dockerfile: php-82/cpu-${CPU}.Dockerfile - target: zip-function - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}php-82.zip"] - volumes: - - ./output:/tmp/bref-zip - - - php-82-fpm: - image: bref/${CPU_PREFIX}php-82-fpm - build: - context: . - dockerfile: php-82/cpu-${CPU}.Dockerfile - target: fpm - - php-82-zip-fpm: - image: bref/${CPU_PREFIX}php-82-fpm-zip - build: - context: . - dockerfile: php-82/cpu-${CPU}.Dockerfile - target: zip-fpm - entrypoint: /bin/cp - command: ["/tmp/layer.zip", "/tmp/bref-zip/${CPU_PREFIX}php-82-fpm.zip"] - volumes: - - ./output:/tmp/bref-zip - - php-82-fpm-dev: - image: bref/${CPU_PREFIX}php-82-fpm-dev - build: - context: layers/fpm-dev - args: - PHP_VERSION: 82 - CPU_PREFIX: ${CPU_PREFIX} - - - php-82-console: - image: bref/${CPU_PREFIX}php-82-console - build: - context: ./layers/console - target: console - args: - PHP_VERSION: 82 - CPU_PREFIX: ${CPU_PREFIX} From 0501e0da5b161618a4e23fb693aed91cf5d8cbe3 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 22 Jan 2023 21:44:19 +0100 Subject: [PATCH 78/97] Simplify Dockerfiles by merging ARM and x86 together --- docker-bake.hcl | 18 ++- php-80/{cpu-arm.Dockerfile => Dockerfile} | 10 +- php-80/cpu-x86.Dockerfile | 152 ---------------------- php-81/{cpu-arm.Dockerfile => Dockerfile} | 10 +- php-81/cpu-x86.Dockerfile | 152 ---------------------- php-82/{cpu-arm.Dockerfile => Dockerfile} | 10 +- php-82/cpu-x86.Dockerfile | 152 ---------------------- 7 files changed, 39 insertions(+), 465 deletions(-) rename php-80/{cpu-arm.Dockerfile => Dockerfile} (96%) delete mode 100644 php-80/cpu-x86.Dockerfile rename php-81/{cpu-arm.Dockerfile => Dockerfile} (96%) delete mode 100644 php-81/cpu-x86.Dockerfile rename php-82/{cpu-arm.Dockerfile => Dockerfile} (96%) delete mode 100644 php-82/cpu-x86.Dockerfile diff --git a/docker-bake.hcl b/docker-bake.hcl index b0049d0b..8f20fcac 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -24,9 +24,13 @@ target "base-devel" { } target "build-php" { - dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" + dockerfile = "php-${PHP_VERSION}/Dockerfile" target = "build-environment" tags = ["bref/${CPU_PREFIX}build-php-${PHP_VERSION}"] + args = { + "CPU" = "${CPU}" + "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" + } contexts = { // Dependency to the base image "bref/base-devel-${CPU}" = "target:base-devel" @@ -34,9 +38,13 @@ target "build-php" { } target "php" { - dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" + dockerfile = "php-${PHP_VERSION}/Dockerfile" target = "function" tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}"] + args = { + "CPU" = "${CPU}" + "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" + } contexts = { "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" @@ -49,9 +57,13 @@ target "fpm-internal-src" { } target "php-fpm" { - dockerfile = "php-${PHP_VERSION}/cpu-${CPU}.Dockerfile" + dockerfile = "php-${PHP_VERSION}/Dockerfile" target = "fpm" tags = ["bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm"] + args = { + "CPU" = "${CPU}" + "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" + } contexts = { "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" diff --git a/php-80/cpu-arm.Dockerfile b/php-80/Dockerfile similarity index 96% rename from php-80/cpu-arm.Dockerfile rename to php-80/Dockerfile index 29643c93..2c9746bb 100644 --- a/php-80/cpu-arm.Dockerfile +++ b/php-80/Dockerfile @@ -1,5 +1,11 @@ # syntax = docker/dockerfile:1.4 -FROM bref/base-devel-arm as build-environment + +# Can be "x86" or "arm" +ARG CPU +# Can be "x86_64" or "arm64" +ARG IMAGE_VERSION_SUFFIX + +FROM bref/base-devel-${CPU} as build-environment ENV VERSION_PHP=8.0.25 @@ -108,7 +114,7 @@ RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so / # --------------------------------------------------------------- # Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-arm64 as isolation +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as isolation COPY --link --from=build-environment /opt /opt diff --git a/php-80/cpu-x86.Dockerfile b/php-80/cpu-x86.Dockerfile deleted file mode 100644 index 4f1c366c..00000000 --- a/php-80/cpu-x86.Dockerfile +++ /dev/null @@ -1,152 +0,0 @@ -# syntax = docker/dockerfile:1.4 -FROM bref/base-devel-x86 as build-environment - -ENV VERSION_PHP=8.0.25 - -RUN mkdir -p /tmp/php -WORKDIR /tmp/php - -# PHP Build -# https://github.com/php/php-src/releases -# Needs: -# - zlib -# - libxml2 -# - openssl -# - readline -# - sodium - -# Download and unpack the source code -# --location will follow redirects -# --silent will hide the progress, but also the errors: we restore error messages with --show-error -# --fail makes sure that curl returns an error instead of fetching the 404 page -RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ - | tar xzC . --strip-components=1 - -# Configure the build -# -fstack-protector-strong : Be paranoid about stack overflows -# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) -# -fpie : Support Address Space Layout Randomization (see -fpic) -# -O3 : Optimize for fastest binaries possible. -# -I : Add the path to the list of directories to be searched for header files during preprocessing. -# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings -# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) -# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) -# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 -RUN ./buildconf --force -RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ - CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ - ./configure \ - --build=x86_64-pc-linux-gnu \ - --prefix=${INSTALL_DIR} \ - --enable-option-checking=fatal \ - --enable-sockets \ - --with-config-file-path=/opt/bref/etc/php \ - --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ - --enable-fpm \ - --disable-cgi \ - --enable-cli \ - --disable-phpdbg \ - --with-sodium \ - --with-readline \ - --with-openssl \ - --with-zlib \ - --with-zlib-dir \ - --with-curl \ - --enable-exif \ - --enable-ftp \ - --with-gettext \ - --enable-mbstring \ - --with-pdo-mysql=shared,mysqlnd \ - --with-mysqli \ - --enable-pcntl \ - --with-zip \ - --enable-bcmath \ - --with-pdo-pgsql=shared,${INSTALL_DIR} \ - --enable-intl=shared \ - --enable-soap \ - --with-xsl=${INSTALL_DIR} \ - # necessary for `pecl` to work (to install PHP extensions) - --with-pear -RUN make -j $(nproc) -# Run `make install` and override PEAR's PHAR URL because pear.php.net is down -RUN set -xe; \ - make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ - { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ - make clean; \ - cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini - - -# Install extensions -# We can install extensions manually or using `pecl` -RUN pecl install APCu - - -# --------------------------------------------------------------- -# Now we copy everything we need for the layers into /opt (location of the layers) -RUN mkdir /opt/bin \ -&& mkdir /opt/lib \ -&& mkdir -p /opt/bref/extensions - -# Copy the PHP binary into /opt/bin -RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php - -# Copy all the external PHP extensions -RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ - -# Copy all the required system libraries from: -# - /lib | /lib64 (system libraries installed with `yum`) -# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) -# into `/opt` (the directory of Lambda layers) -COPY --link utils/lib-check /bref/lib-copy -RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib - - -# --------------------------------------------------------------- -# Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation - -COPY --link --from=build-environment /opt /opt - -FROM isolation as function - -COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ - -COPY --link layers/function/bootstrap.sh /opt/bootstrap -# Copy files to /var/runtime to support deploying as a Docker image -COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap -RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap - -COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php - - -# Up until here the entire file has been designed as a top-down reading/execution. -# Everything necessary for the `function` layer has been installed, isolated and -# packaged. Now we'll go back one step and start from the extensions so that we -# can install fpm. Then we'll start the fpm layer and quickly isolate fpm. - -FROM build-environment as fpm-extension - -RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm -RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib - - -FROM isolation as fpm - -COPY --link --from=fpm-extension /opt /opt - -COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ - -COPY --link layers/fpm/bootstrap.sh /opt/bootstrap -# Copy files to /var/runtime to support deploying as a Docker image -COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap -RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap - -COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf - -COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime diff --git a/php-81/cpu-arm.Dockerfile b/php-81/Dockerfile similarity index 96% rename from php-81/cpu-arm.Dockerfile rename to php-81/Dockerfile index 1ba5fd03..1a82f244 100644 --- a/php-81/cpu-arm.Dockerfile +++ b/php-81/Dockerfile @@ -1,5 +1,11 @@ # syntax = docker/dockerfile:1.4 -FROM bref/base-devel-arm as build-environment + +# Can be "x86" or "arm" +ARG CPU +# Can be "x86_64" or "arm64" +ARG IMAGE_VERSION_SUFFIX + +FROM bref/base-devel-${CPU} as build-environment ENV VERSION_PHP=8.1.14 @@ -108,7 +114,7 @@ RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so / # --------------------------------------------------------------- # Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-arm64 as isolation +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as isolation COPY --link --from=build-environment /opt /opt diff --git a/php-81/cpu-x86.Dockerfile b/php-81/cpu-x86.Dockerfile deleted file mode 100644 index 7981204c..00000000 --- a/php-81/cpu-x86.Dockerfile +++ /dev/null @@ -1,152 +0,0 @@ -# syntax = docker/dockerfile:1.4 -FROM bref/base-devel-x86 as build-environment - -ENV VERSION_PHP=8.1.14 - -RUN mkdir -p /tmp/php -WORKDIR /tmp/php - -# PHP Build -# https://github.com/php/php-src/releases -# Needs: -# - zlib -# - libxml2 -# - openssl -# - readline -# - sodium - -# Download and unpack the source code -# --location will follow redirects -# --silent will hide the progress, but also the errors: we restore error messages with --show-error -# --fail makes sure that curl returns an error instead of fetching the 404 page -RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ - | tar xzC . --strip-components=1 - -# Configure the build -# -fstack-protector-strong : Be paranoid about stack overflows -# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) -# -fpie : Support Address Space Layout Randomization (see -fpic) -# -O3 : Optimize for fastest binaries possible. -# -I : Add the path to the list of directories to be searched for header files during preprocessing. -# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings -# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) -# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) -# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 -RUN ./buildconf --force -RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ - CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ - ./configure \ - --build=x86_64-pc-linux-gnu \ - --prefix=${INSTALL_DIR} \ - --enable-option-checking=fatal \ - --enable-sockets \ - --with-config-file-path=/opt/bref/etc/php \ - --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ - --enable-fpm \ - --disable-cgi \ - --enable-cli \ - --disable-phpdbg \ - --with-sodium \ - --with-readline \ - --with-openssl \ - --with-zlib \ - --with-zlib-dir \ - --with-curl \ - --enable-exif \ - --enable-ftp \ - --with-gettext \ - --enable-mbstring \ - --with-pdo-mysql=shared,mysqlnd \ - --with-mysqli \ - --enable-pcntl \ - --with-zip \ - --enable-bcmath \ - --with-pdo-pgsql=shared,${INSTALL_DIR} \ - --enable-intl=shared \ - --enable-soap \ - --with-xsl=${INSTALL_DIR} \ - # necessary for `pecl` to work (to install PHP extensions) - --with-pear -RUN make -j $(nproc) -# Run `make install` and override PEAR's PHAR URL because pear.php.net is down -RUN set -xe; \ - make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ - { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ - make clean; \ - cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini - - -# Install extensions -# We can install extensions manually or using `pecl` -RUN pecl install APCu - - -# --------------------------------------------------------------- -# Now we copy everything we need for the layers into /opt (location of the layers) -RUN mkdir /opt/bin \ -&& mkdir /opt/lib \ -&& mkdir -p /opt/bref/extensions - -# Copy the PHP binary into /opt/bin -RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php - -# Copy all the external PHP extensions -RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ - -# Copy all the required system libraries from: -# - /lib | /lib64 (system libraries installed with `yum`) -# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) -# into `/opt` (the directory of Lambda layers) -COPY --link utils/lib-check /bref/lib-copy -RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib - - -# --------------------------------------------------------------- -# Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation - -COPY --link --from=build-environment /opt /opt - -FROM isolation as function - -COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ - -COPY --link layers/function/bootstrap.sh /opt/bootstrap -# Copy files to /var/runtime to support deploying as a Docker image -COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap -RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap - -COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php - - -# Up until here the entire file has been designed as a top-down reading/execution. -# Everything necessary for the `function` layer has been installed, isolated and -# packaged. Now we'll go back one step and start from the extensions so that we -# can install fpm. Then we'll start the fpm layer and quickly isolate fpm. - -FROM build-environment as fpm-extension - -RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm -RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib - - -FROM isolation as fpm - -COPY --link --from=fpm-extension /opt /opt - -COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ - -COPY --link layers/fpm/bootstrap.sh /opt/bootstrap -# Copy files to /var/runtime to support deploying as a Docker image -COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap -RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap - -COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf - -COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime diff --git a/php-82/cpu-arm.Dockerfile b/php-82/Dockerfile similarity index 96% rename from php-82/cpu-arm.Dockerfile rename to php-82/Dockerfile index 8c7b9ffa..0c3b02d0 100644 --- a/php-82/cpu-arm.Dockerfile +++ b/php-82/Dockerfile @@ -1,5 +1,11 @@ # syntax = docker/dockerfile:1.4 -FROM bref/base-devel-arm as build-environment + +# Can be "x86" or "arm" +ARG CPU +# Can be "x86_64" or "arm64" +ARG IMAGE_VERSION_SUFFIX + +FROM bref/base-devel-${CPU} as build-environment ENV VERSION_PHP=8.2.0 @@ -108,7 +114,7 @@ RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so / # --------------------------------------------------------------- # Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-arm64 as isolation +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as isolation COPY --link --from=build-environment /opt /opt diff --git a/php-82/cpu-x86.Dockerfile b/php-82/cpu-x86.Dockerfile deleted file mode 100644 index 7148003f..00000000 --- a/php-82/cpu-x86.Dockerfile +++ /dev/null @@ -1,152 +0,0 @@ -# syntax = docker/dockerfile:1.4 -FROM bref/base-devel-x86 as build-environment - -ENV VERSION_PHP=8.2.0 - -RUN mkdir -p /tmp/php -WORKDIR /tmp/php - -# PHP Build -# https://github.com/php/php-src/releases -# Needs: -# - zlib -# - libxml2 -# - openssl -# - readline -# - sodium - -# Download and unpack the source code -# --location will follow redirects -# --silent will hide the progress, but also the errors: we restore error messages with --show-error -# --fail makes sure that curl returns an error instead of fetching the 404 page -RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ - | tar xzC . --strip-components=1 - -# Configure the build -# -fstack-protector-strong : Be paranoid about stack overflows -# -fpic : Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) -# -fpie : Support Address Space Layout Randomization (see -fpic) -# -O3 : Optimize for fastest binaries possible. -# -I : Add the path to the list of directories to be searched for header files during preprocessing. -# --enable-option-checking=fatal: make sure invalid --configure-flags are fatal errors instead of just warnings -# --enable-ftp: because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) -# --enable-mbstring: because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) -# --with-zlib and --with-zlib-dir: See https://stackoverflow.com/a/42978649/245552 -RUN ./buildconf --force -RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ - CPPFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I/usr/include -ffunction-sections -fdata-sections" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib -Wl,-O1 -Wl,--strip-all -Wl,--hash-style=both -pie" \ - ./configure \ - --build=x86_64-pc-linux-gnu \ - --prefix=${INSTALL_DIR} \ - --enable-option-checking=fatal \ - --enable-sockets \ - --with-config-file-path=/opt/bref/etc/php \ - --with-config-file-scan-dir=/opt/bref/etc/php/conf.d:/var/task/php/conf.d \ - --enable-fpm \ - --disable-cgi \ - --enable-cli \ - --disable-phpdbg \ - --with-sodium \ - --with-readline \ - --with-openssl \ - --with-zlib \ - --with-zlib-dir \ - --with-curl \ - --enable-exif \ - --enable-ftp \ - --with-gettext \ - --enable-mbstring \ - --with-pdo-mysql=shared,mysqlnd \ - --with-mysqli \ - --enable-pcntl \ - --with-zip \ - --enable-bcmath \ - --with-pdo-pgsql=shared,${INSTALL_DIR} \ - --enable-intl=shared \ - --enable-soap \ - --with-xsl=${INSTALL_DIR} \ - # necessary for `pecl` to work (to install PHP extensions) - --with-pear -RUN make -j $(nproc) -# Run `make install` and override PEAR's PHAR URL because pear.php.net is down -RUN set -xe; \ - make install PEAR_INSTALLER_URL='https://github.com/pear/pearweb_phars/raw/master/install-pear-nozlib.phar'; \ - { find ${INSTALL_DIR}/bin ${INSTALL_DIR}/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ - make clean; \ - cp php.ini-production ${INSTALL_DIR}/etc/php/php.ini - - -# Install extensions -# We can install extensions manually or using `pecl` -RUN pecl install APCu - - -# --------------------------------------------------------------- -# Now we copy everything we need for the layers into /opt (location of the layers) -RUN mkdir /opt/bin \ -&& mkdir /opt/lib \ -&& mkdir -p /opt/bref/extensions - -# Copy the PHP binary into /opt/bin -RUN cp ${INSTALL_DIR}/bin/php /opt/bin/php && chmod +x /opt/bin/php - -# Copy all the external PHP extensions -RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ - -# Copy all the required system libraries from: -# - /lib | /lib64 (system libraries installed with `yum`) -# - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) -# into `/opt` (the directory of Lambda layers) -COPY --link utils/lib-check /bref/lib-copy -RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/opcache.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_mysql.so /opt/lib -RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/pdo_pgsql.so /opt/lib - - -# --------------------------------------------------------------- -# Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-x86_64 as isolation - -COPY --link --from=build-environment /opt /opt - -FROM isolation as function - -COPY --link layers/function/bref.ini /opt/bref/etc/php/conf.d/ - -COPY --link layers/function/bootstrap.sh /opt/bootstrap -# Copy files to /var/runtime to support deploying as a Docker image -COPY --link layers/function/bootstrap.sh /var/runtime/bootstrap -RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap - -COPY --link layers/function/bootstrap.php /opt/bref/bootstrap.php - - -# Up until here the entire file has been designed as a top-down reading/execution. -# Everything necessary for the `function` layer has been installed, isolated and -# packaged. Now we'll go back one step and start from the extensions so that we -# can install fpm. Then we'll start the fpm layer and quickly isolate fpm. - -FROM build-environment as fpm-extension - -RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm -RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib - - -FROM isolation as fpm - -COPY --link --from=fpm-extension /opt /opt - -COPY --link layers/fpm/bref.ini /opt/bref/etc/php/conf.d/ - -COPY --link layers/fpm/bootstrap.sh /opt/bootstrap -# Copy files to /var/runtime to support deploying as a Docker image -COPY --link layers/fpm/bootstrap.sh /var/runtime/bootstrap -RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap - -COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf - -COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime From a7da2b4dedca67c1f20f78b8118582369fe4bf37 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 22 Jan 2023 21:57:47 +0100 Subject: [PATCH 79/97] Try using Depot --- .github/workflows/tests.yml | 34 ++------------------ cpu-arm.Makefile | 64 ++++++++++++++++++++++++++++++++++--- cpu-x86.Makefile | 58 ++++++++++++++++++++++++++++++--- depot.json | 3 ++ 4 files changed, 120 insertions(+), 39 deletions(-) create mode 100644 depot.json diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 999bf770..93de790b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,44 +24,16 @@ jobs: - uses: actions/checkout@v3 - # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images - - name: Set up QEMU to build ARM images - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker buildx to use BuildKit features - uses: docker/setup-buildx-action@v2 - with: - # Sets up `docker build` command as an alias to `docker buildx` - install: true + - uses: depot/setup-action@v1 - name: Build Docker images - uses: docker/bake-action@v2.3.0 + run: make -f cpu-${{ matrix.cpu }}.Makefile docker-images env: + DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} PHP_VERSION: ${{ matrix.php_version }} CPU: ${{ matrix.cpu }} CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} - with: - # This is needed to make the built images available in later steps - # https://docs.docker.com/engine/reference/commandline/buildx_build/#load - load: true - # Cache Docker layers in GitHub Actions cache, scoped per image - # https://github.com/docker/bake-action/issues/87#issuecomment-1184659151 - # We unfortunately don't use `mode=max` (which caches ALL layers instead of just tags) - # nor do we cache all images because it creates a huge number of cache requests - # and we get GitHub Actions cache timeouts: - # https://github.com/moby/buildkit/issues/2804 - set: | - base-devel.cache-from=type=gha,scope=base-devel-${{ matrix.cpu }} - base-devel.cache-to=type=gha,scope=base-devel-${{ matrix.cpu }} - build-php.cache-from=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} - build-php.cache-to=type=gha,scope=build-${{ matrix.cpu }}-php-${{ matrix.php_version }} - fpm-internal-src.cache-from=type=gha,scope=fpm-internal-src - fpm-internal-src.cache-to=type=gha,scope=fpm-internal-src - console.cache-from=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} - console.cache-to=type=gha,scope=${{ matrix.cpu }}-console-${{ matrix.php_version }} - php-fpm-dev.cache-from=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} - php-fpm-dev.cache-to=type=gha,scope=${{ matrix.cpu }}-php-fpm-dev-${{ matrix.php_version }} - name: Test that layers can be exported run: | diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index bbbb5f8f..68085eda 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -12,10 +12,66 @@ default: docker-images layers # Build Docker images *locally* -docker-images: - PHP_VERSION=80 docker buildx bake --load - PHP_VERSION=81 docker buildx bake --load - PHP_VERSION=82 docker buildx bake --load +docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 +docker-image-base-devel: + depot build \ + --platform=linux/arm64 \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/base-devel-${CPU} \ + base-devel +docker-image-fpm-internal-src: + depot build \ + --load \ + --tag=bref/fpm-internal-src \ + layers/fpm +docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src + # build + depot build \ + --platform=linux/arm64 \ + --build-arg=CPU=${CPU} \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}build-php-$* \ + --file=php-$*/Dockerfile \ + --target=build-environment \ + . + # php + depot build \ + --platform=linux/arm64 \ + --build-arg=CPU=${CPU} \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$* \ + --file=php-$*/Dockerfile \ + --target=function \ + . + # php-fpm + depot build \ + --platform=linux/arm64 \ + --build-arg=CPU=${CPU} \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$*-fpm \ + --file=php-$*/Dockerfile \ + --target=fpm \ + . + # console + depot build \ + --platform=linux/arm64 \ + --build-arg=PHP_VERSION=$* \ + --build-arg=CPU_PREFIX=${CPU_PREFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$*-console \ + layers/console + # php-fpm-dev + depot build \ + --platform=linux/arm64 \ + --build-arg=PHP_VERSION=$* \ + --build-arg=CPU_PREFIX=${CPU_PREFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$*-fpm-dev \ + layers/fpm-dev # Build Lambda layers (zip files) *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index b904b3bf..761b54ed 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -12,10 +12,60 @@ default: docker-images layers # Build Docker images *locally* -docker-images: - PHP_VERSION=80 docker buildx bake --load - PHP_VERSION=81 docker buildx bake --load - PHP_VERSION=82 docker buildx bake --load +docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 +docker-image-base-devel: + depot build \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/base-devel-${CPU} \ + base-devel +docker-image-fpm-internal-src: + depot build \ + --load \ + --tag=bref/fpm-internal-src \ + layers/fpm +docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src + # build + depot build \ + --build-arg=CPU=${CPU} \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}build-php-$* \ + --file=php-$*/Dockerfile \ + --target=build-environment \ + . + # php + depot build \ + --build-arg=CPU=${CPU} \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$* \ + --file=php-$*/Dockerfile \ + --target=function \ + . + # php-fpm + depot build \ + --build-arg=CPU=${CPU} \ + --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$*-fpm \ + --file=php-$*/Dockerfile \ + --target=fpm \ + . + # console + depot build \ + --build-arg=PHP_VERSION=$* \ + --build-arg=CPU_PREFIX=${CPU_PREFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$*-console \ + layers/console + # php-fpm-dev + depot build \ + --build-arg=PHP_VERSION=$* \ + --build-arg=CPU_PREFIX=${CPU_PREFIX} \ + --load \ + --tag=bref/${CPU_PREFIX}php-$*-fpm-dev \ + layers/fpm-dev # Build Lambda layers (zip files) *locally* diff --git a/depot.json b/depot.json new file mode 100644 index 00000000..40eeea09 --- /dev/null +++ b/depot.json @@ -0,0 +1,3 @@ +{ + "id": "t048vfb17n" +} From 33609e663564f871143afecdbfcb8caad960ed51 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 22 Jan 2023 22:32:14 +0100 Subject: [PATCH 80/97] Merge the base-devel image into PHP Dockerfiles This is to avoid having the dangling base-devel-xx Docker images that are used only to cache internal steps (common throughout PHP versions). Since Depot caches all intermediary layers very aggressively, that intermediary image that serves as a cache becomes useless. --- base-devel/Dockerfile | 332 ------------------------------------------ cpu-arm.Makefile | 9 +- cpu-x86.Makefile | 13 +- docker-bake.hcl | 16 -- php-80/Dockerfile | 332 +++++++++++++++++++++++++++++++++++++++++- php-81/Dockerfile | 332 +++++++++++++++++++++++++++++++++++++++++- php-82/Dockerfile | 332 +++++++++++++++++++++++++++++++++++++++++- 7 files changed, 991 insertions(+), 375 deletions(-) delete mode 100644 base-devel/Dockerfile diff --git a/base-devel/Dockerfile b/base-devel/Dockerfile deleted file mode 100644 index fa8a0447..00000000 --- a/base-devel/Dockerfile +++ /dev/null @@ -1,332 +0,0 @@ -# The container we build here contains everything needed to compile PHP. -# We build in here everything that is stable (e.g. system tools) so that we don't -# recompile them every time we change PHP. - - -# Can be "x86_64" or "arm64" -ARG IMAGE_VERSION_SUFFIX - - -# Lambda uses a custom AMI named Amazon Linux 2 -# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html -# AWS provides a Docker image that we use here: -# https://github.com/amazonlinux/container-images/tree/amzn2 -FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} - - -# Temp directory in which all compilation happens -WORKDIR /tmp - - -RUN set -xe \ - # Download yum repository data to cache - && yum makecache \ - # Default Development Tools - && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default - - -# The default version of cmake is 2.8.12. We need cmake to build a few of -# our libraries, and at least one library requires a version of cmake greater than that. -# Needed to build: -# - libzip: minimum required CMAKE version 3.0. -RUN LD_LIBRARY_PATH= yum install -y cmake3 -# Override the default `cmake` -RUN ln -s /usr/bin/cmake3 /usr/bin/cmake - -# Use the bash shell, instead of /bin/sh -# Why? We need to document this. -SHELL ["/bin/bash", "-c"] - -# We need a base path for all the sourcecode we will build from. -ENV BUILD_DIR="/tmp/build" - -# Target installation path for all the packages we will compile -ENV INSTALL_DIR="/tmp/bref" - -# We need some default compiler variables setup -ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ - PKG_CONFIG="/usr/bin/pkg-config" \ - PATH="${INSTALL_DIR}/bin:${PATH}" - -ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" - -# Enable parallelism by default for make and cmake (like make -j) -# See https://stackoverflow.com/a/50883540/245552 -ENV CMAKE_BUILD_PARALLEL_LEVEL=4 -ENV MAKEFLAGS='-j4' - -# Ensure we have all the directories we require in the container. -RUN mkdir -p ${BUILD_DIR} \ - ${INSTALL_DIR}/bin \ - ${INSTALL_DIR}/doc \ - ${INSTALL_DIR}/etc/php \ - ${INSTALL_DIR}/etc/php/conf.d \ - ${INSTALL_DIR}/include \ - ${INSTALL_DIR}/lib \ - ${INSTALL_DIR}/lib64 \ - ${INSTALL_DIR}/libexec \ - ${INSTALL_DIR}/sbin \ - ${INSTALL_DIR}/share - - -############################################################################### -# OPENSSL -# https://github.com/openssl/openssl/releases -# Needs: -# - zlib -# Needed by: -# - curl -# - php -ENV VERSION_OPENSSL=1.1.1s -ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl -ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" -ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" -RUN set -xe; \ - mkdir -p ${OPENSSL_BUILD_DIR}; \ - curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ - | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 -WORKDIR ${OPENSSL_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./config \ - --prefix=${INSTALL_DIR} \ - --openssldir=${INSTALL_DIR}/ssl \ - --release \ - no-tests \ - shared \ - zlib -# Explicitly compile make without parallelism because it fails if we use -jX (no error message) -# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: -# https://github.com/openssl/openssl/issues/9931 -# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 -# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 -RUN make -j1 install_sw install_ssldirs -RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} - - -############################################################################### -# LIBSSH2 -# https://github.com/libssh2/libssh2/releases -# Needs: -# - zlib -# - OpenSSL -# Needed by: -# - curl -ENV VERSION_LIBSSH2=1.10.0 -ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 -RUN set -xe; \ - mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ - curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ - | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - cmake .. \ - # Build as a shared library (.so) instead of a static one - -DBUILD_SHARED_LIBS=ON \ - # Build with OpenSSL support - -DCRYPTO_BACKEND=OpenSSL \ - # Build with zlib support - -DENABLE_ZLIB_COMPRESSION=ON \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN cmake --build . --target install - - -############################################################################### -# LIBNGHTTP2 -# This adds support for HTTP 2 requests in curl. -# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 -# https://github.com/nghttp2/nghttp2/releases -# Needs: -# - zlib -# - OpenSSL -# Needed by: -# - curl -ENV VERSION_NGHTTP2=1.51.0 -ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 -RUN set -xe; \ - mkdir -p ${NGHTTP2_BUILD_DIR}; \ - curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ - | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 -WORKDIR ${NGHTTP2_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --enable-lib-only \ - --prefix=${INSTALL_DIR} -RUN make install - - -############################################################################### -# CURL -# # https://github.com/curl/curl/releases -# # Needs: -# # - zlib -# # - OpenSSL -# # - libssh2 -# # Needed by: -# # - php -ENV VERSION_CURL=7.85.0 -ENV CURL_BUILD_DIR=${BUILD_DIR}/curl -RUN set -xe; \ - mkdir -p ${CURL_BUILD_DIR}/bin; \ - curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ - | tar xzC ${CURL_BUILD_DIR} --strip-components=1 -WORKDIR ${CURL_BUILD_DIR}/ -RUN ./buildconf \ - && CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --with-ca-bundle=${CA_BUNDLE} \ - --enable-shared \ - --disable-static \ - --enable-optimize \ - --disable-warnings \ - --disable-dependency-tracking \ - --with-zlib \ - --enable-http \ - --enable-ftp \ - --enable-file \ - --enable-proxy \ - --enable-tftp \ - --enable-ipv6 \ - --enable-openssl-auto-load-config \ - --enable-cookies \ - --with-gnu-ld \ - --with-ssl \ - --with-libssh2 \ - --with-nghttp2 -RUN make install - - -############################################################################### -# LIBXML2 -# https://github.com/GNOME/libxml2/releases -# Uses: -# - zlib -# Needed by: -# - php -ENV VERSION_XML2=2.10.3 -ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 -RUN set -xe; \ - mkdir -p ${XML2_BUILD_DIR}; \ - curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ - | tar xJC ${XML2_BUILD_DIR} --strip-components=1 -WORKDIR ${XML2_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --with-sysroot=${INSTALL_DIR} \ - --enable-shared \ - --disable-static \ - --with-html \ - --with-history \ - --enable-ipv6=no \ - --with-icu \ - --with-zlib \ - --without-python -RUN make install \ - && cp xml2-config ${INSTALL_DIR}/bin/xml2-config - - -############################################################################### -# LIBZIP -# https://github.com/nih-at/libzip/releases -# Needed by: -# - php -ENV VERSION_ZIP=1.9.2 -ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip -RUN set -xe; \ - mkdir -p ${ZIP_BUILD_DIR}/bin/; \ - curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ - | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 -WORKDIR ${ZIP_BUILD_DIR}/bin/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - cmake .. \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN cmake --build . --target install - - -############################################################################### -# LIBSODIUM -# https://github.com/jedisct1/libsodium/releases -# Needed by: -# - php -ENV VERSION_LIBSODIUM=1.0.18 -ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium -RUN set -xe; \ - mkdir -p ${LIBSODIUM_BUILD_DIR}; \ - curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ - | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBSODIUM_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./autogen.sh \ -&& ./configure --prefix=${INSTALL_DIR} -RUN make install - - -############################################################################### -# Postgres -# https://github.com/postgres/postgres/releases -# Needs: -# - OpenSSL -# Needed by: -# - php -ENV VERSION_POSTGRES=15.1 -ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres -RUN set -xe; \ - mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ - curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ - | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 -WORKDIR ${POSTGRES_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline -RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install -RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install -RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers -RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install - - -############################################################################### -# Oniguruma -# This library is not packaged in PHP since PHP 7.4. -# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 -# We do not install the system version because I didn't manage to make it work... -# Ideally we shouldn't compile it ourselves. -# https://github.com/kkos/oniguruma/releases -# Needed by: -# - php mbstring -ENV VERSION_ONIG=6.9.8 -ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma -RUN set -xe; \ - mkdir -p ${ONIG_BUILD_DIR}; \ - curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ - | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 -WORKDIR ${ONIG_BUILD_DIR} -RUN ./configure --prefix=${INSTALL_DIR} -RUN make && make install - - -############################################################################### -# Install some dev files for using old libraries already on the system -# readline-devel : needed for the readline extension -# gettext-devel : needed for the --with-gettext flag -# libicu-devel : needed for intl -# libxslt-devel : needed for the XSL extension -# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) -RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 68085eda..8cd4041b 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -13,19 +13,12 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 -docker-image-base-devel: - depot build \ - --platform=linux/arm64 \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/base-devel-${CPU} \ - base-devel docker-image-fpm-internal-src: depot build \ --load \ --tag=bref/fpm-internal-src \ layers/fpm -docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src +docker-images-php-%: docker-image-fpm-internal-src # build depot build \ --platform=linux/arm64 \ diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 761b54ed..cb58bf20 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -13,20 +13,15 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 -docker-image-base-devel: - depot build \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/base-devel-${CPU} \ - base-devel docker-image-fpm-internal-src: depot build \ --load \ --tag=bref/fpm-internal-src \ layers/fpm -docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src +docker-images-php-%: docker-image-fpm-internal-src # build depot build \ + --platform=linux/amd64 \ --build-arg=CPU=${CPU} \ --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ --load \ @@ -36,6 +31,7 @@ docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src . # php depot build \ + --platform=linux/amd64 \ --build-arg=CPU=${CPU} \ --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ --load \ @@ -45,6 +41,7 @@ docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src . # php-fpm depot build \ + --platform=linux/amd64 \ --build-arg=CPU=${CPU} \ --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ --load \ @@ -54,6 +51,7 @@ docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src . # console depot build \ + --platform=linux/amd64 \ --build-arg=PHP_VERSION=$* \ --build-arg=CPU_PREFIX=${CPU_PREFIX} \ --load \ @@ -61,6 +59,7 @@ docker-images-php-%: docker-image-base-devel docker-image-fpm-internal-src layers/console # php-fpm-dev depot build \ + --platform=linux/amd64 \ --build-arg=PHP_VERSION=$* \ --build-arg=CPU_PREFIX=${CPU_PREFIX} \ --load \ diff --git a/docker-bake.hcl b/docker-bake.hcl index 8f20fcac..da088c07 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -15,14 +15,6 @@ variable "IMAGE_VERSION_SUFFIX" { default = "x86_64" } -target "base-devel" { - context = "base-devel" - tags = ["bref/base-devel-${CPU}"] - args = { - "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" - } -} - target "build-php" { dockerfile = "php-${PHP_VERSION}/Dockerfile" target = "build-environment" @@ -31,10 +23,6 @@ target "build-php" { "CPU" = "${CPU}" "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" } - contexts = { - // Dependency to the base image - "bref/base-devel-${CPU}" = "target:base-devel" - } } target "php" { @@ -46,7 +34,6 @@ target "php" { "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" } contexts = { - "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" } } @@ -65,7 +52,6 @@ target "php-fpm" { "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" } contexts = { - "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" "bref/fpm-internal-src" = "target:fpm-internal-src" @@ -81,7 +67,6 @@ target "console" { CPU_PREFIX = "${CPU_PREFIX}" } contexts = { - "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" } @@ -95,7 +80,6 @@ target "php-fpm-dev" { CPU_PREFIX = "${CPU_PREFIX}" } contexts = { - "bref/base-devel-${CPU}" = "target:base-devel" "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" "bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm" = "target:php-fpm" diff --git a/php-80/Dockerfile b/php-80/Dockerfile index 2c9746bb..ab39fec5 100644 --- a/php-80/Dockerfile +++ b/php-80/Dockerfile @@ -5,12 +5,333 @@ ARG CPU # Can be "x86_64" or "arm64" ARG IMAGE_VERSION_SUFFIX -FROM bref/base-devel-${CPU} as build-environment +ARG VERSION_PHP=8.0.25 -ENV VERSION_PHP=8.0.25 -RUN mkdir -p /tmp/php -WORKDIR /tmp/php +# Lambda uses a custom AMI named Amazon Linux 2 +# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html +# AWS provides a Docker image that we use here: +# https://github.com/amazonlinux/container-images/tree/amzn2 +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as build-environment + + +# Temp directory in which all compilation happens +WORKDIR /tmp + + +RUN set -xe \ + # Download yum repository data to cache + && yum makecache \ + # Default Development Tools + && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default + + +# The default version of cmake is 2.8.12. We need cmake to build a few of +# our libraries, and at least one library requires a version of cmake greater than that. +# Needed to build: +# - libzip: minimum required CMAKE version 3.0. +RUN LD_LIBRARY_PATH= yum install -y cmake3 +# Override the default `cmake` +RUN ln -s /usr/bin/cmake3 /usr/bin/cmake + +# Use the bash shell, instead of /bin/sh +# Why? We need to document this. +SHELL ["/bin/bash", "-c"] + +# We need a base path for all the sourcecode we will build from. +ENV BUILD_DIR="/tmp/build" + +# Target installation path for all the packages we will compile +ENV INSTALL_DIR="/tmp/bref" + +# We need some default compiler variables setup +ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ + PKG_CONFIG="/usr/bin/pkg-config" \ + PATH="${INSTALL_DIR}/bin:${PATH}" + +ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" + +# Enable parallelism by default for make and cmake (like make -j) +# See https://stackoverflow.com/a/50883540/245552 +ENV CMAKE_BUILD_PARALLEL_LEVEL=4 +ENV MAKEFLAGS='-j4' + +# Ensure we have all the directories we require in the container. +RUN mkdir -p ${BUILD_DIR} \ + ${INSTALL_DIR}/bin \ + ${INSTALL_DIR}/doc \ + ${INSTALL_DIR}/etc/php \ + ${INSTALL_DIR}/etc/php/conf.d \ + ${INSTALL_DIR}/include \ + ${INSTALL_DIR}/lib \ + ${INSTALL_DIR}/lib64 \ + ${INSTALL_DIR}/libexec \ + ${INSTALL_DIR}/sbin \ + ${INSTALL_DIR}/share + + +############################################################################### +# OPENSSL +# https://github.com/openssl/openssl/releases +# Needs: +# - zlib +# Needed by: +# - curl +# - php +ENV VERSION_OPENSSL=1.1.1s +ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl +ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" +ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" +RUN set -xe; \ + mkdir -p ${OPENSSL_BUILD_DIR}; \ + curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ + | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 +WORKDIR ${OPENSSL_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./config \ + --prefix=${INSTALL_DIR} \ + --openssldir=${INSTALL_DIR}/ssl \ + --release \ + no-tests \ + shared \ + zlib +# Explicitly compile make without parallelism because it fails if we use -jX (no error message) +# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: +# https://github.com/openssl/openssl/issues/9931 +# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 +# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 +RUN make -j1 install_sw install_ssldirs +RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} + + +############################################################################### +# LIBSSH2 +# https://github.com/libssh2/libssh2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_LIBSSH2=1.10.0 +ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 +RUN set -xe; \ + mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ + curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ + | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + # Build as a shared library (.so) instead of a static one + -DBUILD_SHARED_LIBS=ON \ + # Build with OpenSSL support + -DCRYPTO_BACKEND=OpenSSL \ + # Build with zlib support + -DENABLE_ZLIB_COMPRESSION=ON \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBNGHTTP2 +# This adds support for HTTP 2 requests in curl. +# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 +# https://github.com/nghttp2/nghttp2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_NGHTTP2=1.51.0 +ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 +RUN set -xe; \ + mkdir -p ${NGHTTP2_BUILD_DIR}; \ + curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ + | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 +WORKDIR ${NGHTTP2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --enable-lib-only \ + --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# CURL +# # https://github.com/curl/curl/releases +# # Needs: +# # - zlib +# # - OpenSSL +# # - libssh2 +# # Needed by: +# # - php +ENV VERSION_CURL=7.85.0 +ENV CURL_BUILD_DIR=${BUILD_DIR}/curl +RUN set -xe; \ + mkdir -p ${CURL_BUILD_DIR}/bin; \ + curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ + | tar xzC ${CURL_BUILD_DIR} --strip-components=1 +WORKDIR ${CURL_BUILD_DIR}/ +RUN ./buildconf \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-ca-bundle=${CA_BUNDLE} \ + --enable-shared \ + --disable-static \ + --enable-optimize \ + --disable-warnings \ + --disable-dependency-tracking \ + --with-zlib \ + --enable-http \ + --enable-ftp \ + --enable-file \ + --enable-proxy \ + --enable-tftp \ + --enable-ipv6 \ + --enable-openssl-auto-load-config \ + --enable-cookies \ + --with-gnu-ld \ + --with-ssl \ + --with-libssh2 \ + --with-nghttp2 +RUN make install + + +############################################################################### +# LIBXML2 +# https://github.com/GNOME/libxml2/releases +# Uses: +# - zlib +# Needed by: +# - php +ENV VERSION_XML2=2.10.3 +ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 +RUN set -xe; \ + mkdir -p ${XML2_BUILD_DIR}; \ + curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ + | tar xJC ${XML2_BUILD_DIR} --strip-components=1 +WORKDIR ${XML2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-sysroot=${INSTALL_DIR} \ + --enable-shared \ + --disable-static \ + --with-html \ + --with-history \ + --enable-ipv6=no \ + --with-icu \ + --with-zlib \ + --without-python +RUN make install \ + && cp xml2-config ${INSTALL_DIR}/bin/xml2-config + + +############################################################################### +# LIBZIP +# https://github.com/nih-at/libzip/releases +# Needed by: +# - php +ENV VERSION_ZIP=1.9.2 +ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip +RUN set -xe; \ + mkdir -p ${ZIP_BUILD_DIR}/bin/; \ + curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ + | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 +WORKDIR ${ZIP_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBSODIUM +# https://github.com/jedisct1/libsodium/releases +# Needed by: +# - php +ENV VERSION_LIBSODIUM=1.0.18 +ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium +RUN set -xe; \ + mkdir -p ${LIBSODIUM_BUILD_DIR}; \ + curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ + | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSODIUM_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./autogen.sh \ +&& ./configure --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# Postgres +# https://github.com/postgres/postgres/releases +# Needs: +# - OpenSSL +# Needed by: +# - php +ENV VERSION_POSTGRES=15.1 +ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres +RUN set -xe; \ + mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ + curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ + | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 +WORKDIR ${POSTGRES_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline +RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers +RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install + + +############################################################################### +# Oniguruma +# This library is not packaged in PHP since PHP 7.4. +# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 +# We do not install the system version because I didn't manage to make it work... +# Ideally we shouldn't compile it ourselves. +# https://github.com/kkos/oniguruma/releases +# Needed by: +# - php mbstring +ENV VERSION_ONIG=6.9.8 +ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma +RUN set -xe; \ + mkdir -p ${ONIG_BUILD_DIR}; \ + curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ + | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 +WORKDIR ${ONIG_BUILD_DIR} +RUN ./configure --prefix=${INSTALL_DIR} +RUN make && make install + + +############################################################################### +# Install some dev files for using old libraries already on the system +# readline-devel : needed for the readline extension +# gettext-devel : needed for the --with-gettext flag +# libicu-devel : needed for intl +# libxslt-devel : needed for the XSL extension +# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) +RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel + # PHP Build # https://github.com/php/php-src/releases @@ -20,11 +341,14 @@ WORKDIR /tmp/php # - openssl # - readline # - sodium +RUN mkdir -p /tmp/php +WORKDIR /tmp/php # Download and unpack the source code # --location will follow redirects # --silent will hide the progress, but also the errors: we restore error messages with --show-error # --fail makes sure that curl returns an error instead of fetching the 404 page +ARG VERSION_PHP RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ | tar xzC . --strip-components=1 diff --git a/php-81/Dockerfile b/php-81/Dockerfile index 1a82f244..f34274ad 100644 --- a/php-81/Dockerfile +++ b/php-81/Dockerfile @@ -5,12 +5,333 @@ ARG CPU # Can be "x86_64" or "arm64" ARG IMAGE_VERSION_SUFFIX -FROM bref/base-devel-${CPU} as build-environment +ARG VERSION_PHP=8.1.14 -ENV VERSION_PHP=8.1.14 -RUN mkdir -p /tmp/php -WORKDIR /tmp/php +# Lambda uses a custom AMI named Amazon Linux 2 +# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html +# AWS provides a Docker image that we use here: +# https://github.com/amazonlinux/container-images/tree/amzn2 +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as build-environment + + +# Temp directory in which all compilation happens +WORKDIR /tmp + + +RUN set -xe \ + # Download yum repository data to cache + && yum makecache \ + # Default Development Tools + && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default + + +# The default version of cmake is 2.8.12. We need cmake to build a few of +# our libraries, and at least one library requires a version of cmake greater than that. +# Needed to build: +# - libzip: minimum required CMAKE version 3.0. +RUN LD_LIBRARY_PATH= yum install -y cmake3 +# Override the default `cmake` +RUN ln -s /usr/bin/cmake3 /usr/bin/cmake + +# Use the bash shell, instead of /bin/sh +# Why? We need to document this. +SHELL ["/bin/bash", "-c"] + +# We need a base path for all the sourcecode we will build from. +ENV BUILD_DIR="/tmp/build" + +# Target installation path for all the packages we will compile +ENV INSTALL_DIR="/tmp/bref" + +# We need some default compiler variables setup +ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ + PKG_CONFIG="/usr/bin/pkg-config" \ + PATH="${INSTALL_DIR}/bin:${PATH}" + +ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" + +# Enable parallelism by default for make and cmake (like make -j) +# See https://stackoverflow.com/a/50883540/245552 +ENV CMAKE_BUILD_PARALLEL_LEVEL=4 +ENV MAKEFLAGS='-j4' + +# Ensure we have all the directories we require in the container. +RUN mkdir -p ${BUILD_DIR} \ + ${INSTALL_DIR}/bin \ + ${INSTALL_DIR}/doc \ + ${INSTALL_DIR}/etc/php \ + ${INSTALL_DIR}/etc/php/conf.d \ + ${INSTALL_DIR}/include \ + ${INSTALL_DIR}/lib \ + ${INSTALL_DIR}/lib64 \ + ${INSTALL_DIR}/libexec \ + ${INSTALL_DIR}/sbin \ + ${INSTALL_DIR}/share + + +############################################################################### +# OPENSSL +# https://github.com/openssl/openssl/releases +# Needs: +# - zlib +# Needed by: +# - curl +# - php +ENV VERSION_OPENSSL=1.1.1s +ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl +ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" +ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" +RUN set -xe; \ + mkdir -p ${OPENSSL_BUILD_DIR}; \ + curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ + | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 +WORKDIR ${OPENSSL_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./config \ + --prefix=${INSTALL_DIR} \ + --openssldir=${INSTALL_DIR}/ssl \ + --release \ + no-tests \ + shared \ + zlib +# Explicitly compile make without parallelism because it fails if we use -jX (no error message) +# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: +# https://github.com/openssl/openssl/issues/9931 +# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 +# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 +RUN make -j1 install_sw install_ssldirs +RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} + + +############################################################################### +# LIBSSH2 +# https://github.com/libssh2/libssh2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_LIBSSH2=1.10.0 +ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 +RUN set -xe; \ + mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ + curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ + | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + # Build as a shared library (.so) instead of a static one + -DBUILD_SHARED_LIBS=ON \ + # Build with OpenSSL support + -DCRYPTO_BACKEND=OpenSSL \ + # Build with zlib support + -DENABLE_ZLIB_COMPRESSION=ON \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBNGHTTP2 +# This adds support for HTTP 2 requests in curl. +# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 +# https://github.com/nghttp2/nghttp2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_NGHTTP2=1.51.0 +ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 +RUN set -xe; \ + mkdir -p ${NGHTTP2_BUILD_DIR}; \ + curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ + | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 +WORKDIR ${NGHTTP2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --enable-lib-only \ + --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# CURL +# # https://github.com/curl/curl/releases +# # Needs: +# # - zlib +# # - OpenSSL +# # - libssh2 +# # Needed by: +# # - php +ENV VERSION_CURL=7.85.0 +ENV CURL_BUILD_DIR=${BUILD_DIR}/curl +RUN set -xe; \ + mkdir -p ${CURL_BUILD_DIR}/bin; \ + curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ + | tar xzC ${CURL_BUILD_DIR} --strip-components=1 +WORKDIR ${CURL_BUILD_DIR}/ +RUN ./buildconf \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-ca-bundle=${CA_BUNDLE} \ + --enable-shared \ + --disable-static \ + --enable-optimize \ + --disable-warnings \ + --disable-dependency-tracking \ + --with-zlib \ + --enable-http \ + --enable-ftp \ + --enable-file \ + --enable-proxy \ + --enable-tftp \ + --enable-ipv6 \ + --enable-openssl-auto-load-config \ + --enable-cookies \ + --with-gnu-ld \ + --with-ssl \ + --with-libssh2 \ + --with-nghttp2 +RUN make install + + +############################################################################### +# LIBXML2 +# https://github.com/GNOME/libxml2/releases +# Uses: +# - zlib +# Needed by: +# - php +ENV VERSION_XML2=2.10.3 +ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 +RUN set -xe; \ + mkdir -p ${XML2_BUILD_DIR}; \ + curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ + | tar xJC ${XML2_BUILD_DIR} --strip-components=1 +WORKDIR ${XML2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-sysroot=${INSTALL_DIR} \ + --enable-shared \ + --disable-static \ + --with-html \ + --with-history \ + --enable-ipv6=no \ + --with-icu \ + --with-zlib \ + --without-python +RUN make install \ + && cp xml2-config ${INSTALL_DIR}/bin/xml2-config + + +############################################################################### +# LIBZIP +# https://github.com/nih-at/libzip/releases +# Needed by: +# - php +ENV VERSION_ZIP=1.9.2 +ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip +RUN set -xe; \ + mkdir -p ${ZIP_BUILD_DIR}/bin/; \ + curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ + | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 +WORKDIR ${ZIP_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBSODIUM +# https://github.com/jedisct1/libsodium/releases +# Needed by: +# - php +ENV VERSION_LIBSODIUM=1.0.18 +ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium +RUN set -xe; \ + mkdir -p ${LIBSODIUM_BUILD_DIR}; \ + curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ + | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSODIUM_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./autogen.sh \ +&& ./configure --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# Postgres +# https://github.com/postgres/postgres/releases +# Needs: +# - OpenSSL +# Needed by: +# - php +ENV VERSION_POSTGRES=15.1 +ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres +RUN set -xe; \ + mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ + curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ + | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 +WORKDIR ${POSTGRES_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline +RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers +RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install + + +############################################################################### +# Oniguruma +# This library is not packaged in PHP since PHP 7.4. +# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 +# We do not install the system version because I didn't manage to make it work... +# Ideally we shouldn't compile it ourselves. +# https://github.com/kkos/oniguruma/releases +# Needed by: +# - php mbstring +ENV VERSION_ONIG=6.9.8 +ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma +RUN set -xe; \ + mkdir -p ${ONIG_BUILD_DIR}; \ + curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ + | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 +WORKDIR ${ONIG_BUILD_DIR} +RUN ./configure --prefix=${INSTALL_DIR} +RUN make && make install + + +############################################################################### +# Install some dev files for using old libraries already on the system +# readline-devel : needed for the readline extension +# gettext-devel : needed for the --with-gettext flag +# libicu-devel : needed for intl +# libxslt-devel : needed for the XSL extension +# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) +RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel + # PHP Build # https://github.com/php/php-src/releases @@ -20,11 +341,14 @@ WORKDIR /tmp/php # - openssl # - readline # - sodium +RUN mkdir -p /tmp/php +WORKDIR /tmp/php # Download and unpack the source code # --location will follow redirects # --silent will hide the progress, but also the errors: we restore error messages with --show-error # --fail makes sure that curl returns an error instead of fetching the 404 page +ARG VERSION_PHP RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ | tar xzC . --strip-components=1 diff --git a/php-82/Dockerfile b/php-82/Dockerfile index 0c3b02d0..dfc16003 100644 --- a/php-82/Dockerfile +++ b/php-82/Dockerfile @@ -5,12 +5,333 @@ ARG CPU # Can be "x86_64" or "arm64" ARG IMAGE_VERSION_SUFFIX -FROM bref/base-devel-${CPU} as build-environment +ARG VERSION_PHP=8.2.0 -ENV VERSION_PHP=8.2.0 -RUN mkdir -p /tmp/php -WORKDIR /tmp/php +# Lambda uses a custom AMI named Amazon Linux 2 +# https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html +# AWS provides a Docker image that we use here: +# https://github.com/amazonlinux/container-images/tree/amzn2 +FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as build-environment + + +# Temp directory in which all compilation happens +WORKDIR /tmp + + +RUN set -xe \ + # Download yum repository data to cache + && yum makecache \ + # Default Development Tools + && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default + + +# The default version of cmake is 2.8.12. We need cmake to build a few of +# our libraries, and at least one library requires a version of cmake greater than that. +# Needed to build: +# - libzip: minimum required CMAKE version 3.0. +RUN LD_LIBRARY_PATH= yum install -y cmake3 +# Override the default `cmake` +RUN ln -s /usr/bin/cmake3 /usr/bin/cmake + +# Use the bash shell, instead of /bin/sh +# Why? We need to document this. +SHELL ["/bin/bash", "-c"] + +# We need a base path for all the sourcecode we will build from. +ENV BUILD_DIR="/tmp/build" + +# Target installation path for all the packages we will compile +ENV INSTALL_DIR="/tmp/bref" + +# We need some default compiler variables setup +ENV PKG_CONFIG_PATH="${INSTALL_DIR}/lib64/pkgconfig:${INSTALL_DIR}/lib/pkgconfig" \ + PKG_CONFIG="/usr/bin/pkg-config" \ + PATH="${INSTALL_DIR}/bin:${PATH}" + +ENV LD_LIBRARY_PATH="${INSTALL_DIR}/lib64:${INSTALL_DIR}/lib" + +# Enable parallelism by default for make and cmake (like make -j) +# See https://stackoverflow.com/a/50883540/245552 +ENV CMAKE_BUILD_PARALLEL_LEVEL=4 +ENV MAKEFLAGS='-j4' + +# Ensure we have all the directories we require in the container. +RUN mkdir -p ${BUILD_DIR} \ + ${INSTALL_DIR}/bin \ + ${INSTALL_DIR}/doc \ + ${INSTALL_DIR}/etc/php \ + ${INSTALL_DIR}/etc/php/conf.d \ + ${INSTALL_DIR}/include \ + ${INSTALL_DIR}/lib \ + ${INSTALL_DIR}/lib64 \ + ${INSTALL_DIR}/libexec \ + ${INSTALL_DIR}/sbin \ + ${INSTALL_DIR}/share + + +############################################################################### +# OPENSSL +# https://github.com/openssl/openssl/releases +# Needs: +# - zlib +# Needed by: +# - curl +# - php +ENV VERSION_OPENSSL=1.1.1s +ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl +ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" +ENV CA_BUNDLE="${INSTALL_DIR}/ssl/cert.pem" +RUN set -xe; \ + mkdir -p ${OPENSSL_BUILD_DIR}; \ + curl -Ls https://github.com/openssl/openssl/archive/OpenSSL_${VERSION_OPENSSL//./_}.tar.gz \ + | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 +WORKDIR ${OPENSSL_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./config \ + --prefix=${INSTALL_DIR} \ + --openssldir=${INSTALL_DIR}/ssl \ + --release \ + no-tests \ + shared \ + zlib +# Explicitly compile make without parallelism because it fails if we use -jX (no error message) +# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: +# https://github.com/openssl/openssl/issues/9931 +# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 +# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 +RUN make -j1 install_sw install_ssldirs +RUN curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} + + +############################################################################### +# LIBSSH2 +# https://github.com/libssh2/libssh2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_LIBSSH2=1.10.0 +ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 +RUN set -xe; \ + mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ + curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ + | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + # Build as a shared library (.so) instead of a static one + -DBUILD_SHARED_LIBS=ON \ + # Build with OpenSSL support + -DCRYPTO_BACKEND=OpenSSL \ + # Build with zlib support + -DENABLE_ZLIB_COMPRESSION=ON \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBNGHTTP2 +# This adds support for HTTP 2 requests in curl. +# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 +# https://github.com/nghttp2/nghttp2/releases +# Needs: +# - zlib +# - OpenSSL +# Needed by: +# - curl +ENV VERSION_NGHTTP2=1.51.0 +ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 +RUN set -xe; \ + mkdir -p ${NGHTTP2_BUILD_DIR}; \ + curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ + | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 +WORKDIR ${NGHTTP2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --enable-lib-only \ + --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# CURL +# # https://github.com/curl/curl/releases +# # Needs: +# # - zlib +# # - OpenSSL +# # - libssh2 +# # Needed by: +# # - php +ENV VERSION_CURL=7.85.0 +ENV CURL_BUILD_DIR=${BUILD_DIR}/curl +RUN set -xe; \ + mkdir -p ${CURL_BUILD_DIR}/bin; \ + curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ + | tar xzC ${CURL_BUILD_DIR} --strip-components=1 +WORKDIR ${CURL_BUILD_DIR}/ +RUN ./buildconf \ + && CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-ca-bundle=${CA_BUNDLE} \ + --enable-shared \ + --disable-static \ + --enable-optimize \ + --disable-warnings \ + --disable-dependency-tracking \ + --with-zlib \ + --enable-http \ + --enable-ftp \ + --enable-file \ + --enable-proxy \ + --enable-tftp \ + --enable-ipv6 \ + --enable-openssl-auto-load-config \ + --enable-cookies \ + --with-gnu-ld \ + --with-ssl \ + --with-libssh2 \ + --with-nghttp2 +RUN make install + + +############################################################################### +# LIBXML2 +# https://github.com/GNOME/libxml2/releases +# Uses: +# - zlib +# Needed by: +# - php +ENV VERSION_XML2=2.10.3 +ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 +RUN set -xe; \ + mkdir -p ${XML2_BUILD_DIR}; \ + curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ + | tar xJC ${XML2_BUILD_DIR} --strip-components=1 +WORKDIR ${XML2_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure \ + --prefix=${INSTALL_DIR} \ + --with-sysroot=${INSTALL_DIR} \ + --enable-shared \ + --disable-static \ + --with-html \ + --with-history \ + --enable-ipv6=no \ + --with-icu \ + --with-zlib \ + --without-python +RUN make install \ + && cp xml2-config ${INSTALL_DIR}/bin/xml2-config + + +############################################################################### +# LIBZIP +# https://github.com/nih-at/libzip/releases +# Needed by: +# - php +ENV VERSION_ZIP=1.9.2 +ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip +RUN set -xe; \ + mkdir -p ${ZIP_BUILD_DIR}/bin/; \ + curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ + | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 +WORKDIR ${ZIP_BUILD_DIR}/bin/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + cmake .. \ + -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ + -DCMAKE_BUILD_TYPE=RELEASE +RUN cmake --build . --target install + + +############################################################################### +# LIBSODIUM +# https://github.com/jedisct1/libsodium/releases +# Needed by: +# - php +ENV VERSION_LIBSODIUM=1.0.18 +ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium +RUN set -xe; \ + mkdir -p ${LIBSODIUM_BUILD_DIR}; \ + curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ + | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 +WORKDIR ${LIBSODIUM_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./autogen.sh \ +&& ./configure --prefix=${INSTALL_DIR} +RUN make install + + +############################################################################### +# Postgres +# https://github.com/postgres/postgres/releases +# Needs: +# - OpenSSL +# Needed by: +# - php +ENV VERSION_POSTGRES=15.1 +ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres +RUN set -xe; \ + mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ + curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ + | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 +WORKDIR ${POSTGRES_BUILD_DIR}/ +RUN CFLAGS="" \ + CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ + LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ + ./configure --prefix=${INSTALL_DIR} --with-openssl --without-readline +RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install +RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers +RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install + + +############################################################################### +# Oniguruma +# This library is not packaged in PHP since PHP 7.4. +# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 +# We do not install the system version because I didn't manage to make it work... +# Ideally we shouldn't compile it ourselves. +# https://github.com/kkos/oniguruma/releases +# Needed by: +# - php mbstring +ENV VERSION_ONIG=6.9.8 +ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma +RUN set -xe; \ + mkdir -p ${ONIG_BUILD_DIR}; \ + curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ + | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 +WORKDIR ${ONIG_BUILD_DIR} +RUN ./configure --prefix=${INSTALL_DIR} +RUN make && make install + + +############################################################################### +# Install some dev files for using old libraries already on the system +# readline-devel : needed for the readline extension +# gettext-devel : needed for the --with-gettext flag +# libicu-devel : needed for intl +# libxslt-devel : needed for the XSL extension +# sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) +RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel + # PHP Build # https://github.com/php/php-src/releases @@ -20,11 +341,14 @@ WORKDIR /tmp/php # - openssl # - readline # - sodium +RUN mkdir -p /tmp/php +WORKDIR /tmp/php # Download and unpack the source code # --location will follow redirects # --silent will hide the progress, but also the errors: we restore error messages with --show-error # --fail makes sure that curl returns an error instead of fetching the 404 page +ARG VERSION_PHP RUN curl --location --silent --show-error --fail https://www.php.net/get/php-${VERSION_PHP}.tar.gz/from/this/mirror \ | tar xzC . --strip-components=1 From df928eec622ab1aacd6f5c7023458915dbb32054 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 23 Jan 2023 16:29:56 +0100 Subject: [PATCH 81/97] Inline the `bref/fpm-internal-src` image into PHP Dockerfiles This will help to solve build dependency issues and image visibility with Depot.dev. The added complexity (duplicated code) is very minor, and Docker will cache the build steps anyway, so I find that acceptable. --- .github/workflows/release.yml | 14 ++++++++++++++ README.md | 2 -- cpu-arm.Makefile | 8 +------- cpu-x86.Makefile | 8 +------- docker-bake.hcl | 6 ------ layers/docker-compose.yml | 6 ------ layers/fpm/Dockerfile | 9 --------- layers/fpm/composer.json | 2 +- php-80/Dockerfile | 12 +++++++++++- php-81/Dockerfile | 12 +++++++++++- php-82/Dockerfile | 12 +++++++++++- 11 files changed, 50 insertions(+), 41 deletions(-) delete mode 100644 layers/docker-compose.yml delete mode 100644 layers/fpm/Dockerfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ed7cd77b..dc1d8d47 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,17 +20,31 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + + - uses: depot/setup-action@v1 + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: role-to-assume: arn:aws:iam::534081306603:role/bref-layer-publisher-github-actions role-session-name: bref-layer-publisher-github-actions aws-region: us-east-1 + - name: Configure Docker Hub credentials uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build Docker images + run: make -f cpu-${{ matrix.cpu }}.Makefile docker-images + env: + DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} + PHP_VERSION: ${{ matrix.php_version }} + CPU: ${{ matrix.cpu }} + CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} + IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} + - run: make -f cpu-x86.Makefile layers - run: make -f cpu-x86.Makefile test - run: make -f cpu-x86.Makefile upload-layers diff --git a/README.md b/README.md index ac3cd164..06694675 100644 --- a/README.md +++ b/README.md @@ -174,8 +174,6 @@ The 2nd layer is the `isolation` layer where we'll start from the standard AWS-p copied here as well. The 3rd layer is the `function` layer where everything is packet together and the `bootstrap` file is loaded. -The `bref-internal-src` images (see layers/fpm) are used to load Bref -classes into the layer. The 4th layer is `zip-function`, where we get a small and fast Linux (Alpine) just to install and zip the entire `/opt` content. We use docker compose volumes to map `/tmp/bref-zip` from host to the container so that we can diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 8cd4041b..de5a25f6 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -13,12 +13,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 -docker-image-fpm-internal-src: - depot build \ - --load \ - --tag=bref/fpm-internal-src \ - layers/fpm -docker-images-php-%: docker-image-fpm-internal-src +docker-images-php-%: # build depot build \ --platform=linux/arm64 \ @@ -114,7 +109,6 @@ clean: # Remove zip files rm -f output/arm-*.zip # Clean Docker images to force rebuilding them - docker image rm --force bref/arm-fpm-internal-src docker image rm --force bref/arm-build-php-80 docker image rm --force bref/arm-build-php-81 docker image rm --force bref/arm-build-php-82 diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index cb58bf20..b5e5aea1 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -13,12 +13,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 -docker-image-fpm-internal-src: - depot build \ - --load \ - --tag=bref/fpm-internal-src \ - layers/fpm -docker-images-php-%: docker-image-fpm-internal-src +docker-images-php-%: # build depot build \ --platform=linux/amd64 \ @@ -119,7 +114,6 @@ clean: # Remove zip files rm -f output/*.zip # Clean Docker images to force rebuilding them - docker image rm --force bref/fpm-internal-src docker image rm --force bref/build-php-80 docker image rm --force bref/build-php-81 docker image rm --force bref/build-php-82 diff --git a/docker-bake.hcl b/docker-bake.hcl index da088c07..a01196f1 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -38,11 +38,6 @@ target "php" { } } -target "fpm-internal-src" { - context = "layers/fpm" - tags = ["bref/fpm-internal-src"] -} - target "php-fpm" { dockerfile = "php-${PHP_VERSION}/Dockerfile" target = "fpm" @@ -54,7 +49,6 @@ target "php-fpm" { contexts = { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" - "bref/fpm-internal-src" = "target:fpm-internal-src" } } diff --git a/layers/docker-compose.yml b/layers/docker-compose.yml deleted file mode 100644 index 1a7c518c..00000000 --- a/layers/docker-compose.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: '3.8' - -services: - fpm-pkg: - image: bref/fpm-internal-src - build: ./fpm diff --git a/layers/fpm/Dockerfile b/layers/fpm/Dockerfile deleted file mode 100644 index 59218421..00000000 --- a/layers/fpm/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM alpine:3.14 - -RUN apk add composer - -RUN mkdir -p /opt/bref/php-fpm-runtime -WORKDIR /opt/bref/php-fpm-runtime - -COPY composer.json composer.json -RUN composer install --ignore-platform-req=ext-posix --ignore-platform-req=ext-simplexml diff --git a/layers/fpm/composer.json b/layers/fpm/composer.json index 8fb399d2..2b2e25f4 100644 --- a/layers/fpm/composer.json +++ b/layers/fpm/composer.json @@ -1,6 +1,6 @@ { "require": { - "bref/php-fpm-runtime": "^2" + "bref/php-fpm-runtime": "2.0.0" }, "minimum-stability": "dev", "prefer-stable" : true, diff --git a/php-80/Dockerfile b/php-80/Dockerfile index ab39fec5..e302a39c 100644 --- a/php-80/Dockerfile +++ b/php-80/Dockerfile @@ -465,6 +465,16 @@ RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib +# Embed the https://github.com/brefphp/php-fpm-runtime in the layer +FROM composer:2 as fpm-runtime + +RUN mkdir -p /opt/bref/php-fpm-runtime +WORKDIR /opt/bref/php-fpm-runtime + +COPY --link layers/fpm/composer.json composer.json +RUN composer install --ignore-platform-req=ext-posix --ignore-platform-req=ext-simplexml + + FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt @@ -478,4 +488,4 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime +COPY --link --from=fpm-runtime /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime diff --git a/php-81/Dockerfile b/php-81/Dockerfile index f34274ad..923ef247 100644 --- a/php-81/Dockerfile +++ b/php-81/Dockerfile @@ -465,6 +465,16 @@ RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib +# Embed the https://github.com/brefphp/php-fpm-runtime in the layer +FROM composer:2 as fpm-runtime + +RUN mkdir -p /opt/bref/php-fpm-runtime +WORKDIR /opt/bref/php-fpm-runtime + +COPY --link layers/fpm/composer.json composer.json +RUN composer install --ignore-platform-req=ext-posix --ignore-platform-req=ext-simplexml + + FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt @@ -478,4 +488,4 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime +COPY --link --from=fpm-runtime /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime diff --git a/php-82/Dockerfile b/php-82/Dockerfile index dfc16003..69af8624 100644 --- a/php-82/Dockerfile +++ b/php-82/Dockerfile @@ -465,6 +465,16 @@ RUN cp ${INSTALL_DIR}/sbin/php-fpm /opt/bin/php-fpm RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php-fpm /opt/lib +# Embed the https://github.com/brefphp/php-fpm-runtime in the layer +FROM composer:2 as fpm-runtime + +RUN mkdir -p /opt/bref/php-fpm-runtime +WORKDIR /opt/bref/php-fpm-runtime + +COPY --link layers/fpm/composer.json composer.json +RUN composer install --ignore-platform-req=ext-posix --ignore-platform-req=ext-simplexml + + FROM isolation as fpm COPY --link --from=fpm-extension /opt /opt @@ -478,4 +488,4 @@ RUN chmod +x /opt/bootstrap && chmod +x /var/runtime/bootstrap COPY --link layers/fpm/php-fpm.conf /opt/bref/etc/php-fpm.conf -COPY --link --from=bref/fpm-internal-src /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime +COPY --link --from=fpm-runtime /opt/bref/php-fpm-runtime /opt/bref/php-fpm-runtime From f67bc6c95264d061ae6f95b00946c15d520a5a26 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 23 Jan 2023 17:30:38 +0100 Subject: [PATCH 82/97] Use the new `depot bake` command --- .github/workflows/tests.yml | 3 ++- cpu-arm.Makefile | 48 ++----------------------------------- cpu-x86.Makefile | 48 ++----------------------------------- docker-bake.hcl | 8 +++++++ 4 files changed, 14 insertions(+), 93 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 93de790b..c4bfef07 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -27,13 +27,14 @@ jobs: - uses: depot/setup-action@v1 - name: Build Docker images - run: make -f cpu-${{ matrix.cpu }}.Makefile docker-images + run: depot bake --load env: DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} PHP_VERSION: ${{ matrix.php_version }} CPU: ${{ matrix.cpu }} CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} + DOCKER_PLATFORM: ${{ (matrix.cpu == 'arm') && 'arm64' || 'amd64' }} - name: Test that layers can be exported run: | diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index de5a25f6..32b10a16 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -4,6 +4,7 @@ export # export all variables defined in .env export CPU = arm export CPU_PREFIX = arm- export IMAGE_VERSION_SUFFIX = arm64 +export DOCKER_PLATFORM = arm64 # Build all Docker images and layers *locally* @@ -14,52 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - # build - depot build \ - --platform=linux/arm64 \ - --build-arg=CPU=${CPU} \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}build-php-$* \ - --file=php-$*/Dockerfile \ - --target=build-environment \ - . - # php - depot build \ - --platform=linux/arm64 \ - --build-arg=CPU=${CPU} \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$* \ - --file=php-$*/Dockerfile \ - --target=function \ - . - # php-fpm - depot build \ - --platform=linux/arm64 \ - --build-arg=CPU=${CPU} \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$*-fpm \ - --file=php-$*/Dockerfile \ - --target=fpm \ - . - # console - depot build \ - --platform=linux/arm64 \ - --build-arg=PHP_VERSION=$* \ - --build-arg=CPU_PREFIX=${CPU_PREFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$*-console \ - layers/console - # php-fpm-dev - depot build \ - --platform=linux/arm64 \ - --build-arg=PHP_VERSION=$* \ - --build-arg=CPU_PREFIX=${CPU_PREFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$*-fpm-dev \ - layers/fpm-dev + PHP_VERSION=$* depot bake # Build Lambda layers (zip files) *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index b5e5aea1..254beaf3 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -4,6 +4,7 @@ export # export all variables defined in .env export CPU = x86 export CPU_PREFIX = export IMAGE_VERSION_SUFFIX = x86_64 +export DOCKER_PLATFORM = amd64 # Build all Docker images and layers *locally* @@ -14,52 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - # build - depot build \ - --platform=linux/amd64 \ - --build-arg=CPU=${CPU} \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}build-php-$* \ - --file=php-$*/Dockerfile \ - --target=build-environment \ - . - # php - depot build \ - --platform=linux/amd64 \ - --build-arg=CPU=${CPU} \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$* \ - --file=php-$*/Dockerfile \ - --target=function \ - . - # php-fpm - depot build \ - --platform=linux/amd64 \ - --build-arg=CPU=${CPU} \ - --build-arg=IMAGE_VERSION_SUFFIX=${IMAGE_VERSION_SUFFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$*-fpm \ - --file=php-$*/Dockerfile \ - --target=fpm \ - . - # console - depot build \ - --platform=linux/amd64 \ - --build-arg=PHP_VERSION=$* \ - --build-arg=CPU_PREFIX=${CPU_PREFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$*-console \ - layers/console - # php-fpm-dev - depot build \ - --platform=linux/amd64 \ - --build-arg=PHP_VERSION=$* \ - --build-arg=CPU_PREFIX=${CPU_PREFIX} \ - --load \ - --tag=bref/${CPU_PREFIX}php-$*-fpm-dev \ - layers/fpm-dev + PHP_VERSION=$* depot bake # Build Lambda layers (zip files) *locally* diff --git a/docker-bake.hcl b/docker-bake.hcl index a01196f1..655c9bbd 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -14,6 +14,9 @@ variable "PHP_VERSION" { variable "IMAGE_VERSION_SUFFIX" { default = "x86_64" } +variable "DOCKER_PLATFORM" { + default = "amd64" +} target "build-php" { dockerfile = "php-${PHP_VERSION}/Dockerfile" @@ -23,6 +26,7 @@ target "build-php" { "CPU" = "${CPU}" "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" } + platforms = ["linux/${DOCKER_PLATFORM}"] } target "php" { @@ -36,6 +40,7 @@ target "php" { contexts = { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" } + platforms = ["linux/${DOCKER_PLATFORM}"] } target "php-fpm" { @@ -50,6 +55,7 @@ target "php-fpm" { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" } + platforms = ["linux/${DOCKER_PLATFORM}"] } target "console" { @@ -64,6 +70,7 @@ target "console" { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" } + platforms = ["linux/${DOCKER_PLATFORM}"] } target "php-fpm-dev" { @@ -79,4 +86,5 @@ target "php-fpm-dev" { "bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm" = "target:php-fpm" "bref/local-api-gateway" = "docker-image://bref/local-api-gateway:latest" } + platforms = ["linux/${DOCKER_PLATFORM}"] } From 61de798ec0b8990ba783dab57cc0ee097076d9cd Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 23 Jan 2023 17:42:02 +0100 Subject: [PATCH 83/97] Explicitly set the Docker platform in tests to fix the CI --- .github/workflows/tests.yml | 2 +- docker-bake.hcl | 12 ++++++------ tests/Makefile | 14 +++++++------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c4bfef07..2026af03 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -34,7 +34,7 @@ jobs: CPU: ${{ matrix.cpu }} CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} - DOCKER_PLATFORM: ${{ (matrix.cpu == 'arm') && 'arm64' || 'amd64' }} + DOCKER_PLATFORM: ${{ (matrix.cpu == 'arm') && 'linux/arm64' || 'linux/amd64' }} - name: Test that layers can be exported run: | diff --git a/docker-bake.hcl b/docker-bake.hcl index 655c9bbd..8169770c 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -15,7 +15,7 @@ variable "IMAGE_VERSION_SUFFIX" { default = "x86_64" } variable "DOCKER_PLATFORM" { - default = "amd64" + default = "linux/amd64" } target "build-php" { @@ -26,7 +26,7 @@ target "build-php" { "CPU" = "${CPU}" "IMAGE_VERSION_SUFFIX" = "${IMAGE_VERSION_SUFFIX}" } - platforms = ["linux/${DOCKER_PLATFORM}"] + platforms = ["${DOCKER_PLATFORM}"] } target "php" { @@ -40,7 +40,7 @@ target "php" { contexts = { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" } - platforms = ["linux/${DOCKER_PLATFORM}"] + platforms = ["${DOCKER_PLATFORM}"] } target "php-fpm" { @@ -55,7 +55,7 @@ target "php-fpm" { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" } - platforms = ["linux/${DOCKER_PLATFORM}"] + platforms = ["${DOCKER_PLATFORM}"] } target "console" { @@ -70,7 +70,7 @@ target "console" { "bref/${CPU_PREFIX}build-php-${PHP_VERSION}" = "target:build-php" "bref/${CPU_PREFIX}php-${PHP_VERSION}" = "target:php" } - platforms = ["linux/${DOCKER_PLATFORM}"] + platforms = ["${DOCKER_PLATFORM}"] } target "php-fpm-dev" { @@ -86,5 +86,5 @@ target "php-fpm-dev" { "bref/${CPU_PREFIX}php-${PHP_VERSION}-fpm" = "target:php-fpm" "bref/local-api-gateway" = "docker-image://bref/local-api-gateway:latest" } - platforms = ["linux/${DOCKER_PLATFORM}"] + platforms = ["${DOCKER_PLATFORM}"] } diff --git a/tests/Makefile b/tests/Makefile index 8978add1..8a96111f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -7,19 +7,19 @@ test: test-80 test-81 test-82 # This rule matches with a wildcard, for example `test-80`. # The `$*` variable will contained the matched part, in this case `80`. test-%: vendor - docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ + docker run --platform=${DOCKER_PLATFORM} --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_1_binary.php $* - docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ + docker run --platform=${DOCKER_PLATFORM} --rm -v=$(PWD):/var/task:ro --entrypoint=php bref/${CPU_PREFIX}php-$* \ test_2_extensions.php - docker run --rm -v=$(PWD):/var/task:ro --entrypoint=php \ + docker run --platform=${DOCKER_PLATFORM} --rm -v=$(PWD):/var/task:ro --entrypoint=php \ -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" bref/${CPU_PREFIX}php-$* \ test_3_manual_enabling_extensions.php # Test function handler docker stop test-${CPU_PREFIX}php-$* 2> /dev/null || true # silence errors - docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$* \ + docker run --platform=${DOCKER_PLATFORM} --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$* \ bref/${CPU_PREFIX}php-$* test_4_function_handler.php docker exec test-${CPU_PREFIX}php-$* php test_4_function_invocation.php \ || (docker logs test-${CPU_PREFIX}php-$* && exit 1) @@ -27,7 +27,7 @@ test-%: vendor # Test FPM handler docker stop test-${CPU_PREFIX}php-$*-fpm 2> /dev/null || true # silence errors - docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-fpm \ + docker run --platform=${DOCKER_PLATFORM} --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-fpm \ bref/${CPU_PREFIX}php-$*-fpm test_5_fpm_handler.php docker exec test-${CPU_PREFIX}php-$*-fpm php test_5_fpm_invocation.php \ || (docker logs test-${CPU_PREFIX}php-$*-fpm && exit 1) # print logs in case of failure @@ -35,7 +35,7 @@ test-%: vendor # Test console handler docker stop test-${CPU_PREFIX}php-$*-console 2> /dev/null || true # silence errors - docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-console \ + docker run --platform=${DOCKER_PLATFORM} --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-console \ bref/${CPU_PREFIX}php-$*-console test_6_console_handler.php docker exec test-${CPU_PREFIX}php-$*-console php test_6_console_invocation.php \ || (docker logs test-${CPU_PREFIX}php-$*-console && exit 1) # print logs in case of failure @@ -43,7 +43,7 @@ test-%: vendor # Test that we can override PHP_INI_SCAN_DIR docker stop test-${CPU_PREFIX}php-$*-test7 2> /dev/null || true # silence errors - docker run --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-test7 \ + docker run --platform=${DOCKER_PLATFORM} --rm --detach -v=$(PWD):/var/task:ro --name test-${CPU_PREFIX}php-$*-test7 \ -e PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d/:/var/task/" \ bref/${CPU_PREFIX}php-$* test_4_function_handler.php docker exec test-${CPU_PREFIX}php-$*-test7 php test_7_custom_ini_scan_dir.php \ From 7ac54fad5733d645ce986352dda17f2fcadfe2f0 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 23 Jan 2023 17:47:23 +0100 Subject: [PATCH 84/97] Fix Docker platform --- cpu-arm.Makefile | 2 +- cpu-x86.Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 32b10a16..320c91c3 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -4,7 +4,7 @@ export # export all variables defined in .env export CPU = arm export CPU_PREFIX = arm- export IMAGE_VERSION_SUFFIX = arm64 -export DOCKER_PLATFORM = arm64 +export DOCKER_PLATFORM = linux/arm64 # Build all Docker images and layers *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 254beaf3..f9426cbd 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -4,7 +4,7 @@ export # export all variables defined in .env export CPU = x86 export CPU_PREFIX = export IMAGE_VERSION_SUFFIX = x86_64 -export DOCKER_PLATFORM = amd64 +export DOCKER_PLATFORM = linux/amd64 # Build all Docker images and layers *locally* From fb81096091f68ac414472e268aa4ce1a4066057e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 23 Jan 2023 17:51:20 +0100 Subject: [PATCH 85/97] Allow debugging in CI --- tests/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 8a96111f..8a5207dd 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,7 +1,5 @@ export CPU_PREFIX ?= -.SILENT: test test-80 test-81 test-82 vendor - test: test-80 test-81 test-82 # This rule matches with a wildcard, for example `test-80`. From 78fe7492e3aeb7e1ab514329d149a03e0f5c6f89 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Mon, 23 Jan 2023 17:58:51 +0100 Subject: [PATCH 86/97] Simplify the GitHub Actions config --- .github/workflows/tests.yml | 11 +++-------- cpu-arm.Makefile | 2 +- cpu-x86.Makefile | 2 +- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 2026af03..e0eb6227 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -21,24 +21,19 @@ jobs: - 81 - 82 steps: - - uses: actions/checkout@v3 - uses: depot/setup-action@v1 - name: Build Docker images - run: depot bake --load + run: make -f cpu-${{ matrix.cpu }}.Makefile docker-images-php-${{ matrix.php_version }} env: DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} - PHP_VERSION: ${{ matrix.php_version }} - CPU: ${{ matrix.cpu }} - CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} - IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} - DOCKER_PLATFORM: ${{ (matrix.cpu == 'arm') && 'linux/arm64' || 'linux/amd64' }} - name: Test that layers can be exported run: | make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }} make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }}-fpm - - run: make -f cpu-${{ matrix.cpu }}.Makefile test-${{ matrix.php_version }} + - name: Run tests + run: make -f cpu-${{ matrix.cpu }}.Makefile test-${{ matrix.php_version }} diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index 320c91c3..f34f080f 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -15,7 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - PHP_VERSION=$* depot bake + PHP_VERSION=$* depot bake --load # Build Lambda layers (zip files) *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index f9426cbd..031a9d66 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -15,7 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - PHP_VERSION=$* depot bake + PHP_VERSION=$* depot bake --load # Build Lambda layers (zip files) *locally* From c16205a3654e74f854f020ac9adabe47bfafdc12 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 13:26:34 +0000 Subject: [PATCH 87/97] Try forcing the Depot platform to hopefully fix the CI https://github.com/depot/cli/pull/56 --- cpu-arm.Makefile | 2 +- cpu-x86.Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index f34f080f..be459cca 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -15,7 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - PHP_VERSION=$* depot bake --load + PHP_VERSION=$* depot bake --build-platform=${DOCKER_PLATFORM} --load # Build Lambda layers (zip files) *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index 031a9d66..e06604db 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -15,7 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - PHP_VERSION=$* depot bake --load + PHP_VERSION=$* depot bake --build-platform=${DOCKER_PLATFORM} --load # Build Lambda layers (zip files) *locally* From 82c1eee07c55501addd7d3ecc1ef0ba67c2848cc Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 17:03:01 +0000 Subject: [PATCH 88/97] CI --- .github/workflows/tests.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e0eb6227..44dbd5cc 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -23,6 +23,16 @@ jobs: steps: - uses: actions/checkout@v3 + # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images + - name: Set up QEMU to build and run ARM images + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker buildx to use BuildKit features + uses: docker/setup-buildx-action@v2 + with: + # Sets up `docker build` command as an alias to `docker buildx` + install: true + - uses: depot/setup-action@v1 - name: Build Docker images From e324c636be6b7430b53f135f6201398248545257 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 17:05:56 +0000 Subject: [PATCH 89/97] Cleanup previous changes that didn't help make the CI work --- cpu-arm.Makefile | 2 +- cpu-x86.Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile index be459cca..f34f080f 100644 --- a/cpu-arm.Makefile +++ b/cpu-arm.Makefile @@ -15,7 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - PHP_VERSION=$* depot bake --build-platform=${DOCKER_PLATFORM} --load + PHP_VERSION=$* depot bake --load # Build Lambda layers (zip files) *locally* diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile index e06604db..031a9d66 100644 --- a/cpu-x86.Makefile +++ b/cpu-x86.Makefile @@ -15,7 +15,7 @@ default: docker-images layers # Build Docker images *locally* docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 docker-images-php-%: - PHP_VERSION=$* depot bake --build-platform=${DOCKER_PLATFORM} --load + PHP_VERSION=$* depot bake --load # Build Lambda layers (zip files) *locally* From 57658417d40d6b523f97d6942724570f43bd70da Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 17:06:20 +0000 Subject: [PATCH 90/97] Simplify CI --- .github/workflows/tests.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 44dbd5cc..417e8c08 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,15 +24,9 @@ jobs: - uses: actions/checkout@v3 # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images - - name: Set up QEMU to build and run ARM images + - name: Set up QEMU to run ARM images (that were built with Depot) uses: docker/setup-qemu-action@v2 - - name: Set up Docker buildx to use BuildKit features - uses: docker/setup-buildx-action@v2 - with: - # Sets up `docker build` command as an alias to `docker buildx` - install: true - - uses: depot/setup-action@v1 - name: Build Docker images From d8f5ee14ccb15fdc4b0ab0d33e7458ae4d226bd0 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 17:11:06 +0000 Subject: [PATCH 91/97] Edit CI message --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 417e8c08..1bd7537f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -8,7 +8,7 @@ on: jobs: tests: - name: Build and tests layers + name: Build and tests ${{ matrix.cpu }} PHP ${{ matrix.php_version }} layers runs-on: ubuntu-latest strategy: fail-fast: false From 20ad0e397b4796d6db1feb0261f040096fc89ec2 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 18:31:54 +0000 Subject: [PATCH 92/97] Update the documentation --- README.md | 72 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 06694675..fc4ba386 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,8 @@ If you are submitting a pull request to this repository, you probably want to te 2. Run the test scripts. 3. Publish the Lambda layers to your AWS account and test them in a real Lambda. +**For minor changes** (e.g. upgrading a version) it is faster and easier to open a pull request. The layers will be built faster in CI and the test results will be available in a few minutes. + ### Requirements - `make` @@ -35,15 +37,19 @@ If you are submitting a pull request to this repository, you probably want to te > **Warning:** > -> On macOS, do not enable [the experimental Rosetta emulation](https://docs.docker.com/desktop/release-notes/#4160). This causes a Segmentation Fault when running `php-fpm` in the Docker images. +> On macOS, do not enable [the experimental Rosetta emulation](https://docs.docker.com/desktop/release-notes/#4160). This causes a Segmentation Fault when running `php-fpm` in the Docker images (as of January 2023, this may have been fixed since). You can build Docker images and Lambda layers locally: ```sh +# Make x86 layers (the default) make + +# Make ARM layers +make CPU=arm ``` -The process takes about 4 minutes. It will create the Docker images on your machine, and generate the Lambda layer zip files in `./output`. +It will create the Docker images on your machine, and generate the Lambda layer zip files in `./output`. It takes some time to build the Docker images (especially to build the images on the other platform, e.g. the ARM images if you are on an Intel processor). ### Testing @@ -51,6 +57,8 @@ After building the images, run the automated tests: ```sh make test +# and/or +make test CPU=arm ``` > **Note** @@ -72,16 +80,11 @@ cp .env.example .env # Then build layers: make +make CPU=arm # Then publish layers: make upload-layers -``` - -You can also limit to ARM or X86 layers: - -```sh -make -f cpu-x86.Makefile -make -f cpu-x86.Makefile upload-layers +make upload-layers CPU=arm ``` The published Lambda layers will be public (they are readonly anyway). You can find them in your AWS console (AWS Lambda service). Feel free to delete them afterwards. @@ -98,13 +101,13 @@ docker run --rm -it --entrypoint=bash bref/php-80 > > `ldd` is a linux utility that will show libraries (`.so` files) used by a binary/library. For example: `ldd /opt/bin/php` or `ldd /opt/bref/extensions/curl.so`. That helps to make sure we include all the libraries needed by PHP extensions in the layers. > -> However, `ldd` fails when running on another CPU architecture. So instead of `ldd`, we use `objdump -p /usr/bin/bash | grep NEEDED` (that needs to be installed with `yum install binutils`). +> However, `ldd` fails when running on another CPU architecture. So instead of `ldd`, we can use `objdump -p /usr/bin/bash | grep NEEDED` (that needs to be installed with `yum install binutils`). Related: `utils/lib-check` is a small utility-tool to check whether we're copying unnecessary `.so` files into the layer (i.e. `.so` files that already exist in Lambda). ### Supporting a new PHP version -The general idea is to copy `php-81` into `php-82`. Search/replace `php-81` with `php-82`, change PHP_VERSION in `Makefile`, and adapt anything else if needed. +The general idea is to copy `php-82` into `php-83`. Search/replace `php-82` with `php-83`, update the PHP version, update the `Makefile`, and adapt anything else if needed. ### Supporting new regions @@ -163,32 +166,25 @@ Anything we want to make available in AWS Lambda is possible by preparing the ri ### The php-xx folders -The Dockerfile attempts at a best-effort to follow a top-down execution process for easier reading. It starts from -an AWS-provided Docker Image and installs PHP. Some standard files (such as the php binary) can already be -isolated into the `/bref` folder. The use of multiple Docker Layers helps with investigations -because the developer can have a faster feedback loop by checking each step of the process incrementally instead -of trying to figure out why an entire build is failing. +The Dockerfile attempts at a best-effort to follow a top-down execution process for easier reading. -The 2nd layer is the `isolation` layer where we'll start from the standard AWS-provided image all over again -(getting rid of any residual unnecessary file) and then copying `/bref` into `/opt`. PHP Configurations are -copied here as well. +It starts from an AWS-provided Docker image and compiles the system libraries that we will need to use to compile PHP (the PHP build requires more recent version than what `yum install` provides, so we need to compile them, which is slow. -The 3rd layer is the `function` layer where everything is packet together and the `bootstrap` file is loaded. +Then, PHP is compiled. All the compilation happens in `/tmp`. -The 4th layer is `zip-function`, where we get a small and fast Linux (Alpine) just to install and zip the entire -`/opt` content. We use docker compose volumes to map `/tmp/bref-zip` from host to the container so that we can -zip everything and get the zipped file out of the container. +We then copy the PHP binary in `/opt/bin` and all PHP extensions in `/opt/...`. Indeed, `/opt` is the target directory of AWS Lambda layers. -The 5th layer goes back to `extensions` and start `fpm-extension`. Here we're back at step 2 so that we can install -`fpm`. +Then, we need to copy to `/opt` all the system libraries (`*.so` files) used by PHP and the extensions. To do so, we have a script that parses all the system dependencies of `/opt/bin/php` and extensions, and automatically copies them to `/opt/lib` (a directory automatically scanned by AWS Lambda). -The 6th layer goes back to `isolation` and start `fpm`. It mimics steps 3th and 4th but for the FPM Layer. +Finally, for each layer, we re-start from scratch from the empty AWS Lambda Docker images (using `FROM`, i.e. multi-stage builds) and we copy `/opt`. That gives us an "empty" Docker images with only `/opt` populated, just like on AWS Lambda when the PHP layers are unzipped. -Lastly, layer 7 zips FPM and pack everything ready for AWS Lambda. +That will also let us zip `/opt` to create the layers. ## Design decisions log -##### Installing PHP from a distribution +### Installing PHP from a distribution + +#### First iteration Compiling PHP is a complex process for the average PHP Developer. It takes a fair amount of time and can be cumbersome. Using `remi-collet` as a PHP distributor greatly simplifies and help the @@ -205,6 +201,18 @@ Useful links: - https://blog.remirepo.net/pages/English-FAQ#scl - https://rpms.remirepo.net/wizard/ +#### Second iteration + +We discovered an issue with using Remi's built images ([#42](https://github.com/brefphp/aws-lambda-layers/issues/42)): HTTP2 support was not compiled in CURL. Remi's packages explicitly don't intent to support it, and our only choice is to compile PHP (it's not an extension that can be installed after the fact). + +The previous decision (use Remi's repo) is reverted during Bref v2's beta and we go back to compiling PHP from scratch. + +Some benefits: + +- We can have identical compilation scripts between x86 and ARM, which simplifies the code a lot +- We can provide recent PHP versions for ARM, including PHP 8.2 (wasn't supported by Amazon Linux Extra before) +- We have identical system libraries and dependencies on x86 and ARM, which should avoid weird differences and bugs + ##### Bundling extensions While developing a new Runtime, the first attempt was to provide an "alpine-like" Bref Layer: only the PHP @@ -215,7 +223,7 @@ The benefits of maintaining a lightweight layer long-term didn't outweigh the co ##### Variables vs Repetitive Code -Before landing on the current architecture, there was several attempts (7 to be exact) on a back-and-forth +Before landing on the current architecture, there was several attempts (9 to be exact) on a back-and-forth between more environment variables vs more repetitive code. Environment variables grows complexity because they require contributors to understand how they intertwine with each other. We have layers, php version and CPU architecture. A more "reusable" Dockerfile or docker compose requires a more complex Makefile. In contrast, @@ -236,9 +244,11 @@ regions in chunks (7 to be precise) and tries to publish 7 layers at a time. AWS CodeBuild was used for Bref v1 builds, as it lets us use large instances to build faster. Bref 1 layers took an hour to build. Additionally, using CodeBuild allowed to avoid using AWS access keys to publish layers. -However, Bref 2's build only take 10 minutes, and runs really well in GitHub Actions. Additionally, using OIDC we can authorize this repository to publish into the AWS account with very restricted permissions _without_ using AWS access keys (assume role, just like CodeBuild). +For Bref v2, we now build in GitHub Actions because it's simpler, entirely public and easier to follow for maintainers and contributors. + +To make builds 10× to 20× faster, we use https://depot.dev thanks who generously offered to support Bref for free ❤️ -As such, we use GitHub Actions as it's simpler to set up, entirely public and much easier to follow. +Additionally, using OIDC we can authorize this repository to publish into the AWS account with very restricted permissions _without_ using AWS access keys (assume role, just like CodeBuild). ##### Automation tests From f0ecf71564ae9b56e914d360fbdc3567c30d9cb8 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 18:32:11 +0000 Subject: [PATCH 93/97] Merge the Makefiles using variables --- .env.example | 5 ++ .github/workflows/release.yml | 67 ++++++++--------- .github/workflows/tests.yml | 14 +++- Makefile | 136 ++++++++++++++++++++++++---------- cpu-arm.Makefile | 90 ---------------------- cpu-x86.Makefile | 95 ------------------------ 6 files changed, 141 insertions(+), 266 deletions(-) delete mode 100644 cpu-arm.Makefile delete mode 100644 cpu-x86.Makefile diff --git a/.env.example b/.env.example index 14542b71..df3bc473 100644 --- a/.env.example +++ b/.env.example @@ -7,3 +7,8 @@ # Limit the parallelization of layer publication. # Default is 7, we recommend a lower number when publishing from a laptop. MAX_PARALLEL_PUBLISH=3 + +# In the CI and on local machines in the core team we build using https://depot.dev +# as it is much faster to build cross-platform images. +# Do not uncomment this line, unless you have a depot.dev account. +#USE_DEPOT=1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dc1d8d47..11e8cf04 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,12 +15,22 @@ permissions: contents: read # This is required for actions/checkout jobs: - release-x86: - name: Publish x86 layers + + release: + name: Publish ${{ matrix.cpu }} layers runs-on: ubuntu-latest + strategy: + matrix: + cpu: + - x86 + - arm steps: - uses: actions/checkout@v3 + # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images + - name: Set up QEMU to run ARM images (that were built with Depot) + uses: docker/setup-qemu-action@v2 + - uses: depot/setup-action@v1 - name: Configure AWS credentials @@ -37,49 +47,32 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Build Docker images - run: make -f cpu-${{ matrix.cpu }}.Makefile docker-images + run: make docker-images env: + CPU: ${{ matrix.cpu }} + USE_DEPOT: 1 DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} - PHP_VERSION: ${{ matrix.php_version }} + + - run: make layers + env: CPU: ${{ matrix.cpu }} - CPU_PREFIX: ${{ (matrix.cpu == 'arm') && 'arm-' || '' }} - IMAGE_VERSION_SUFFIX: ${{ (matrix.cpu == 'arm') && 'arm64' || 'x86_64' }} - - run: make -f cpu-x86.Makefile layers - - run: make -f cpu-x86.Makefile test - - run: make -f cpu-x86.Makefile upload-layers - - run: make -f cpu-x86.Makefile upload-to-docker-hub + - run: make test + env: + CPU: ${{ matrix.cpu }} - release-arm: - name: Publish ARM layers - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: arn:aws:iam::534081306603:role/bref-layer-publisher-github-actions - role-session-name: bref-layer-publisher-github-actions - aws-region: us-east-1 - - name: Configure Docker Hub credentials - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - # See https://stackoverflow.com/questions/70312490/github-actions-runner-environment-doesnt-build-for-arm-images - - name: Set up QEMU to build ARM images - uses: docker/setup-qemu-action@v2 - - name: Set up Docker buildx to build ARM images - uses: docker/setup-buildx-action@v2 - - run: make -f cpu-arm.Makefile layers - - run: make -f cpu-arm.Makefile test - - run: make -f cpu-arm.Makefile upload-layers - - run: make -f cpu-arm.Makefile upload-to-docker-hub + - run: make upload-layers + env: + CPU: ${{ matrix.cpu }} + + - run: make upload-to-docker-hub + env: + CPU: ${{ matrix.cpu }} update-layer-versions: name: Update layer versions in brefphp/bref runs-on: ubuntu-latest - needs: [ release-x86, release-arm ] + needs: [ release ] steps: - name: Trigger layer update in brefphp/bref uses: actions/github-script@v6 @@ -96,7 +89,7 @@ jobs: update-layer-js-versions: name: Update layer versions in brefphp/layers.js runs-on: ubuntu-latest - needs: [ release-x86, release-arm ] + needs: [ release ] steps: - name: Trigger release in brefphp/layers.js uses: actions/github-script@v6 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1bd7537f..26dec691 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,14 +30,20 @@ jobs: - uses: depot/setup-action@v1 - name: Build Docker images - run: make -f cpu-${{ matrix.cpu }}.Makefile docker-images-php-${{ matrix.php_version }} + run: make docker-images-php-${{ matrix.php_version }} env: + CPU: ${{ matrix.cpu }} + USE_DEPOT: 1 DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} - name: Test that layers can be exported run: | - make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }} - make -f cpu-${{ matrix.cpu }}.Makefile layer-php-${{ matrix.php_version }}-fpm + make layer-php-${{ matrix.php_version }} + make layer-php-${{ matrix.php_version }}-fpm + env: + CPU: ${{ matrix.cpu }} - name: Run tests - run: make -f cpu-${{ matrix.cpu }}.Makefile test-${{ matrix.php_version }} + run: make test-${{ matrix.php_version }} + env: + CPU: ${{ matrix.cpu }} diff --git a/Makefile b/Makefile index 4f7a3c39..247b8052 100644 --- a/Makefile +++ b/Makefile @@ -2,46 +2,102 @@ -include .env export # export all variables defined in .env -# - Build all layers -# - Publish all Docker images to Docker Hub -# - Publish all layers to AWS Lambda +# Define all the environment variables depending on the CPU +# Set CPU= (empty) to build for x86 +# Set CPU=arm to build for ARM +ifeq ($(CPU), arm) # if $CPU=="arm" + $(info "⚠️ Building for ARM") # Print a message + export CPU = arm + export CPU_PREFIX = arm- + export IMAGE_VERSION_SUFFIX = arm64 + export DOCKER_PLATFORM = linux/arm64 +else + $(info "⚠️ Building for x86") # Print a message + export CPU = x86 + export CPU_PREFIX = + export IMAGE_VERSION_SUFFIX = x86_64 + export DOCKER_PLATFORM = linux/amd64 +endif + +# By default, Docker images are built using `docker buildx bake` +# But we use https://depot.dev in CI (super fast) by setting USE_DEPOT=1 +ifeq ($(USE_DEPOT), 1) # if $USE_DEPOT=="1" + $(info "⚠️ Building using depot.dev") # Print a message + export BAKE_COMMAND = depot bake +else + export BAKE_COMMAND = docker buildx bake +endif + + +# Build all Docker images and layers *locally* +# Use this to test your changes +default: docker-images layers + + +# Build Docker images *locally* +docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 +docker-images-php-%: + PHP_VERSION=$* ${BAKE_COMMAND} --load + + +# Build Lambda layers (zip files) *locally* +layers: layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm + # Build the console layer only once (x86 and single PHP version) + @if [ ${CPU} = "x86" ]; then \ + ./utils/docker-zip-dir.sh bref/php-80-console-zip console; \ + fi +# This rule matches with a wildcard, for example `layer-php-80`. +# The `$*` variable will contained the matched part, in this case `php-80`. +layer-%: + ./utils/docker-zip-dir.sh bref/${CPU_PREFIX}$* ${CPU_PREFIX}$* + + +# Upload the layers to AWS Lambda # Uses the current AWS_PROFILE. Most users will not want to use this option # as this will publish all layers to all regions + publish all Docker images. -everything: - $(MAKE) -f cpu-x86.Makefile everything - $(MAKE) -f cpu-arm.Makefile everything +upload-layers: upload-layers-php-80 upload-layers-php-81 upload-layers-php-82 + # Upload the console layer only once (x86 and single PHP version) + @if [ ${CPU} = "x86" ]; then \ + LAYER_NAME=console $(MAKE) -C ./utils/lambda-publish publish-parallel; \ + fi +upload-layers-php-%: + # Upload the function layers to AWS + LAYER_NAME=${CPU_PREFIX}php-$* $(MAKE) -C ./utils/lambda-publish publish-parallel + # Upload the FPM layers to AWS + LAYER_NAME=${CPU_PREFIX}php-$*-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel -# Build Docker images *locally* -docker-images: - $(MAKE) -f cpu-x86.Makefile docker-images - $(MAKE) -f cpu-arm.Makefile docker-images - -# Build Lambda layers (zip files) *locally* (will also build Docker images) -layers: - $(MAKE) -f cpu-x86.Makefile layers - $(MAKE) -f cpu-arm.Makefile layers - -# Upload the layers to AWS Lambda (will also build Docker images and layers) -upload-layers: - $(MAKE) -f cpu-x86.Makefile upload-layers - $(MAKE) -f cpu-arm.Makefile upload-layers - -# Build and publish Docker images to Docker Hub. -# Only publishes the `latest` version. -# This process is executed when a merge to `main` happens. -# When a release tag is created, GitHub Actions -# will download the latest images, tag them with the version number -# and re-upload them with the right tag. -upload-to-docker-hub: - $(MAKE) -f cpu-x86.Makefile upload-to-docker-hub - $(MAKE) -f cpu-arm.Makefile upload-to-docker-hub - -test: - $(MAKE) -f cpu-x86.Makefile test - $(MAKE) -f cpu-arm.Makefile test - -clean: - $(MAKE) -f cpu-x86.Makefile clean - $(MAKE) -f cpu-arm.Makefile clean - -.PHONY: layers + +# Publish Docker images to Docker Hub. +upload-to-docker-hub: upload-to-docker-hub-php-80 upload-to-docker-hub-php-81 upload-to-docker-hub-php-82 +upload-to-docker-hub-php-%: + # While in beta we tag and push the `:2` version, later we'll push `:latest` as well + for image in \ + "bref/${CPU_PREFIX}php-$*" "bref/${CPU_PREFIX}php-$*-fpm" "bref/${CPU_PREFIX}php-$*-console" \ + "bref/${CPU_PREFIX}build-php-$*" "bref/${CPU_PREFIX}php-$*-fpm-dev"; \ + do \ + docker tag $$image $$image:2 ; \ + docker push $$image:2 ; \ + done + # TODO: when v2 becomes "latest", we should also push "latest" tags + # We could actually use `docker push --all-tags` at the end probably? + + +test: test-80 test-81 test-82 +test-%: + cd tests && $(MAKE) test-$* + + +clean: clean-80 clean-81 clean-82 + # Clear the build cache, else all images will be rebuilt using cached layers + docker builder prune + # Remove zip files + rm -f output/${CPU_PREFIX}*.zip +clean-%: + # Clean Docker images to force rebuilding them + docker image rm --force bref/${CPU_PREFIX}build-php-$* \ + bref/${CPU_PREFIX}php-$* \ + bref/${CPU_PREFIX}php-$*-zip \ + bref/${CPU_PREFIX}php-$*-fpm \ + bref/${CPU_PREFIX}php-$*-fpm-zip \ + bref/${CPU_PREFIX}php-$*-fpm-dev \ + bref/${CPU_PREFIX}php-$*-console diff --git a/cpu-arm.Makefile b/cpu-arm.Makefile deleted file mode 100644 index f34f080f..00000000 --- a/cpu-arm.Makefile +++ /dev/null @@ -1,90 +0,0 @@ -# Load .env file if it exists --include .env -export # export all variables defined in .env -export CPU = arm -export CPU_PREFIX = arm- -export IMAGE_VERSION_SUFFIX = arm64 -export DOCKER_PLATFORM = linux/arm64 - - -# Build all Docker images and layers *locally* -# Use this to test your changes -default: docker-images layers - - -# Build Docker images *locally* -docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 -docker-images-php-%: - PHP_VERSION=$* depot bake --load - - -# Build Lambda layers (zip files) *locally* -layers: layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm -# This rule matches with a wildcard, for example `layer-php-80`. -# The `$*` variable will contained the matched part, in this case `php-80`. -layer-%: - ./utils/docker-zip-dir.sh bref/arm-$* arm-$* - - -# Upload the layers to AWS Lambda -# Uses the current AWS_PROFILE. Most users will not want to use this option -# as this will publish all layers to all regions + publish all Docker images. -upload-layers: - # Upload the function layers to AWS - LAYER_NAME=arm-php-80 $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=arm-php-81 $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=arm-php-82 $(MAKE) -C ./utils/lambda-publish publish-parallel - - # Upload the FPM layers to AWS - LAYER_NAME=arm-php-80-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=arm-php-81-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=arm-php-82-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel - - -# Publish Docker images to Docker Hub. -upload-to-docker-hub: - # While in beta we tag and push the `:2` version, later we'll push `:latest` as well - for image in \ - "bref/arm-php-80" "bref/arm-php-80-fpm" "bref/arm-php-80-console" "bref/arm-build-php-80" "bref/arm-php-80-fpm-dev" \ - "bref/arm-php-81" "bref/arm-php-81-fpm" "bref/arm-php-81-console" "bref/arm-build-php-81" "bref/arm-php-81-fpm-dev"; \ - "bref/arm-php-82" "bref/arm-php-82-fpm" "bref/arm-php-82-console" "bref/arm-build-php-82" "bref/arm-php-82-fpm-dev"; \ - do \ - docker tag $$image $$image:2 ; \ - docker push $$image:2 ; \ - done - # TODO: when v2 becomes "latest", we should also push "latest" tags - # We could actually use `docker push --all-tags` at the end probably? - - -test: test-80 test-81 test-82 -test-%: - cd tests && $(MAKE) test-$* - - -clean: - # Remove zip files - rm -f output/arm-*.zip - # Clean Docker images to force rebuilding them - docker image rm --force bref/arm-build-php-80 - docker image rm --force bref/arm-build-php-81 - docker image rm --force bref/arm-build-php-82 - docker image rm --force bref/arm-php-80 - docker image rm --force bref/arm-php-81 - docker image rm --force bref/arm-php-82 - docker image rm --force bref/arm-php-80-zip - docker image rm --force bref/arm-php-81-zip - docker image rm --force bref/arm-php-82-zip - docker image rm --force bref/arm-php-80-fpm - docker image rm --force bref/arm-php-81-fpm - docker image rm --force bref/arm-php-82-fpm - docker image rm --force bref/arm-php-80-fpm-zip - docker image rm --force bref/arm-php-81-fpm-zip - docker image rm --force bref/arm-php-82-fpm-zip - docker image rm --force bref/arm-php-80-fpm-dev - docker image rm --force bref/arm-php-81-fpm-dev - docker image rm --force bref/arm-php-82-fpm-dev - docker image rm --force bref/arm-php-80-console - docker image rm --force bref/arm-php-81-console - docker image rm --force bref/arm-php-82-console - # Clear the build cache, else all images will be rebuilt using cached layers - docker builder prune diff --git a/cpu-x86.Makefile b/cpu-x86.Makefile deleted file mode 100644 index 031a9d66..00000000 --- a/cpu-x86.Makefile +++ /dev/null @@ -1,95 +0,0 @@ -# Load .env file if it exists --include .env -export # export all variables defined in .env -export CPU = x86 -export CPU_PREFIX = -export IMAGE_VERSION_SUFFIX = x86_64 -export DOCKER_PLATFORM = linux/amd64 - - -# Build all Docker images and layers *locally* -# Use this to test your changes -default: docker-images layers - - -# Build Docker images *locally* -docker-images: docker-images-php-80 docker-images-php-81 docker-images-php-82 -docker-images-php-%: - PHP_VERSION=$* depot bake --load - - -# Build Lambda layers (zip files) *locally* -layers: layer-php-80 layer-php-81 layer-php-82 layer-php-80-fpm layer-php-81-fpm layer-php-82-fpm - # Handle this layer specifically - ./utils/docker-zip-dir.sh bref/php-80-console-zip console -# This rule matches with a wildcard, for example `layer-php-80`. -# The `$*` variable will contained the matched part, in this case `php-80`. -layer-%: - ./utils/docker-zip-dir.sh bref/$* $* - - -# Upload the layers to AWS Lambda -# Uses the current AWS_PROFILE. Most users will not want to use this option -# as this will publish all layers to all regions + publish all Docker images. -upload-layers: - # Upload the function layers to AWS - LAYER_NAME=php-80 $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=php-81 $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=php-82 $(MAKE) -C ./utils/lambda-publish publish-parallel - - # Upload the FPM layers to AWS - LAYER_NAME=php-80-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=php-81-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel - LAYER_NAME=php-82-fpm $(MAKE) -C ./utils/lambda-publish publish-parallel - - # Upload the console layer to AWS - LAYER_NAME=console $(MAKE) -C ./utils/lambda-publish publish-parallel - - -# Publish Docker images to Docker Hub. -upload-to-docker-hub: - # While in beta we tag and push the `:2` version, later we'll push `:latest` as well - for image in \ - "bref/php-80" "bref/php-80-fpm" "bref/php-80-console" "bref/build-php-80" "bref/php-80-fpm-dev" \ - "bref/php-81" "bref/php-81-fpm" "bref/php-81-console" "bref/build-php-81" "bref/php-81-fpm-dev" \ - "bref/php-82" "bref/php-82-fpm" "bref/php-82-console" "bref/build-php-82" "bref/php-82-fpm-dev"; \ - do \ - docker tag $$image $$image:2 ; \ - docker push $$image:2 ; \ - done - # TODO: when v2 becomes "latest", we should also push "latest" tags - # We could actually use `docker push --all-tags` at the end probably? - - -test: test-80 test-81 test-82 -test-%: - cd tests && $(MAKE) test-$* - - -clean: - # Remove zip files - rm -f output/*.zip - # Clean Docker images to force rebuilding them - docker image rm --force bref/build-php-80 - docker image rm --force bref/build-php-81 - docker image rm --force bref/build-php-82 - docker image rm --force bref/php-80 - docker image rm --force bref/php-81 - docker image rm --force bref/php-82 - docker image rm --force bref/php-80-zip - docker image rm --force bref/php-81-zip - docker image rm --force bref/php-82-zip - docker image rm --force bref/php-80-fpm - docker image rm --force bref/php-81-fpm - docker image rm --force bref/php-82-fpm - docker image rm --force bref/php-80-fpm-zip - docker image rm --force bref/php-81-fpm-zip - docker image rm --force bref/php-82-fpm-zip - docker image rm --force bref/php-80-fpm-dev - docker image rm --force bref/php-81-fpm-dev - docker image rm --force bref/php-82-fpm-dev - docker image rm --force bref/php-80-console - docker image rm --force bref/php-81-console - docker image rm --force bref/php-82-console - # Clear the build cache, else all images will be rebuilt using cached layers - docker builder prune From 6101ee2b462a35a6fa37d83c5fe6a97d0658e101 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 18:37:44 +0000 Subject: [PATCH 94/97] Change CI name --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 26dec691..e1bc7728 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -8,7 +8,7 @@ on: jobs: tests: - name: Build and tests ${{ matrix.cpu }} PHP ${{ matrix.php_version }} layers + name: Build and tests PHP ${{ matrix.php_version }}, ${{ matrix.cpu }} runs-on: ubuntu-latest strategy: fail-fast: false From 8db39ace0036083974c72e9b25b0078250a12004 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sat, 28 Jan 2023 18:38:41 +0000 Subject: [PATCH 95/97] Upgrade PHP versions --- php-80/Dockerfile | 3 ++- php-81/Dockerfile | 1 + php-82/Dockerfile | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/php-80/Dockerfile b/php-80/Dockerfile index e302a39c..cfefbca4 100644 --- a/php-80/Dockerfile +++ b/php-80/Dockerfile @@ -5,7 +5,8 @@ ARG CPU # Can be "x86_64" or "arm64" ARG IMAGE_VERSION_SUFFIX -ARG VERSION_PHP=8.0.25 +# https://www.php.net/downloads +ARG VERSION_PHP=8.0.27 # Lambda uses a custom AMI named Amazon Linux 2 diff --git a/php-81/Dockerfile b/php-81/Dockerfile index 923ef247..9c7f65ee 100644 --- a/php-81/Dockerfile +++ b/php-81/Dockerfile @@ -5,6 +5,7 @@ ARG CPU # Can be "x86_64" or "arm64" ARG IMAGE_VERSION_SUFFIX +# https://www.php.net/downloads ARG VERSION_PHP=8.1.14 diff --git a/php-82/Dockerfile b/php-82/Dockerfile index 69af8624..22136e12 100644 --- a/php-82/Dockerfile +++ b/php-82/Dockerfile @@ -5,7 +5,8 @@ ARG CPU # Can be "x86_64" or "arm64" ARG IMAGE_VERSION_SUFFIX -ARG VERSION_PHP=8.2.0 +# https://www.php.net/downloads +ARG VERSION_PHP=8.2.1 # Lambda uses a custom AMI named Amazon Linux 2 From 4c20d2099ad80e88d82524c3e0f3a42af9b9c9e7 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 29 Jan 2023 10:14:32 +0000 Subject: [PATCH 96/97] Cleanup the utils/lib-copy script --- README.md | 10 +++- php-80/Dockerfile | 2 +- php-81/Dockerfile | 2 +- php-82/Dockerfile | 2 +- utils/lib-check/Makefile | 10 ---- utils/lib-check/verify.php | 49 ------------------- utils/lib-copy/Makefile | 4 ++ .../copy-dependencies.php | 11 +++-- .../docker-compose.yml | 0 utils/{lib-check => lib-copy}/libs-arm.txt | 0 utils/{lib-check => lib-copy}/libs-x86.txt | 0 11 files changed, 21 insertions(+), 69 deletions(-) delete mode 100644 utils/lib-check/Makefile delete mode 100644 utils/lib-check/verify.php create mode 100644 utils/lib-copy/Makefile rename utils/{lib-check => lib-copy}/copy-dependencies.php (92%) rename utils/{lib-check => lib-copy}/docker-compose.yml (100%) rename utils/{lib-check => lib-copy}/libs-arm.txt (100%) rename utils/{lib-check => lib-copy}/libs-x86.txt (100%) diff --git a/README.md b/README.md index fc4ba386..c26fb53d 100644 --- a/README.md +++ b/README.md @@ -103,8 +103,6 @@ docker run --rm -it --entrypoint=bash bref/php-80 > > However, `ldd` fails when running on another CPU architecture. So instead of `ldd`, we can use `objdump -p /usr/bin/bash | grep NEEDED` (that needs to be installed with `yum install binutils`). -Related: `utils/lib-check` is a small utility-tool to check whether we're copying unnecessary `.so` files into the layer (i.e. `.so` files that already exist in Lambda). - ### Supporting a new PHP version The general idea is to copy `php-82` into `php-83`. Search/replace `php-82` with `php-83`, update the PHP version, update the `Makefile`, and adapt anything else if needed. @@ -164,6 +162,14 @@ Anything we want to make available in AWS Lambda is possible by preparing the ri php/conf.d/ # also automatically loaded php.ini files ``` +In the "build" Docker images (used by example to build extra extensions), there is a `/bref/lib-copy/copy-dependencies.php` script that helps automatically copying the system dependencies of a binary or PHP extension. It can be used like so: + +```sh +php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib +``` + +In Bref v1, we used to manually identify (via `ldd`) and copy these system libraries, but this new script automates everything. It is recommended to use it. + ### The php-xx folders The Dockerfile attempts at a best-effort to follow a top-down execution process for easier reading. diff --git a/php-80/Dockerfile b/php-80/Dockerfile index cfefbca4..63a14616 100644 --- a/php-80/Dockerfile +++ b/php-80/Dockerfile @@ -428,7 +428,7 @@ RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ # - /lib | /lib64 (system libraries installed with `yum`) # - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) # into `/opt` (the directory of Lambda layers) -COPY --link utils/lib-check /bref/lib-copy +COPY --link utils/lib-copy /bref/lib-copy RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib diff --git a/php-81/Dockerfile b/php-81/Dockerfile index 9c7f65ee..ebdb14f3 100644 --- a/php-81/Dockerfile +++ b/php-81/Dockerfile @@ -428,7 +428,7 @@ RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ # - /lib | /lib64 (system libraries installed with `yum`) # - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) # into `/opt` (the directory of Lambda layers) -COPY --link utils/lib-check /bref/lib-copy +COPY --link utils/lib-copy /bref/lib-copy RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib diff --git a/php-82/Dockerfile b/php-82/Dockerfile index 22136e12..72568ff8 100644 --- a/php-82/Dockerfile +++ b/php-82/Dockerfile @@ -428,7 +428,7 @@ RUN cp $(php -r 'echo ini_get("extension_dir");')/* /opt/bref/extensions/ # - /lib | /lib64 (system libraries installed with `yum`) # - /tmp/bref/bin | /tmp/bref/lib | /tmp/bref/lib64 (libraries compiled from source) # into `/opt` (the directory of Lambda layers) -COPY --link utils/lib-check /bref/lib-copy +COPY --link utils/lib-copy /bref/lib-copy RUN php /bref/lib-copy/copy-dependencies.php /opt/bin/php /opt/lib RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/apcu.so /opt/lib RUN php /bref/lib-copy/copy-dependencies.php /opt/bref/extensions/intl.so /opt/lib diff --git a/utils/lib-check/Makefile b/utils/lib-check/Makefile deleted file mode 100644 index 83e6dfe6..00000000 --- a/utils/lib-check/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -check: - @php verify.php php-80/cpu-x86.Dockerfile x86 - @php verify.php php-81/cpu-x86.Dockerfile x86 - @php verify.php php-82/cpu-x86.Dockerfile x86 - @php verify.php php-80/cpu-arm.Dockerfile arm - @php verify.php php-81/cpu-arm.Dockerfile arm - -update: - docker compose run --rm update-x86 - docker compose run --rm update-arm diff --git a/utils/lib-check/verify.php b/utils/lib-check/verify.php deleted file mode 100644 index f5845819..00000000 --- a/utils/lib-check/verify.php +++ /dev/null @@ -1,49 +0,0 @@ - ! str_starts_with($item, '#') && ! empty($item)); - -$docker = implode(PHP_EOL, $dockerContent); - -$libraries = file(__DIR__ . "/libs-$argv[2].txt"); -// For some reason some libraries are actually not in Lambda, despite being in the docker image 🤷 -$libraries = array_filter($libraries, function ($library) { - return ! str_contains($library, 'libgcrypt.so') && ! str_contains($library, 'libgpg-error.so'); -}); - -foreach ($libraries as $library) { - if (! str_contains($library, '.so')) { - continue; - } - - if (str_contains($docker, $library)) { - error("[$library] is present in Docker but is also present on /lib64 by default"); - } -} - -success($argv[1]); diff --git a/utils/lib-copy/Makefile b/utils/lib-copy/Makefile new file mode 100644 index 00000000..69729b91 --- /dev/null +++ b/utils/lib-copy/Makefile @@ -0,0 +1,4 @@ +# Update the list of system libs that exist by default in Lambda +update: + docker compose run --rm update-x86 + docker compose run --rm update-arm diff --git a/utils/lib-check/copy-dependencies.php b/utils/lib-copy/copy-dependencies.php similarity index 92% rename from utils/lib-check/copy-dependencies.php rename to utils/lib-copy/copy-dependencies.php index 939027c5..48e7ce16 100644 --- a/utils/lib-check/copy-dependencies.php +++ b/utils/lib-copy/copy-dependencies.php @@ -1,9 +1,11 @@ + * php copy-dependencies.php * * For example: * php copy-dependencies.php /opt/bin/php /opt/lib @@ -18,15 +20,14 @@ echo 'Missing the second argument, check the file to see how to use it' . PHP_EOL; exit(1); } -$pathToCheck = $argv[1]; -$targetDirectory = $argv[2]; +[$pathToCheck, $targetDirectory] = $argv; // All the paths where shared libraries can be found const LIB_PATHS = [ - // System + // System libraries '/lib64', '/usr/lib64', - // Libraries we compiled from source go here by default + // Libraries we compiled from source are installed here '/tmp/bref/lib', '/tmp/bref/lib64', ]; diff --git a/utils/lib-check/docker-compose.yml b/utils/lib-copy/docker-compose.yml similarity index 100% rename from utils/lib-check/docker-compose.yml rename to utils/lib-copy/docker-compose.yml diff --git a/utils/lib-check/libs-arm.txt b/utils/lib-copy/libs-arm.txt similarity index 100% rename from utils/lib-check/libs-arm.txt rename to utils/lib-copy/libs-arm.txt diff --git a/utils/lib-check/libs-x86.txt b/utils/lib-copy/libs-x86.txt similarity index 100% rename from utils/lib-check/libs-x86.txt rename to utils/lib-copy/libs-x86.txt From 287cf44e9b488a5aa944269fe0afb93943169011 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Sun, 29 Jan 2023 10:20:41 +0000 Subject: [PATCH 97/97] Fixup --- utils/lib-copy/copy-dependencies.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/lib-copy/copy-dependencies.php b/utils/lib-copy/copy-dependencies.php index 48e7ce16..f33a9ce1 100644 --- a/utils/lib-copy/copy-dependencies.php +++ b/utils/lib-copy/copy-dependencies.php @@ -20,7 +20,7 @@ echo 'Missing the second argument, check the file to see how to use it' . PHP_EOL; exit(1); } -[$pathToCheck, $targetDirectory] = $argv; +[$_, $pathToCheck, $targetDirectory] = $argv; // All the paths where shared libraries can be found const LIB_PATHS = [