diff --git a/.github/workflows/container-validation.yml b/.github/workflows/container-validation.yml index e1dc13f..8e58680 100644 --- a/.github/workflows/container-validation.yml +++ b/.github/workflows/container-validation.yml @@ -11,29 +11,33 @@ jobs: uses: ./.github/workflows/verify-image_rw.yml with: context_path: "simplerisk/" - dockerfile_path: "simplerisk/jammy/Dockerfile" + dockerfile_path: "simplerisk/Dockerfile" image_tag: "simplerisk/simplerisk:testing" + build_args: "ubuntu_version_code=jammy" simplerisk-noble: name: 'Verify simplerisk/simplerisk image based on Ubuntu 24.04 (Noble)' uses: ./.github/workflows/verify-image_rw.yml with: context_path: "simplerisk/" - dockerfile_path: "simplerisk/noble/Dockerfile" + dockerfile_path: "simplerisk/Dockerfile" image_tag: "simplerisk/simplerisk:testing" + build_args: "ubuntu_version_code=noble" simplerisk-minimal-php81: - name: 'Verify simplerisk/simplerisk image based on PHP 8.1 with Apache' + name: 'Verify simplerisk/simplerisk-minimal image based on PHP 8.1 with Apache' uses: ./.github/workflows/verify-image_rw.yml with: context_path: "simplerisk-minimal/" - dockerfile_path: "simplerisk-minimal/php81/Dockerfile" + dockerfile_path: "simplerisk-minimal/Dockerfile" image_tag: "simplerisk/simplerisk-minimal:testing" + build_args: "php_version=8.1" simplerisk-minimal-php83: - name: 'Verify simplerisk/simplerisk image based on PHP 8.3 with Apache' + name: 'Verify simplerisk/simplerisk-minimal image based on PHP 8.3 with Apache' uses: ./.github/workflows/verify-image_rw.yml with: context_path: "simplerisk-minimal/" - dockerfile_path: "simplerisk-minimal/php83/Dockerfile" + dockerfile_path: "simplerisk-minimal/Dockerfile" image_tag: "simplerisk/simplerisk-minimal:testing" + build_args: "php_version=8.3" diff --git a/.github/workflows/push-to-dockerhub.yml b/.github/workflows/push-to-dockerhub.yml index 79e1bf0..eab467d 100644 --- a/.github/workflows/push-to-dockerhub.yml +++ b/.github/workflows/push-to-dockerhub.yml @@ -18,40 +18,44 @@ jobs: uses: ./.github/workflows/push-to-dockerhub_rw.yml with: context_path: "simplerisk" - dockerfile_path: "simplerisk/jammy/Dockerfile" + dockerfile_path: "simplerisk/Dockerfile" image_name: "simplerisk/simplerisk" version: "20250411-001" os_version: "jammy" + build_args: "ubuntu_version_code=jammy" secrets: inherit simplerisk-noble: name: 'Push simplerisk/simplerisk image based on Ubuntu 24.04 (Noble)' uses: ./.github/workflows/push-to-dockerhub_rw.yml with: context_path: "simplerisk" - dockerfile_path: "simplerisk/noble/Dockerfile" + dockerfile_path: "simplerisk/Dockerfile" image_name: "simplerisk/simplerisk" version: "20250411-001" os_version: "noble" main_image: true + build_args: "ubuntu_version_code=noble" secrets: inherit simplerisk-minimal-php81: name: 'Push simplerisk/simplerisk-minimal image based on PHP 8.1 with Apache' uses: ./.github/workflows/push-to-dockerhub_rw.yml with: context_path: "simplerisk-minimal" - dockerfile_path: "simplerisk-minimal/php81/Dockerfile" + dockerfile_path: "simplerisk-minimal/Dockerfile" image_name: "simplerisk/simplerisk-minimal" version: "20250411-001" os_version: "php81" + build_args: "php_version=8.1" secrets: inherit simplerisk-minimal-php83: name: 'Push simplerisk/simplerisk-minimal image based on PHP 8.3 with Apache' uses: ./.github/workflows/push-to-dockerhub_rw.yml with: context_path: "simplerisk-minimal" - dockerfile_path: "simplerisk-minimal/php83/Dockerfile" + dockerfile_path: "simplerisk-minimal/Dockerfile" image_name: "simplerisk/simplerisk-minimal" version: "20250411-001" os_version: "php83" main_image: true + build_args: "php_version=8.3" secrets: inherit diff --git a/.github/workflows/push-to-dockerhub_rw.yml b/.github/workflows/push-to-dockerhub_rw.yml index 2db480d..9242c5d 100644 --- a/.github/workflows/push-to-dockerhub_rw.yml +++ b/.github/workflows/push-to-dockerhub_rw.yml @@ -27,6 +27,9 @@ on: description: Is this the latest image? default: false type: boolean + build_args: + description: Arguments to use on image at runtime + type: string secrets: DOCKER_USERNAME: required: true @@ -60,6 +63,7 @@ jobs: context: ${{ inputs.context_path }} file: ${{ inputs.dockerfile_path }} push: ${{ github.event_name != 'pull_request' }} + build-args: ${{ inputs.build_args || '' }} tags: | ${{ inputs.image_name }} ${{ inputs.image_name }}:${{ inputs.version }} @@ -72,6 +76,7 @@ jobs: context: ${{ inputs.context_path }} file: ${{ inputs.dockerfile_path }} push: ${{ github.event_name != 'pull_request' }} + build-args: ${{ inputs.build_args || '' }} tags: | ${{ inputs.image_name }}:${{ inputs.version }}-${{ inputs.os_version }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/push-to-gh-pkgs.yml b/.github/workflows/push-to-gh-pkgs.yml index d4535ad..230e308 100644 --- a/.github/workflows/push-to-gh-pkgs.yml +++ b/.github/workflows/push-to-gh-pkgs.yml @@ -18,40 +18,44 @@ jobs: uses: ./.github/workflows/push-to-gh-pkgs_rw.yml with: context_path: "simplerisk" - dockerfile_path: "simplerisk/jammy/Dockerfile" + dockerfile_path: "simplerisk/Dockerfile" image_name: "simplerisk" version: "20250411-001" os_version: "jammy" + build_args: "ubuntu_version_code=jammy" secrets: inherit simplerisk-noble: name: 'Push simplerisk/simplerisk image based on Ubuntu 24.04 (Noble)' uses: ./.github/workflows/push-to-gh-pkgs_rw.yml with: context_path: "simplerisk" - dockerfile_path: "simplerisk/noble/Dockerfile" + dockerfile_path: "simplerisk/Dockerfile" image_name: "simplerisk" version: "20250411-001" os_version: "noble" main_image: true + build_args: "ubuntu_version_code=noble" secrets: inherit simplerisk-minimal-php81: name: 'Push simplerisk/simplerisk-minimal image based on PHP 8.1 with Apache' uses: ./.github/workflows/push-to-gh-pkgs_rw.yml with: context_path: "simplerisk-minimal" - dockerfile_path: "simplerisk-minimal/php81/Dockerfile" + dockerfile_path: "simplerisk-minimal/Dockerfile" image_name: "simplerisk-minimal" version: "20250411-001" os_version: "php81" + build_args: "php_version=8.1" secrets: inherit simplerisk-minimal-php83: name: 'Push simplerisk/simplerisk-minimal image based on PHP 8.3 with Apache' uses: ./.github/workflows/push-to-gh-pkgs_rw.yml with: context_path: "simplerisk-minimal" - dockerfile_path: "simplerisk-minimal/php83/Dockerfile" + dockerfile_path: "simplerisk-minimal/Dockerfile" image_name: "simplerisk-minimal" version: "20250411-001" os_version: "php83" main_image: true + build_args: "php_version=8.3" secrets: inherit diff --git a/.github/workflows/push-to-gh-pkgs_rw.yml b/.github/workflows/push-to-gh-pkgs_rw.yml index 5e558c9..c555927 100644 --- a/.github/workflows/push-to-gh-pkgs_rw.yml +++ b/.github/workflows/push-to-gh-pkgs_rw.yml @@ -21,6 +21,8 @@ on: main_image: default: false type: boolean + build_args: + type: string env: # Use docker.io for Docker Hub if empty @@ -73,6 +75,7 @@ jobs: context: ${{ inputs.context_path }} file: ${{ inputs.dockerfile_path }} push: ${{ github.event_name != 'pull_request' }} + build-args: ${{ inputs.build_args || '' }} tags: | ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }} ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.version }} @@ -98,6 +101,7 @@ jobs: context: ${{ inputs.context_path }} file: ${{ inputs.dockerfile_path }} push: ${{ github.event_name != 'pull_request' }} + build-args: ${{ inputs.build_args || '' }} tags: | ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.version }}-${{ inputs.os_version }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/verify-image_rw.yml b/.github/workflows/verify-image_rw.yml index 9a3e5bb..6b1b5ab 100644 --- a/.github/workflows/verify-image_rw.yml +++ b/.github/workflows/verify-image_rw.yml @@ -12,6 +12,8 @@ on: image_tag: required: true type: string + build_args: + type: string jobs: verify_image: @@ -25,6 +27,7 @@ jobs: context: ${{ inputs.context_path }} file: ${{ inputs.dockerfile_path }} tags: ${{ inputs.image_tag }} + build-args: ${{ inputs.build_args || '' }} - name: Run linter with Dockle uses: erzz/dockle-action@v1 with: diff --git a/flake.lock b/flake.lock index 76634c5..09ab220 100644 --- a/flake.lock +++ b/flake.lock @@ -2,33 +2,31 @@ "nodes": { "cachix": { "inputs": { - "devenv": "devenv_2", - "flake-compat": [ + "devenv": [ "gorinapp", - "devenv", - "flake-compat" + "devenv" ], - "nixpkgs": [ + "flake-compat": [ "gorinapp", - "devenv", - "nixpkgs" + "devenv" ], - "pre-commit-hooks": [ + "git-hooks": [ "gorinapp", - "devenv", - "pre-commit-hooks" - ] + "devenv" + ], + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1712055811, - "narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=", + "lastModified": 1737621947, + "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", "owner": "cachix", "repo": "cachix", - "rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30", + "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", "type": "github" }, "original": { "owner": "cachix", + "ref": "latest", "repo": "cachix", "type": "github" } @@ -36,57 +34,24 @@ "devenv": { "inputs": { "cachix": "cachix", - "flake-compat": "flake-compat_3", - "nix": "nix_2", + "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", + "nix": "nix", "nixpkgs": [ "gorinapp", "nixpkgs" - ], - "pre-commit-hooks": "pre-commit-hooks" - }, - "locked": { - "lastModified": 1721817837, - "narHash": "sha256-vZYHahW5w9nMbDV0YFC+HE8bwjkDjJ2kauDQWKjRGtY=", - "owner": "cachix", - "repo": "devenv", - "rev": "44bfc26843694ab17ebae1d4922065e48d93f501", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "devenv_2": { - "inputs": { - "flake-compat": [ - "gorinapp", - "devenv", - "cachix", - "flake-compat" - ], - "nix": "nix", - "nixpkgs": "nixpkgs", - "poetry2nix": "poetry2nix", - "pre-commit-hooks": [ - "gorinapp", - "devenv", - "cachix", - "pre-commit-hooks" ] }, "locked": { - "lastModified": 1708704632, - "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=", + "lastModified": 1741348424, + "narHash": "sha256-nPwbJpX8AxmzbgRd2m6KHIbyN1xavq1BaBdJzO/lkW0=", "owner": "cachix", "repo": "devenv", - "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196", + "rev": "8f8c96bb1e0c6a59a97592328dc61b9fdbe7474b", "type": "github" }, "original": { "owner": "cachix", - "ref": "python-rewrite", "repo": "devenv", "type": "github" } @@ -94,11 +59,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -110,11 +75,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -126,27 +91,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -155,39 +104,53 @@ "type": "github" } }, - "flake-utils": { + "flake-parts": { "inputs": { - "systems": "systems" + "nixpkgs-lib": [ + "gorinapp", + "devenv", + "nix", + "nixpkgs" + ] }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "flake-utils_2": { + "git-hooks": { "inputs": { - "systems": "systems_2" + "flake-compat": [ + "gorinapp", + "devenv" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "gorinapp", + "devenv", + "nixpkgs" + ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "lastModified": 1740849354, + "narHash": "sha256-oy33+t09FraucSZ2rZ6qnD1Y1c8azKKmQuCvF2ytUko=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "4a709a8ce9f8c08fa7ddb86761fe488ff7858a07", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, @@ -196,7 +159,7 @@ "nixpkgs": [ "gorinapp", "devenv", - "pre-commit-hooks", + "git-hooks", "nixpkgs" ] }, @@ -217,15 +180,15 @@ "gorinapp": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_2" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1722369316, - "narHash": "sha256-8chXewjxc+Zb5arnh0SGpYwp8xmm6T7FGeTl9ZDtG6k=", + "lastModified": 1741463959, + "narHash": "sha256-NEQZjpKdR+27hstlMRX3uT8/3v129QsWRiGMBdJ1280=", "ref": "refs/heads/main", - "rev": "16b8939753a70f7dda29107e8c99dc4389aa2542", - "revCount": 57, + "rev": "37dc2870795db46b7499b8dfe1c60404a4b8b8dd", + "revCount": 58, "type": "git", "url": "https://codeberg.org/wolfangaukang/gorin" }, @@ -234,158 +197,98 @@ "url": "https://codeberg.org/wolfangaukang/gorin" } }, - "nix": { - "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": [ - "gorinapp", - "devenv", - "cachix", - "devenv", - "nixpkgs" - ], - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1712911606, - "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", - "owner": "domenkozar", - "repo": "nix", - "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "devenv-2.21", - "repo": "nix", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "gorinapp", - "devenv", - "cachix", - "devenv", - "poetry2nix", - "nixpkgs" - ] - }, + "libgit2": { + "flake": false, "locked": { - "lastModified": 1688870561, - "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301", + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "nix-github-actions", + "owner": "libgit2", + "repo": "libgit2", "type": "github" } }, - "nix_2": { + "nix": { "inputs": { "flake-compat": [ "gorinapp", - "devenv", - "flake-compat" + "devenv" ], - "nixpkgs": [ + "flake-parts": "flake-parts", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_2", + "nixpkgs-23-11": [ "gorinapp", - "devenv", - "nixpkgs" + "devenv" + ], + "nixpkgs-regression": [ + "gorinapp", + "devenv" ], - "nixpkgs-regression": "nixpkgs-regression_2" + "pre-commit-hooks": [ + "gorinapp", + "devenv" + ] }, "locked": { - "lastModified": 1712911606, - "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", + "lastModified": 1734114420, + "narHash": "sha256-n52PUzub5jZWc8nI/sR7UICOheU8rNA+YZ73YaHeCBg=", "owner": "domenkozar", "repo": "nix", - "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", + "rev": "bde6a1a0d1f2af86caa4d20d23eca019f3d57eee", "type": "github" }, "original": { "owner": "domenkozar", - "ref": "devenv-2.21", + "ref": "devenv-2.24", "repo": "nix", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1692808169, - "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9201b5ff357e781bf014d0330d18555695df7ba8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "type": "github" } }, - "nixpkgs-regression_2": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, - "nixpkgs-stable": { + "nixpkgs_2": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { - "lastModified": 1721864797, - "narHash": "sha256-VQ/WeQXEIz6tuET9bZIQ65E7sQ9KnFnhMIgKUoPXc40=", + "lastModified": 1741462378, + "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5d28e331495d871a250900ea8c11bf4a5dc521f3", + "rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9", "type": "github" }, "original": { @@ -394,111 +297,23 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1697009197, - "narHash": "sha256-viVRhBTFT8fPJTb1N3brQIpFZnttmwo3JVKNuWRVc3s=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "01441e14af5e29c9d27ace398e6dd0b293e25a54", - "type": "github" + "lastModified": 0, + "narHash": "sha256-ByfPRQuqj+nhtVV0koinEpmJw0KLzNbgcgi9EF+NVow=", + "path": "/nix/store/a4lkx9hmv2099n6p1rkzxm481hfw7pwr-source", + "type": "path" }, "original": { "id": "nixpkgs", "type": "indirect" } }, - "poetry2nix": { - "inputs": { - "flake-utils": "flake-utils", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "gorinapp", - "devenv", - "cachix", - "devenv", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1692876271, - "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": [ - "gorinapp", - "devenv", - "flake-compat" - ], - "flake-utils": "flake-utils_2", - "gitignore": "gitignore", - "nixpkgs": [ - "gorinapp", - "devenv", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1713775815, - "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "flake-compat": "flake-compat", "gorinapp": "gorinapp", - "nixpkgs": "nixpkgs_3" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" + "nixpkgs": "nixpkgs_4" } } }, diff --git a/flake.nix b/flake.nix index 933e281..11b9f35 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ pkgs = pkgsFor.${system}; in { - default = pkgs.mkShell { packages = (with pkgs; [ docker-compose dockle grype gorin ]); }; + default = pkgs.mkShell { packages = (with pkgs; [ docker-compose dockle grype gorin hadolint ]); }; }); }; } diff --git a/simplerisk-minimal/php81/Dockerfile b/simplerisk-minimal/Dockerfile similarity index 74% rename from simplerisk-minimal/php81/Dockerfile rename to simplerisk-minimal/Dockerfile index 70648c4..da34274 100644 --- a/simplerisk-minimal/php81/Dockerfile +++ b/simplerisk-minimal/Dockerfile @@ -1,28 +1,39 @@ # Dockerfile generated by script -# Using dedicated PHP image with version 8.1 and Apache -FROM php:8.1-apache +ARG php_version=8.3 + +FROM alpine/curl:8.12.1 AS downloader + +SHELL [ "/bin/ash", "-eo", "pipefail", "-c" ] + +RUN mkdir -p /var/www && \ + curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-20250411-001.tgz | tar xz -C /var/www + +FROM php:${php_version}-apache -# Maintained by SimpleRisk LABEL maintainer="Simplerisk " +ENV version=20250411-001 + WORKDIR /var/www +SHELL [ "/bin/bash", "-o", "pipefail", "-c" ] + # Creating keyring env and installing apt dependencies RUN mkdir -p /etc/apt/keyrings && \ apt-get update && \ - apt-get install -y gnupg2 wget lsb-release && \ - wget -qO - http://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg && \ + apt-get install -y --no-install-recommends gnupg2 wget lsb-release && \ + wget -qO - https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ $(lsb_release -cs) mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \ apt-get update && \ - apt-get -y install libldap2-dev \ - libicu-dev \ - libcap2-bin \ - libcurl4-gnutls-dev \ - libpng-dev \ - libzip-dev \ - supervisor \ - cron \ - mysql-community-client && \ + apt-get -y install --no-install-recommends libldap2-dev \ + libicu-dev \ + libcap2-bin \ + libcurl4-gnutls-dev \ + libpng-dev \ + libzip-dev \ + supervisor \ + cron \ + mysql-community-client && \ apt-get -y remove gnupg2 wget lsb-release && \ rm -rf /var/lib/apt/lists/* # Configure all PHP extensions @@ -42,11 +53,8 @@ RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/apache2 && \ apt-get -y purge # Copying all files -COPY common/foreground.sh /etc/apache2/foreground.sh -COPY common/envvars /etc/apache2/envvars -COPY common/000-default.conf /etc/apache2/sites-enabled/000-default.conf -COPY common/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -COPY common/entrypoint.sh /entrypoint.sh +COPY common/ / +COPY --from=downloader /var/www/simplerisk /var/www/simplerisk # Configure Apache RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uploadfilesize.ini && \ @@ -71,13 +79,9 @@ RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uplo sed -i 's/\(ServerTokens\) OS/\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \ sed -i 's/#\(ServerSignature\) On/\1 Off/g' /etc/apache2/conf-enabled/security.conf -# Download and extract SimpleRisk, plus saving release version for database reference +# Cleanup /var/www/, creating Simplerisk user on www-data group and setting up ownerships RUN rm -rf /var/www/html && \ - curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-20250411-001.tgz | tar xz -C /var/www && \ - echo 20250411-001 > /tmp/version - -# Creating Simplerisk user on www-data group and setting up ownerships -RUN useradd -G www-data simplerisk && \ + useradd -G www-data simplerisk && \ chown -R simplerisk:www-data /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \ chmod -R 770 /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \ chmod 755 /entrypoint.sh /etc/apache2/foreground.sh diff --git a/simplerisk-minimal/common/entrypoint.sh b/simplerisk-minimal/common/entrypoint.sh index 4d1893c..3d2e4e5 100644 --- a/simplerisk-minimal/common/entrypoint.sh +++ b/simplerisk-minimal/common/entrypoint.sh @@ -76,7 +76,7 @@ set_config(){ [ -z "${DB_SETUP:-}" ] && exec_cmd "sed -i \"s/\('SIMPLERISK_INSTALLED', \)'false'/\1'true'/g\" $CONFIG_PATH" || true # Testing related operations - if [ "$(cat /tmp/version)" = "testing" ]; then + if [ "$version" = "testing" ]; then exec_cmd "sed -i \"s|//\(define('.*_URL\)|\1|g\" $CONFIG_PATH" fi } @@ -126,14 +126,14 @@ db_setup(){ print_log "initial_setup:info" "Starting database set up" - if [ "$(cat /tmp/version)" == "testing" ]; then + if [ "$version" == "testing" ]; then print_log "initial_setup:info" "Testing version detected. Looking for SQL script (simplerisk.sql) at /var/www/simplerisk/..." SCHEMA_FILE='/var/www/simplerisk/simplerisk.sql' exec_cmd "[ -f $SCHEMA_FILE ]" "SQL script not found. Exiting." else print_log "initial_setup:info" "Downloading schema..." SCHEMA_FILE='/tmp/simplerisk.sql' - exec_cmd "curl -sL https://github.com/simplerisk/database/raw/master/simplerisk-en-$(cat /tmp/version).sql > $SCHEMA_FILE" "Could not download schema from Github. Exiting." + exec_cmd "curl -sL https://github.com/simplerisk/database/raw/master/simplerisk-en-$version.sql > $SCHEMA_FILE" "Could not download schema from Github. Exiting." fi print_log "initial_setup:info" "Applying changes to MySQL database... (MySQL error will be printed to console as guidance)" diff --git a/simplerisk-minimal/common/envvars b/simplerisk-minimal/common/etc/apache2/envvars similarity index 100% rename from simplerisk-minimal/common/envvars rename to simplerisk-minimal/common/etc/apache2/envvars diff --git a/simplerisk-minimal/common/foreground.sh b/simplerisk-minimal/common/etc/apache2/foreground.sh similarity index 100% rename from simplerisk-minimal/common/foreground.sh rename to simplerisk-minimal/common/etc/apache2/foreground.sh diff --git a/simplerisk-minimal/common/000-default.conf b/simplerisk-minimal/common/etc/apache2/sites-enabled/000-default.conf similarity index 100% rename from simplerisk-minimal/common/000-default.conf rename to simplerisk-minimal/common/etc/apache2/sites-enabled/000-default.conf diff --git a/simplerisk-minimal/common/default-ssl.conf b/simplerisk-minimal/common/etc/apache2/sites-enabled/default-ssl.conf similarity index 100% rename from simplerisk-minimal/common/default-ssl.conf rename to simplerisk-minimal/common/etc/apache2/sites-enabled/default-ssl.conf diff --git a/simplerisk-minimal/common/supervisord.conf b/simplerisk-minimal/common/supervisord.conf deleted file mode 100644 index 3c1e9dc..0000000 --- a/simplerisk-minimal/common/supervisord.conf +++ /dev/null @@ -1,149 +0,0 @@ -; Sample supervisor config file. -; -; For more information on the config file, please see: -; http://supervisord.org/configuration.html -; -; Note: shell expansion ("~" or "$HOME") is not supported. Environment -; variables can be expanded using this syntax: "%(ENV_HOME)s". - -[unix_http_server] -file=/tmp/supervisor.sock ; (the path to the socket file) -;chmod=0700 ; socket file mode (default 0700) -;chown=nobody:nogroup ; socket file uid:gid owner -;username=user ; (default is no username (open server)) -;password=123 ; (default is no password (open server)) - -;[inet_http_server] ; inet (TCP) server disabled by default -;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) -;username=user ; (default is no username (open server)) -;password=123 ; (default is no password (open server)) - -[supervisord] -logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log) -logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) -logfile_backups=10 ; (num of main logfile rotation backups;default 10) -loglevel=info ; (log level;default info; others: debug,warn,trace) -pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) -nodaemon=false ; (start in foreground if true;default false) -minfds=1024 ; (min. avail startup file descriptors;default 1024) -minprocs=200 ; (min. avail process descriptors;default 200) -;umask=022 ; (process file creation umask;default 022) -;user=chrism ; (default is current user, required if root) -;identifier=supervisor ; (supervisord identifier, default is 'supervisor') -;directory=/tmp ; (default is not to cd during start) -;nocleanup=true ; (don't clean up tempfiles at start;default false) -;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) -;environment=KEY=value ; (key value pairs to add to environment) -;strip_ansi=false ; (strip ansi escape codes in logs; def. false) - -; the below section must remain in the config file for RPC -; (supervisorctl/web interface) to work, additional interfaces may be -; added by defining them in separate rpcinterface: sections -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket -;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket -;username=chris ; should be same as http_username if set -;password=123 ; should be same as http_password if set -;prompt=mysupervisor ; cmd line prompt (default "supervisor") -;history_file=~/.sc_history ; use readline history if available - -; The below sample program section shows all possible program subsection values, -; create one or more 'real' program: sections to be able to control them under -; supervisor. - -;[program:theprogramname] -;command=/bin/cat ; the program (relative uses PATH, can take args) -;process_name=%(program_name)s ; process_name expr (default %(program_name)s) -;numprocs=1 ; number of processes copies to start (def 1) -;directory=/tmp ; directory to cwd to before exec (def no cwd) -;umask=022 ; umask for process (default None) -;priority=999 ; the relative start priority (default 999) -;autostart=true ; start at supervisord start (default: true) -;autorestart=unexpected ; whether/when to restart (default: unexpected) -;startsecs=1 ; number of secs prog must stay running (def. 1) -;startretries=3 ; max # of serial start failures (default 3) -;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) -;stopsignal=QUIT ; signal used to kill process (default TERM) -;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) -;stopasgroup=false ; send stop signal to the UNIX process group (default false) -;killasgroup=false ; SIGKILL the UNIX process group (def false) -;user=chrism ; setuid to this UNIX account to run the program -;redirect_stderr=true ; redirect proc stderr to stdout (default false) -;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO -;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) -;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -;stdout_events_enabled=false ; emit events on stdout writes (default false) -;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO -;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) -;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -;stderr_events_enabled=false ; emit events on stderr writes (default false) -;environment=A=1,B=2 ; process environment additions (def no adds) -;serverurl=AUTO ; override serverurl computation (childutils) - -; The below sample eventlistener section shows all possible -; eventlistener subsection values, create one or more 'real' -; eventlistener: sections to be able to handle event notifications -; sent by supervisor. - -;[eventlistener:theeventlistenername] -;command=/bin/eventlistener ; the program (relative uses PATH, can take args) -;process_name=%(program_name)s ; process_name expr (default %(program_name)s) -;numprocs=1 ; number of processes copies to start (def 1) -;events=EVENT ; event notif. types to subscribe to (req'd) -;buffer_size=10 ; event buffer queue size (default 10) -;directory=/tmp ; directory to cwd to before exec (def no cwd) -;umask=022 ; umask for process (default None) -;priority=-1 ; the relative start priority (default -1) -;autostart=true ; start at supervisord start (default: true) -;autorestart=unexpected ; whether/when to restart (default: unexpected) -;startsecs=1 ; number of secs prog must stay running (def. 1) -;startretries=3 ; max # of serial start failures (default 3) -;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) -;stopsignal=QUIT ; signal used to kill process (default TERM) -;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) -;stopasgroup=false ; send stop signal to the UNIX process group (default false) -;killasgroup=false ; SIGKILL the UNIX process group (def false) -;user=chrism ; setuid to this UNIX account to run the program -;redirect_stderr=true ; redirect proc stderr to stdout (default false) -;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO -;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) -;stdout_events_enabled=false ; emit events on stdout writes (default false) -;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO -;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stderr_logfile_backups ; # of stderr logfile backups (default 10) -;stderr_events_enabled=false ; emit events on stderr writes (default false) -;environment=A=1,B=2 ; process environment additions -;serverurl=AUTO ; override serverurl computation (childutils) - -; The below sample group section shows all possible group values, -; create one or more 'real' group: sections to create "heterogeneous" -; process groups. - -;[group:thegroupname] -;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions -;priority=999 ; the relative start priority (default 999) - -; The [include] section can just contain the "files" setting. This -; setting can list multiple files (separated by whitespace or -; newlines). It can also contain wildcards. The filenames are -; interpreted as relative to this file. Included files *cannot* -; include files themselves. - -;[include] -;files = relative/directory/*.ini -;mysql and apache2 -[program:httpd] -command=/etc/apache2/foreground.sh -stopsignal=6 -;sshd -;[program:sshd] -;command=/usr/sbin/sshd -D -;stdout_logfile=/var/log/supervisor/%(program_name)s.log -;stderr_logfile=/var/log/supervisor/%(program_name)s.log -;autorestart=true diff --git a/simplerisk-minimal/generate_dockerfile.sh b/simplerisk-minimal/generate_dockerfile.sh index 9a9667f..dbfe900 100755 --- a/simplerisk-minimal/generate_dockerfile.sh +++ b/simplerisk-minimal/generate_dockerfile.sh @@ -2,47 +2,61 @@ set -euo pipefail -readonly MYSQL_KEY_URL='http://repo.mysql.com/RPM-GPG-KEY-mysql-2023' +readonly MYSQL_KEY_URL='https://repo.mysql.com/RPM-GPG-KEY-mysql-2023' SCRIPT_LOCATION="$(dirname "$(readlink -f "$0")")" readonly SCRIPT_LOCATION if [ $# -eq 1 ]; then release=$1 - [ "$release" == "testing" ] && images=('8.1') || images=('8.1' '8.3') else echo "No release version provided. Aborting." && exit 1 fi -for image in "${images[@]}" -do -image_dir="php${image:0:1}${image: -1}" -[ -d "$image_dir" ] || mkdir -p "${SCRIPT_LOCATION}/${image_dir}" -cat << EOF > "${SCRIPT_LOCATION}/${image_dir}/Dockerfile" +cat << EOF > "${SCRIPT_LOCATION}/Dockerfile" # Dockerfile generated by script -# Using dedicated PHP image with version $image and Apache -FROM php:$image-apache +ARG php_version=8.3 + +EOF + +if [ "$release" != "testing" ]; then + cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +FROM alpine/curl:8.12.1 AS downloader + +SHELL [ "/bin/ash", "-eo", "pipefail", "-c" ] + +RUN mkdir -p /var/www && \\ + curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-$release.tgz | tar xz -C /var/www + +EOF +fi + +cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +FROM php:\${php_version}-apache -# Maintained by SimpleRisk LABEL maintainer="Simplerisk " +ENV version=$release + WORKDIR /var/www +SHELL [ "/bin/bash", "-o", "pipefail", "-c" ] + # Creating keyring env and installing apt dependencies RUN mkdir -p /etc/apt/keyrings && \\ apt-get update && \\ - apt-get install -y gnupg2 wget lsb-release && \\ + apt-get install -y --no-install-recommends gnupg2 wget lsb-release && \\ wget -qO - $MYSQL_KEY_URL | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg && \\ echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ \$(lsb_release -cs) mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \\ apt-get update && \\ - apt-get -y install libldap2-dev \\ - libicu-dev \\ - libcap2-bin \\ - libcurl4-gnutls-dev \\ - libpng-dev \\ - libzip-dev \\ - supervisor \\ - cron \\ - mysql-community-client && \\ + apt-get -y install --no-install-recommends libldap2-dev \\ + libicu-dev \\ + libcap2-bin \\ + libcurl4-gnutls-dev \\ + libpng-dev \\ + libzip-dev \\ + supervisor \\ + cron \\ + mysql-community-client && \\ apt-get -y remove gnupg2 wget lsb-release && \\ rm -rf /var/lib/apt/lists/* # Configure all PHP extensions @@ -62,11 +76,18 @@ RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/apache2 && \\ apt-get -y purge # Copying all files -COPY common/foreground.sh /etc/apache2/foreground.sh -COPY common/envvars /etc/apache2/envvars -COPY common/000-default.conf /etc/apache2/sites-enabled/000-default.conf -COPY common/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -COPY common/entrypoint.sh /entrypoint.sh +COPY common/ / +EOF +# shellcheck disable=SC2015 +if [ "$release" == "testing" ]; then + cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +COPY simplerisk/ /var/www/simplerisk +COPY common/simplerisk.sql /var/www/simplerisk/simplerisk.sql +EOF +else + echo "COPY --from=downloader /var/www/simplerisk /var/www/simplerisk" >> "${SCRIPT_LOCATION}/Dockerfile" +fi +cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" # Configure Apache RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uploadfilesize.ini && \\ @@ -91,25 +112,9 @@ RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uplo sed -i 's/\\(ServerTokens\\) OS/\\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \\ sed -i 's/#\\(ServerSignature\\) On/\\1 Off/g' /etc/apache2/conf-enabled/security.conf -# Download and extract SimpleRisk, plus saving release version for database reference +# Cleanup /var/www/, creating Simplerisk user on www-data group and setting up ownerships RUN rm -rf /var/www/html && \\ -EOF - -# shellcheck disable=SC2015 -[ ! "$release" == "testing" ] && echo " curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-$release.tgz | tar xz -C /var/www && \\" >> "${SCRIPT_LOCATION}/${image_dir}/Dockerfile" || true - -echo " echo $release > /tmp/version" >> "${SCRIPT_LOCATION}/${image_dir}/Dockerfile" -if [ "$release" == "testing" ]; then - cat << EOF >> "${SCRIPT_LOCATION}/${image_dir}/Dockerfile" -COPY ./simplerisk/ /var/www/simplerisk -COPY common/simplerisk.sql /var/www/simplerisk/simplerisk.sql -EOF -fi - -cat << EOF >> "${SCRIPT_LOCATION}/${image_dir}/Dockerfile" - -# Creating Simplerisk user on www-data group and setting up ownerships -RUN useradd -G www-data simplerisk && \\ + useradd -G www-data simplerisk && \\ chown -R simplerisk:www-data /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \\ chmod -R 770 /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \\ chmod 755 /entrypoint.sh /etc/apache2/foreground.sh @@ -133,4 +138,3 @@ HEALTHCHECK --interval=1m \\ # Start Apache CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] EOF -done diff --git a/simplerisk-minimal/php83/Dockerfile b/simplerisk-minimal/php83/Dockerfile deleted file mode 100644 index 4994b55..0000000 --- a/simplerisk-minimal/php83/Dockerfile +++ /dev/null @@ -1,102 +0,0 @@ -# Dockerfile generated by script -# Using dedicated PHP image with version 8.3 and Apache -FROM php:8.3-apache - -# Maintained by SimpleRisk -LABEL maintainer="Simplerisk " - -WORKDIR /var/www - -# Creating keyring env and installing apt dependencies -RUN mkdir -p /etc/apt/keyrings && \ - apt-get update && \ - apt-get install -y gnupg2 wget lsb-release && \ - wget -qO - http://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg && \ - echo "deb [signed-by=/etc/apt/keyrings/mysql.gpg] http://repo.mysql.com/apt/debian/ $(lsb_release -cs) mysql-8.0" | tee /etc/apt/sources.list.d/mysql.list && \ - apt-get update && \ - apt-get -y install libldap2-dev \ - libicu-dev \ - libcap2-bin \ - libcurl4-gnutls-dev \ - libpng-dev \ - libzip-dev \ - supervisor \ - cron \ - mysql-community-client && \ - apt-get -y remove gnupg2 wget lsb-release && \ - rm -rf /var/lib/apt/lists/* -# Configure all PHP extensions -RUN docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu && \ - docker-php-ext-install ldap \ - mysqli \ - pdo_mysql \ - curl \ - zip \ - gd \ - intl -# Setting up setcap for port mapping without root and removing packages -RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/apache2 && \ - chmod gu+s /usr/sbin/cron && \ - apt-get -y remove libcap2-bin && \ - apt-get -y autoremove && \ - apt-get -y purge - -# Copying all files -COPY common/foreground.sh /etc/apache2/foreground.sh -COPY common/envvars /etc/apache2/envvars -COPY common/000-default.conf /etc/apache2/sites-enabled/000-default.conf -COPY common/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -COPY common/entrypoint.sh /entrypoint.sh - -# Configure Apache -RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uploadfilesize.ini && \ - echo 'memory_limit = 256M' >> /usr/local/etc/php/conf.d/docker-php-memlimit.ini && \ - echo 'max_input_vars = 3000' >> /usr/local/etc/php/conf.d/docker-php-maxinputvars.ini && \ - echo 'log_errors = On' >> /usr/local/etc/php/conf.d/docker-php-error_logging.ini && \ - echo 'error_log = /dev/stderr' >> /usr/local/etc/php/conf.d/docker-php-error_logging.ini && \ - echo 'display_errors = Off' >> /usr/local/etc/php/conf.d/docker-php-error_logging.ini && \ -# Create SSL Certificates for Apache SSL - echo $(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32}) > /tmp/pass_openssl.txt && \ - mkdir -p /etc/apache2/ssl/ssl.crt /etc/apache2/ssl/ssl.key && \ - openssl genrsa -des3 -passout pass:/tmp/pass_openssl.txt -out /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ - openssl rsa -passin pass:/tmp/pass_openssl.txt -in /etc/apache2/ssl/ssl.key/simplerisk.pass.key -out /etc/apache2/ssl/ssl.key/simplerisk.key && \ - rm /etc/apache2/ssl/ssl.key/simplerisk.pass.key /tmp/pass_openssl.txt && \ - openssl req -new -key /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.csr -subj "/CN=simplerisk" && \ - openssl x509 -req -days 365 -in /etc/apache2/ssl/ssl.crt/simplerisk.csr -signkey /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.crt && \ -# Activate Apache modules - a2enmod headers rewrite ssl && \ - a2enconf security && \ - sed -i 's/\(SSLProtocol\) all -SSLv3/\1 TLSv1.2/g' /etc/apache2/mods-enabled/ssl.conf && \ - sed -i 's/#\(SSLHonorCipherOrder on\)/\1/g' /etc/apache2/mods-enabled/ssl.conf && \ - sed -i 's/\(ServerTokens\) OS/\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \ - sed -i 's/#\(ServerSignature\) On/\1 Off/g' /etc/apache2/conf-enabled/security.conf - -# Download and extract SimpleRisk, plus saving release version for database reference -RUN rm -rf /var/www/html && \ - curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-20250411-001.tgz | tar xz -C /var/www && \ - echo 20250411-001 > /tmp/version - -# Creating Simplerisk user on www-data group and setting up ownerships -RUN useradd -G www-data simplerisk && \ - chown -R simplerisk:www-data /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \ - chmod -R 770 /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \ - chmod 755 /entrypoint.sh /etc/apache2/foreground.sh - -# Data to save -VOLUME [ "/var/log/apache2", "/etc/apache2/ssl", "/var/www/simplerisk" ] - -# Using simplerisk user from here -USER simplerisk - -# Setting up entrypoint -ENTRYPOINT [ "/entrypoint.sh" ] - -# Ports to expose -EXPOSE 80 -EXPOSE 443 - -HEALTHCHECK --interval=1m \ - CMD curl --fail http://localhost || exit 1 - -# Start Apache -CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] diff --git a/simplerisk/Dockerfile b/simplerisk/Dockerfile new file mode 100644 index 0000000..82418dd --- /dev/null +++ b/simplerisk/Dockerfile @@ -0,0 +1,120 @@ +# Dockerfile generated by script +ARG ubuntu_version_code=noble + +FROM alpine/curl:8.12.1 AS downloader + +ARG DB_LANG=en + +SHELL [ "/bin/ash", "-eo", "pipefail", "-c" ] + +RUN mkdir -p /var/www && \ + curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-20250411-001.tgz | tar xz -C /var/www && \ + curl -sL "https://github.com/simplerisk/database/raw/master/simplerisk-$DB_LANG-20250411-001.sql" > /simplerisk.sql + +# Using Ubuntu image +FROM ubuntu:${ubuntu_version_code} + +ENV version=20250411-001 + +# Maintained by SimpleRisk +LABEL maintainer="Simplerisk " + +SHELL [ "/bin/bash", "-o", "pipefail", "-c" ] + +# Make necessary directories +RUN mkdir -p /configurations \ + /etc/apache2/ssl \ + /passwords \ + /var/log/supervisor \ + /var/lib/mysql \ + /var/run/supervisor \ + /var/www/simplerisk + +# Installing apt dependencies +RUN dpkg-divert --local --rename /usr/bin/ischroot && \ + ln -sf /bin/true /usr/bin/ischroot && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends apache2 \ + php \ + php-mysql \ + php-json \ + php-dev \ + php-ldap \ + php-mbstring \ + php-curl \ + php-zip \ + php-gd \ + php-intl \ + php-xml \ + mysql-client \ + mysql-server \ + nfs-common \ + chrony \ + cron \ + vim-tiny \ + sendmail \ + openssl \ + ufw \ + supervisor && \ + rm -rf /var/lib/apt/lists + +# Create the OpenSSL password +RUN echo "$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32})" > /passwords/pass_openssl.txt + +# Install common files +COPY common/ / +COPY --from=downloader /var/www/simplerisk /var/www/simplerisk +COPY --from=downloader /simplerisk.sql /simplerisk.sql + +# Configure MySQL +RUN sed -i 's/\[mysqld\]/\[mysqld\]\nsql-mode="NO_ENGINE_SUBSTITUTION"/g' /etc/mysql/mysql.conf.d/mysqld.cnf + +# Configure Apache +RUN php_version="$(php -v | grep -oP '^PHP \K[0-9]+\.[0-9]+')" && \ + sed -i 's/\(upload_max_filesize =\) .*\(M\)/\1 5\2/g' "/etc/php/$php_version/apache2/php.ini" && \ + sed -i 's/\(memory_limit =\) .*\(M\)/\1 256\2/g' "/etc/php/$php_version/apache2/php.ini" && \ + sed -i 's/;.*\(max_input_vars =\) .*/\1 3000/g' "/etc/php/$php_version/apache2/php.ini" && \ + sed -i 's/;.*\(display_errors =\) .*/\1 Off/g' "/etc/php/$php_version/apache2/php.ini" + +# Create SSL Certificates for Apache SSL +RUN mkdir -p /etc/apache2/ssl/ssl.crt /etc/apache2/ssl/ssl.key && \ + openssl genrsa -des3 -passout file:/passwords/pass_openssl.txt -out /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ + openssl rsa -passin file:/passwords/pass_openssl.txt -in /etc/apache2/ssl/ssl.key/simplerisk.pass.key -out /etc/apache2/ssl/ssl.key/simplerisk.key && \ + rm /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ + openssl req -new -key /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.csr -subj "/CN=simplerisk" && \ + openssl x509 -req -days 365 -in /etc/apache2/ssl/ssl.crt/simplerisk.csr -signkey /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.crt + +# Activate Apache modules +RUN phpenmod ldap && \ + a2enmod headers rewrite ssl && \ + a2enconf security && \ + sed -i 's/\(SSLProtocol\) all -SSLv3/\1 TLSv1.2/g' /etc/apache2/mods-enabled/ssl.conf && \ + sed -i 's/#\(SSLHonorCipherOrder on\)/\1/g' /etc/apache2/mods-enabled/ssl.conf && \ + sed -i 's/\(ServerTokens\) OS/\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \ + sed -i 's/\(ServerSignature\) On/\1 Off/g' /etc/apache2/conf-enabled/security.conf + +# Permissions +RUN chown -R www-data: /var/www/simplerisk + +# Setting up cronjob +RUN echo "* * * * * /usr/bin/php -f /var/www/simplerisk/cron/cron.php > /dev/null 2>&1" >> /etc/cron.d/backup-cron && \ + chmod 0644 /etc/cron.d/backup-cron && \ + crontab /etc/cron.d/backup-cron + +EXPOSE 80 +EXPOSE 443 + +# Create the start script and set permissions +RUN chmod 755 /entrypoint.sh /etc/apache2/foreground.sh + +# Data to save +VOLUME [ "/passwords", "/configurations", "/var/log", "/var/lib/mysql", "/etc/apache2/ssl", "/var/www/simplerisk" ] + +# Setting up entrypoint +ENTRYPOINT [ "/entrypoint.sh" ] + +HEALTHCHECK --interval=1m \ + CMD curl --fail http://localhost || exit 1 + +# Start Apache and MySQL +CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] diff --git a/simplerisk/common/entrypoint.sh b/simplerisk/common/entrypoint.sh index ac676ec..3db90f2 100644 --- a/simplerisk/common/entrypoint.sh +++ b/simplerisk/common/entrypoint.sh @@ -38,7 +38,7 @@ set_config(){ SIMPLERISK_DB_DATABASE=simplerisk && sed -i "s/\('DB_DATABASE', '\).*\(');\)/\1$SIMPLERISK_DB_DATABASE\2/g" $CONFIG_PATH # shellcheck disable=SC2015 - [ "$(cat /tmp/version)" == "testing" ] && sed -i "s|//\(define('.*_URL\)|\1|g" $CONFIG_PATH || true + [ "${version:-}" == "testing" ] && sed -i "s|//\(define('.*_URL\)|\1|g" $CONFIG_PATH || true # Create a file so this doesn't run again touch /configurations/simplerisk-config-configured @@ -91,6 +91,8 @@ unset_variables() { _main() { print_log "startup:general" "Starting SimpleRisk container..." + echo "Version is $version" + set_config configure_db unset_variables diff --git a/simplerisk/common/envvars b/simplerisk/common/etc/apache2/envvars similarity index 100% rename from simplerisk/common/envvars rename to simplerisk/common/etc/apache2/envvars diff --git a/simplerisk/common/foreground.sh b/simplerisk/common/etc/apache2/foreground.sh similarity index 100% rename from simplerisk/common/foreground.sh rename to simplerisk/common/etc/apache2/foreground.sh diff --git a/simplerisk/common/000-default.conf b/simplerisk/common/etc/apache2/sites-enabled/000-default.conf similarity index 100% rename from simplerisk/common/000-default.conf rename to simplerisk/common/etc/apache2/sites-enabled/000-default.conf diff --git a/simplerisk/common/default-ssl.conf b/simplerisk/common/etc/apache2/sites-enabled/default-ssl.conf similarity index 100% rename from simplerisk/common/default-ssl.conf rename to simplerisk/common/etc/apache2/sites-enabled/default-ssl.conf diff --git a/simplerisk/common/supervisord.conf b/simplerisk/common/etc/supervisor/supervisord.conf similarity index 100% rename from simplerisk/common/supervisord.conf rename to simplerisk/common/etc/supervisor/supervisord.conf diff --git a/simplerisk/generate_dockerfile.sh b/simplerisk/generate_dockerfile.sh index ab6e29c..c096d50 100755 --- a/simplerisk/generate_dockerfile.sh +++ b/simplerisk/generate_dockerfile.sh @@ -7,31 +7,42 @@ readonly SCRIPT_LOCATION if [ $# -eq 1 ]; then release=$1 - [ "$release" == "testing" ] && images=('jammy') || images=('jammy' 'noble') else echo "No release version provided. Aborting." && exit 1 fi -for image in "${images[@]}" -do -case "$image" in - 'jammy') php_version='8.1';; - 'noble') php_version='8.3';; -esac +cat << EOF > "${SCRIPT_LOCATION}/Dockerfile" +# Dockerfile generated by script +ARG ubuntu_version_code=noble + +EOF + +if [ "$release" != "testing" ]; then + cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +FROM alpine/curl:8.12.1 AS downloader -if [ ! -d "${SCRIPT_LOCATION}/${image}" ]; then - mkdir "${SCRIPT_LOCATION}/${image}" +ARG DB_LANG=en + +SHELL [ "/bin/ash", "-eo", "pipefail", "-c" ] + +RUN mkdir -p /var/www && \\ + curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-$release.tgz | tar xz -C /var/www && \\ + curl -sL "https://github.com/simplerisk/database/raw/master/simplerisk-\$DB_LANG-$release.sql" > /simplerisk.sql + +EOF fi -cat << EOF > "${SCRIPT_LOCATION}/${image}/Dockerfile" -# Dockerfile generated by script +cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +# Using Ubuntu image +FROM ubuntu:\${ubuntu_version_code} -# Using Ubuntu $image image -FROM ubuntu:$image +ENV version=$release # Maintained by SimpleRisk LABEL maintainer="Simplerisk " +SHELL [ "/bin/bash", "-o", "pipefail", "-c" ] + # Make necessary directories RUN mkdir -p /configurations \\ /etc/apache2/ssl \\ @@ -45,85 +56,77 @@ RUN mkdir -p /configurations \\ RUN dpkg-divert --local --rename /usr/bin/ischroot && \\ ln -sf /bin/true /usr/bin/ischroot && \\ apt-get update && \\ - DEBIAN_FRONTEND=noninteractive apt-get -y install apache2 \\ - php \\ - php-mysql \\ - php-json \\ - php-dev \\ - php-ldap \\ - php-mbstring \\ - php-curl \\ - php-zip \\ - php-gd \\ - php-intl \\ - mysql-client \\ - mysql-server \\ - nfs-common \\ - chrony \\ - cron \\ - vim-tiny \\ - sendmail \\ - openssl \\ - ufw \\ - supervisor && \\ + DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends apache2 \\ + php \\ + php-mysql \\ + php-json \\ + php-dev \\ + php-ldap \\ + php-mbstring \\ + php-curl \\ + php-zip \\ + php-gd \\ + php-intl \\ + php-xml \\ + mysql-client \\ + mysql-server \\ + nfs-common \\ + chrony \\ + cron \\ + vim-tiny \\ + sendmail \\ + openssl \\ + ufw \\ + supervisor && \\ rm -rf /var/lib/apt/lists # Create the OpenSSL password -RUN < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c21 > /passwords/pass_openssl.txt +RUN echo "\$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c\${1:-32})" > /passwords/pass_openssl.txt + +# Install common files +COPY common/ / +EOF +if [ "$release" == "testing" ]; then + cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +COPY common/simplerisk.sql /simplerisk.sql +COPY ./simplerisk/ /var/www/simplerisk + +EOF +else + cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" +COPY --from=downloader /var/www/simplerisk /var/www/simplerisk +COPY --from=downloader /simplerisk.sql /simplerisk.sql -# Install and configure supervisor -COPY common/supervisord.conf /etc/supervisor/supervisord.conf +EOF +fi +cat << EOF >> "${SCRIPT_LOCATION}/Dockerfile" # Configure MySQL RUN sed -i 's/\[mysqld\]/\[mysqld\]\nsql-mode="NO_ENGINE_SUBSTITUTION"/g' /etc/mysql/mysql.conf.d/mysqld.cnf # Configure Apache -COPY common/foreground.sh /etc/apache2/foreground.sh -COPY common/envvars /etc/apache2/envvars -COPY common/000-default.conf /etc/apache2/sites-enabled/000-default.conf -COPY common/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -RUN sed -i 's/\\(upload_max_filesize =\\) .*\\(M\\)/\\1 5\\2/g' /etc/php/$php_version/apache2/php.ini && \\ - sed -i 's/\\(memory_limit =\\) .*\\(M\\)/\\1 256\\2/g' /etc/php/$php_version/apache2/php.ini && \\ - sed -i 's/;.*\\(max_input_vars =\\) .*/\\1 3000/g' /etc/php/$php_version/apache2/php.ini && \\ - sed -i 's/;.*\(display_errors =\) .*/\1 Off/g' /etc/php/$php_version/apache2/php.ini +RUN php_version="\$(php -v | grep -oP '^PHP \K[0-9]+\.[0-9]+')" && \\ + sed -i 's/\\(upload_max_filesize =\\) .*\\(M\\)/\\1 5\\2/g' "/etc/php/\$php_version/apache2/php.ini" && \\ + sed -i 's/\\(memory_limit =\\) .*\\(M\\)/\\1 256\\2/g' "/etc/php/\$php_version/apache2/php.ini" && \\ + sed -i 's/;.*\\(max_input_vars =\\) .*/\\1 3000/g' "/etc/php/\$php_version/apache2/php.ini" && \\ + sed -i 's/;.*\(display_errors =\) .*/\1 Off/g' "/etc/php/\$php_version/apache2/php.ini" # Create SSL Certificates for Apache SSL RUN mkdir -p /etc/apache2/ssl/ssl.crt /etc/apache2/ssl/ssl.key && \\ - openssl genrsa -des3 -passout file:/passwords/pass_openssl.txt -out /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \\ - openssl rsa -passin file:/passwords/pass_openssl.txt -in /etc/apache2/ssl/ssl.key/simplerisk.pass.key -out /etc/apache2/ssl/ssl.key/simplerisk.key && \\ - rm /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \\ - openssl req -new -key /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.csr -subj "/CN=simplerisk" && \\ - openssl x509 -req -days 365 -in /etc/apache2/ssl/ssl.crt/simplerisk.csr -signkey /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.crt + openssl genrsa -des3 -passout file:/passwords/pass_openssl.txt -out /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \\ + openssl rsa -passin file:/passwords/pass_openssl.txt -in /etc/apache2/ssl/ssl.key/simplerisk.pass.key -out /etc/apache2/ssl/ssl.key/simplerisk.key && \\ + rm /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \\ + openssl req -new -key /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.csr -subj "/CN=simplerisk" && \\ + openssl x509 -req -days 365 -in /etc/apache2/ssl/ssl.crt/simplerisk.csr -signkey /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.crt # Activate Apache modules RUN phpenmod ldap && \\ - a2enmod headers rewrite ssl && \\ - a2enconf security && \\ - sed -i 's/\\(SSLProtocol\\) all -SSLv3/\\1 TLSv1.2/g' /etc/apache2/mods-enabled/ssl.conf && \\ - sed -i 's/#\\(SSLHonorCipherOrder on\\)/\\1/g' /etc/apache2/mods-enabled/ssl.conf && \\ - sed -i 's/\\(ServerTokens\\) OS/\\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \\ - sed -i 's/\\(ServerSignature\\) On/\\1 Off/g' /etc/apache2/conf-enabled/security.conf - -RUN echo %sudo ALL=NOPASSWD: ALL >> /etc/sudoers && \\ - echo "$release" > /tmp/version - -EOF - -if [ "$release" == "testing" ]; then - cat << EOF >> "${SCRIPT_LOCATION}/${image}/Dockerfile" -COPY ./simplerisk/ /var/www/simplerisk -COPY common/simplerisk.sql /simplerisk.sql -EOF -else - cat << EOF >> "${SCRIPT_LOCATION}/${image}/Dockerfile" -# Download SimpleRisk -RUN rm -rf /var/www/html && \\ - curl -sL https://github.com/simplerisk/database/raw/master/simplerisk-en-$release.sql > /simplerisk.sql && \\ - curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-$release.tgz | tar xz -C /var/www -EOF -fi - -cat << EOF >> "${SCRIPT_LOCATION}/${image}/Dockerfile" + a2enmod headers rewrite ssl && \\ + a2enconf security && \\ + sed -i 's/\\(SSLProtocol\\) all -SSLv3/\\1 TLSv1.2/g' /etc/apache2/mods-enabled/ssl.conf && \\ + sed -i 's/#\\(SSLHonorCipherOrder on\\)/\\1/g' /etc/apache2/mods-enabled/ssl.conf && \\ + sed -i 's/\\(ServerTokens\\) OS/\\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \\ + sed -i 's/\\(ServerSignature\\) On/\\1 Off/g' /etc/apache2/conf-enabled/security.conf # Permissions RUN chown -R www-data: /var/www/simplerisk @@ -137,7 +140,6 @@ EXPOSE 80 EXPOSE 443 # Create the start script and set permissions -COPY common/entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh /etc/apache2/foreground.sh # Data to save @@ -152,4 +154,3 @@ HEALTHCHECK --interval=1m \\ # Start Apache and MySQL CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] EOF -done diff --git a/simplerisk/jammy/Dockerfile b/simplerisk/jammy/Dockerfile deleted file mode 100644 index 3965c99..0000000 --- a/simplerisk/jammy/Dockerfile +++ /dev/null @@ -1,114 +0,0 @@ -# Dockerfile generated by script - -# Using Ubuntu jammy image -FROM ubuntu:jammy - -# Maintained by SimpleRisk -LABEL maintainer="Simplerisk " - -# Make necessary directories -RUN mkdir -p /configurations \ - /etc/apache2/ssl \ - /passwords \ - /var/log/supervisor \ - /var/lib/mysql \ - /var/run/supervisor \ - /var/www/simplerisk - -# Installing apt dependencies -RUN dpkg-divert --local --rename /usr/bin/ischroot && \ - ln -sf /bin/true /usr/bin/ischroot && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get -y install apache2 \ - php \ - php-mysql \ - php-json \ - php-dev \ - php-ldap \ - php-mbstring \ - php-curl \ - php-zip \ - php-gd \ - php-intl \ - mysql-client \ - mysql-server \ - nfs-common \ - chrony \ - cron \ - vim-tiny \ - sendmail \ - openssl \ - ufw \ - supervisor && \ - rm -rf /var/lib/apt/lists - -# Create the OpenSSL password -RUN < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c21 > /passwords/pass_openssl.txt - -# Install and configure supervisor -COPY common/supervisord.conf /etc/supervisor/supervisord.conf - -# Configure MySQL -RUN sed -i 's/\[mysqld\]/\[mysqld\]\nsql-mode="NO_ENGINE_SUBSTITUTION"/g' /etc/mysql/mysql.conf.d/mysqld.cnf - -# Configure Apache -COPY common/foreground.sh /etc/apache2/foreground.sh -COPY common/envvars /etc/apache2/envvars -COPY common/000-default.conf /etc/apache2/sites-enabled/000-default.conf -COPY common/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -RUN sed -i 's/\(upload_max_filesize =\) .*\(M\)/\1 5\2/g' /etc/php/8.1/apache2/php.ini && \ - sed -i 's/\(memory_limit =\) .*\(M\)/\1 256\2/g' /etc/php/8.1/apache2/php.ini && \ - sed -i 's/;.*\(max_input_vars =\) .*/\1 3000/g' /etc/php/8.1/apache2/php.ini && \ - sed -i 's/;.*\(display_errors =\) .*/\1 Off/g' /etc/php/8.1/apache2/php.ini - -# Create SSL Certificates for Apache SSL -RUN mkdir -p /etc/apache2/ssl/ssl.crt /etc/apache2/ssl/ssl.key && \ - openssl genrsa -des3 -passout file:/passwords/pass_openssl.txt -out /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ - openssl rsa -passin file:/passwords/pass_openssl.txt -in /etc/apache2/ssl/ssl.key/simplerisk.pass.key -out /etc/apache2/ssl/ssl.key/simplerisk.key && \ - rm /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ - openssl req -new -key /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.csr -subj "/CN=simplerisk" && \ - openssl x509 -req -days 365 -in /etc/apache2/ssl/ssl.crt/simplerisk.csr -signkey /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.crt - -# Activate Apache modules -RUN phpenmod ldap && \ - a2enmod headers rewrite ssl && \ - a2enconf security && \ - sed -i 's/\(SSLProtocol\) all -SSLv3/\1 TLSv1.2/g' /etc/apache2/mods-enabled/ssl.conf && \ - sed -i 's/#\(SSLHonorCipherOrder on\)/\1/g' /etc/apache2/mods-enabled/ssl.conf && \ - sed -i 's/\(ServerTokens\) OS/\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \ - sed -i 's/\(ServerSignature\) On/\1 Off/g' /etc/apache2/conf-enabled/security.conf - -RUN echo %sudo ALL=NOPASSWD: ALL >> /etc/sudoers && \ - echo "20250411-001" > /tmp/version - -# Download SimpleRisk -RUN rm -rf /var/www/html && \ - curl -sL https://github.com/simplerisk/database/raw/master/simplerisk-en-20250411-001.sql > /simplerisk.sql && \ - curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-20250411-001.tgz | tar xz -C /var/www - -# Permissions -RUN chown -R www-data: /var/www/simplerisk - -# Setting up cronjob -RUN echo "* * * * * /usr/bin/php -f /var/www/simplerisk/cron/cron.php > /dev/null 2>&1" >> /etc/cron.d/backup-cron && \ - chmod 0644 /etc/cron.d/backup-cron && \ - crontab /etc/cron.d/backup-cron - -EXPOSE 80 -EXPOSE 443 - -# Create the start script and set permissions -COPY common/entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh /etc/apache2/foreground.sh - -# Data to save -VOLUME [ "/passwords", "/configurations", "/var/log", "/var/lib/mysql", "/etc/apache2/ssl", "/var/www/simplerisk" ] - -# Setting up entrypoint -ENTRYPOINT [ "/entrypoint.sh" ] - -HEALTHCHECK --interval=1m \ - CMD curl --fail http://localhost || exit 1 - -# Start Apache and MySQL -CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] diff --git a/simplerisk/noble/Dockerfile b/simplerisk/noble/Dockerfile deleted file mode 100644 index dd3147b..0000000 --- a/simplerisk/noble/Dockerfile +++ /dev/null @@ -1,114 +0,0 @@ -# Dockerfile generated by script - -# Using Ubuntu noble image -FROM ubuntu:noble - -# Maintained by SimpleRisk -LABEL maintainer="Simplerisk " - -# Make necessary directories -RUN mkdir -p /configurations \ - /etc/apache2/ssl \ - /passwords \ - /var/log/supervisor \ - /var/lib/mysql \ - /var/run/supervisor \ - /var/www/simplerisk - -# Installing apt dependencies -RUN dpkg-divert --local --rename /usr/bin/ischroot && \ - ln -sf /bin/true /usr/bin/ischroot && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get -y install apache2 \ - php \ - php-mysql \ - php-json \ - php-dev \ - php-ldap \ - php-mbstring \ - php-curl \ - php-zip \ - php-gd \ - php-intl \ - mysql-client \ - mysql-server \ - nfs-common \ - chrony \ - cron \ - vim-tiny \ - sendmail \ - openssl \ - ufw \ - supervisor && \ - rm -rf /var/lib/apt/lists - -# Create the OpenSSL password -RUN < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c21 > /passwords/pass_openssl.txt - -# Install and configure supervisor -COPY common/supervisord.conf /etc/supervisor/supervisord.conf - -# Configure MySQL -RUN sed -i 's/\[mysqld\]/\[mysqld\]\nsql-mode="NO_ENGINE_SUBSTITUTION"/g' /etc/mysql/mysql.conf.d/mysqld.cnf - -# Configure Apache -COPY common/foreground.sh /etc/apache2/foreground.sh -COPY common/envvars /etc/apache2/envvars -COPY common/000-default.conf /etc/apache2/sites-enabled/000-default.conf -COPY common/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -RUN sed -i 's/\(upload_max_filesize =\) .*\(M\)/\1 5\2/g' /etc/php/8.3/apache2/php.ini && \ - sed -i 's/\(memory_limit =\) .*\(M\)/\1 256\2/g' /etc/php/8.3/apache2/php.ini && \ - sed -i 's/;.*\(max_input_vars =\) .*/\1 3000/g' /etc/php/8.3/apache2/php.ini && \ - sed -i 's/;.*\(display_errors =\) .*/\1 Off/g' /etc/php/8.3/apache2/php.ini - -# Create SSL Certificates for Apache SSL -RUN mkdir -p /etc/apache2/ssl/ssl.crt /etc/apache2/ssl/ssl.key && \ - openssl genrsa -des3 -passout file:/passwords/pass_openssl.txt -out /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ - openssl rsa -passin file:/passwords/pass_openssl.txt -in /etc/apache2/ssl/ssl.key/simplerisk.pass.key -out /etc/apache2/ssl/ssl.key/simplerisk.key && \ - rm /etc/apache2/ssl/ssl.key/simplerisk.pass.key && \ - openssl req -new -key /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.csr -subj "/CN=simplerisk" && \ - openssl x509 -req -days 365 -in /etc/apache2/ssl/ssl.crt/simplerisk.csr -signkey /etc/apache2/ssl/ssl.key/simplerisk.key -out /etc/apache2/ssl/ssl.crt/simplerisk.crt - -# Activate Apache modules -RUN phpenmod ldap && \ - a2enmod headers rewrite ssl && \ - a2enconf security && \ - sed -i 's/\(SSLProtocol\) all -SSLv3/\1 TLSv1.2/g' /etc/apache2/mods-enabled/ssl.conf && \ - sed -i 's/#\(SSLHonorCipherOrder on\)/\1/g' /etc/apache2/mods-enabled/ssl.conf && \ - sed -i 's/\(ServerTokens\) OS/\1 Prod/g' /etc/apache2/conf-enabled/security.conf && \ - sed -i 's/\(ServerSignature\) On/\1 Off/g' /etc/apache2/conf-enabled/security.conf - -RUN echo %sudo ALL=NOPASSWD: ALL >> /etc/sudoers && \ - echo "20250411-001" > /tmp/version - -# Download SimpleRisk -RUN rm -rf /var/www/html && \ - curl -sL https://github.com/simplerisk/database/raw/master/simplerisk-en-20250411-001.sql > /simplerisk.sql && \ - curl -sL https://simplerisk-downloads.s3.amazonaws.com/public/bundles/simplerisk-20250411-001.tgz | tar xz -C /var/www - -# Permissions -RUN chown -R www-data: /var/www/simplerisk - -# Setting up cronjob -RUN echo "* * * * * /usr/bin/php -f /var/www/simplerisk/cron/cron.php > /dev/null 2>&1" >> /etc/cron.d/backup-cron && \ - chmod 0644 /etc/cron.d/backup-cron && \ - crontab /etc/cron.d/backup-cron - -EXPOSE 80 -EXPOSE 443 - -# Create the start script and set permissions -COPY common/entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh /etc/apache2/foreground.sh - -# Data to save -VOLUME [ "/passwords", "/configurations", "/var/log", "/var/lib/mysql", "/etc/apache2/ssl", "/var/www/simplerisk" ] - -# Setting up entrypoint -ENTRYPOINT [ "/entrypoint.sh" ] - -HEALTHCHECK --interval=1m \ - CMD curl --fail http://localhost || exit 1 - -# Start Apache and MySQL -CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]