Add PHP 8 flavour and Github Action

NITEMAN · NITEMAN · commit 9e17002723dd · 2024-04-18T18:09:55.000+02:00
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,125 @@
+---
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+#  schedule:
+#    - cron: '44 18 * * *'
+  push:
+    branches:
+    - "master"
+#  pull_request:
+#    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    strategy:
+      matrix:
+        include:
+          - os_release: bullseye
+            php_version: 7
+          - os_release: bookworm
+            php_version: 8
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@v3.3.0
+        with:
+          cosign-release: 'v2.2.2'
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into remote registry ${{ vars.REMOTE_REGISTRY }}
+        if: ${{ vars.REMOTE_REGISTRY != '' && github.event_name != 'pull_request' }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.REMOTE_REGISTRY != 'index.docker.io' && vars.REMOTE_REGISTRY || null }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASS }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5.5.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: ${{ matrix.php_version }}-${{ matrix.os_release }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata for ${{ vars.REMOTE_REGISTRY }}
+        id: meta-remote
+        if: ${{ vars.REMOTE_REGISTRY != '' }}
+        uses: docker/metadata-action@v5.5.1
+        with:
+          images: ${{ vars.REMOTE_REGISTRY }}/${{ vars.REMOTE_IMAGE_NAME }}
+          tags: ${{ matrix.php_version }}-${{ matrix.os_release }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        with:
+          file: Dockerfile.${{ matrix.os_release }}
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: |
+            ${{ steps.meta.outputs.tags}}
+            ${{ steps.meta-remote.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
diff --git a/Dockerfile.bookworm b/Dockerfile.bookworm
@@ -0,0 +1,96 @@
+# Choose the desired PHP version
+# Choices available at https://hub.docker.com/_/php/ stick to "-cli" versions recommended
+ARG PHP_VERSION=8
+ARG FLAVOUR=cli-bookworm
+ARG BASE_IMAGE=${PHP_VERSION}-${FLAVOUR}
+
+FROM php:${BASE_IMAGE}
+# Re-load needed ARGS. See https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
+ARG FLAVOUR
+
+
+LABEL maintainer="Sbit.io <soporte@sbit.io>"
+
+ENV TARGET_DIR="/usr/local/lib/php-qa" \
+    COMPOSER_ALLOW_SUPERUSER=1 \
+    TIMEZONE=Europe/Madrid \
+    LOCALE=es_ES.UTF-8 \
+    LOCALE_CHARSET=UTF-8 \
+    PHP_MEMORY_LIMIT=1G
+
+ENV PATH=$PATH:$TARGET_DIR/vendor/bin
+
+RUN mkdir -p $TARGET_DIR
+
+WORKDIR $TARGET_DIR
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN echo "deb http://deb.debian.org/debian ${FLAVOUR#*-}-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list \
+ && apt-get update -qq \
+ && echo "locales locales/default_environment_locale select $LOCALE" | debconf-set-selections \
+ && echo "locales locales/locales_to_be_generated select $LOCALE $LOCALE_CHARSET" | debconf-set-selections \
+ && DEBIAN_FRONTEND=noninteractive \
+    apt-get install -yqq -o=Dpkg::Use-Pty=0 --no-install-recommends \
+      -V \
+      locales=2.* \
+      wget=1.* \
+      gpg=2.* gpg-agent=2.* dirmngr=2.* \
+      zip=3.* \
+      unzip=6.* \
+      python3-pkg-resources=66.* \
+      git=1:2.39.* \
+      libxml2-dev=2.* \
+      libxslt1-dev=1.* \
+      yamllint=1.* \
+ && docker-php-ext-install xml xsl \
+ && docker-php-ext-install "-j$(nproc)" intl \
+ && docker-php-ext-install "-j$(nproc)" mysqli \
+ && docker-php-ext-install "-j$(nproc)" pdo_mysql \
+ && rm -rf /var/lib/apt/lists/* \
+ && apt-get clean -yqq
+
+
+ENV LANG=$LOCALE
+ENV LANGUAGE=$LOCALE
+ENV LC_ALL=$LOCALE
+
+RUN printf '[PHP]\nmemory_limit=%s' "${PHP_MEMORY_LIMIT}" >> "$PHP_INI_DIR/conf.d/overrides.ini"
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+
+# Run composer installation of needed tools
+RUN composer config --no-plugins --global allow-plugins.dealerdirect/phpcodesniffer-composer-installer true \
+ && composer require --prefer-stable --prefer-dist \
+       "squizlabs/php_codesniffer:^3.0" \
+       "phpunit/phpunit:^10.0" \
+       "phploc/phploc:^8.0.x-dev" \
+       "pdepend/pdepend:^2.5" \
+       "phpmd/phpmd:^2.6" \
+       #"sebastian/phpcpd:^6.0" \
+       "friendsofphp/php-cs-fixer:^2.14" \
+       "phpcompatibility/php-compatibility:^9.0" \
+       "phpmetrics/phpmetrics:^2.4" \
+       "phpstan/phpstan:^0.11" \
+       "drupal/coder:^8.3.1 !=8.3.16" \
+       "dealerdirect/phpcodesniffer-composer-installer" \
+       "mglaman/phpstan-drupal" \
+       "edgedesign/phpqa" \
+         # phpqa suggested tools
+         # See https://github.com/EdgedesignCZ/phpqa/blob/master/bin/suggested-tools.sh#L16
+         "php-parallel-lint/php-parallel-lint" \
+         "php-parallel-lint/php-console-highlighter" \
+         "phpstan/phpstan" \
+         # phpstan dependency
+           "nette/neon" \
+         "qossmic/deptrac-shim" \
+         "friendsofphp/php-cs-fixer:>=2" \
+         "vimeo/psalm:>=2" \
+         "enlightn/security-checker"
+
+# Phive installs, needed since phpcpd is archived and somewhat incompatible
+RUN wget -O phive.phar https://phar.io/releases/phive.phar \
+ && wget -O phive.phar.asc https://phar.io/releases/phive.phar.asc \
+ && gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x9D8A98B29B2D5D79 \
+ && gpg --verify phive.phar.asc phive.phar \
+ && chmod +x phive.phar \
+ && mv phive.phar /usr/local/bin/phive
diff --git a/Dockerfile.bullseye b/Dockerfile.bullseye
@@ -1,6 +1,12 @@
 # Choose the desired PHP version
 # Choices available at https://hub.docker.com/_/php/ stick to "-cli" versions recommended
-FROM php:7.4-cli-bullseye
+ARG PHP_VERSION=7
+ARG FLAVOUR=cli-bullseye
+ARG BASE_IMAGE=${PHP_VERSION}-${FLAVOUR}
+
+FROM php:${BASE_IMAGE}
+# Re-load needed ARGS. See https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
+ARG FLAVOUR
 
 LABEL maintainer="Sbit.io <soporte@sbit.io>"
 
@@ -18,7 +24,7 @@ RUN mkdir -p $TARGET_DIR
 WORKDIR $TARGET_DIR
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN echo "deb http://deb.debian.org/debian bullseye-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list \
+RUN echo "deb http://deb.debian.org/debian ${FLAVOUR#*-}-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list \
  && apt-get update -qq \
  && echo "locales locales/default_environment_locale select $LOCALE" | debconf-set-selections \
  && echo "locales locales/locales_to_be_generated select $LOCALE $LOCALE_CHARSET" | debconf-set-selections \
diff --git a/README.md b/README.md
@@ -19,13 +19,18 @@ More specifically this includes:
 - phpstan/phpstan
 - edgedesign/phpqa
 
+There are curently 3 flavours [published in Docker Hub](https://hub.docker.com/r/sbitio/php-qa/):
+- 8-bookworm: Based on PHP's `8-cli-bookworm` tag
+- 7-bulleye: Based on PHP's `7-cli-bullseye` tag
+- latest: Previous version to be deprecated in the future
+
 ## Usage
 
 Note: This image does nothing when invoking it without a followup command, such as:
 
 ```bash
 cd </path/to/desired/directory>
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest <desired-command-with-arguments>
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm <desired-command-with-arguments>
 ```
 
 Windows users: The use of "$PWD" for present working directory will not work as expected, instead use the full path.
@@ -74,7 +79,7 @@ php -d memory_limit=1G
 See https://github.com/EdgedesignCZ/phpqa for more usage details of this tool, its a very convenient wrapper for most of the tools included.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   phpqa --report offline
 ```
 
@@ -83,7 +88,7 @@ docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
 See https://github.com/sebastianbergmann/phploc for more usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   phploc -v --names "*.php" \
     --exclude "vendor" . > ./php_code_quality/phploc.txt
 ```
@@ -93,7 +98,7 @@ docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
 See https://phpmd.org/download/index.html for more usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   phpmd . xml codesize --exclude 'vendor' \
     --reportfile './php_code_quality/phpmd_results.xml'
 ```
@@ -103,7 +108,7 @@ docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
 See https://pdepend.org/ for more usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   pdepend --ignore='vendor' \
     --summary-xml='./php_code_quality/pdepend_output.xml' \
     --jdepend-chart='./php_code_quality/pdepend_chart.svg' \
@@ -115,7 +120,7 @@ docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
 See https://github.com/sebastianbergmann/phpcpd for more usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   phpcpd . \
     --exclude 'vendor' > ./php_code_quality/phpcpd_results.txt
 ```
@@ -125,7 +130,7 @@ docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
 See http://www.phpmetrics.org/ for more usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   phpmetrics --excluded-dirs 'vendor' \
     --report-html=./php_code_quality/metrics_results .
 ```
@@ -135,7 +140,7 @@ docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
 See https://github.com/squizlabs/PHP_CodeSniffer/wiki for more usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm \
   phpcs -sv --extensions=php --ignore=vendor \
     --report-file=./php_code_quality/codesniffer_results.txt .
 ```
@@ -146,7 +151,7 @@ See https://github.com/PHPCompatibility/PHPCompatibility and https://github.com/
 usage details of this tool.
 
 ```bash
-docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:latest sh -c \
+docker run -it --rm -v "$PWD":/app -w /app sbitio/php-qa:8-cli-bookworm sh -c \
   'phpcs -sv --config-set installed_paths  /usr/local/lib/php-qa/vendor/phpcompatibility/php-compatibility \
     && phpcs -sv --standard='PHPCompatibility' --extensions=php --ignore=vendor . \
          --report-file=./php_code_quality/phpcompatibility_results.txt .'
