[php] Test php 8.4.0

Signed-off-by: Kang Huaishuai <khs1994@khs1994.com>

Author: khs1994

dockerfile/php/.github/workflows/php_8_1.yml

@@ -197,5 +197,5 @@ jobs:
         PHP_TAG_VERSION: "8.1.31"
         TYPE: ${{ matrix.TYPE }}
         add_mirror: registry.us-east-1.aliyuncs.com/khs1994-us/php docker.cnb.cool/khs1994-docker/khs1994/php ghcr.io/khs1994/php
-        add_mirror2: ghcr.io/lrew/php
+        add_mirror2: ghcr.io/lrew/php docker.cnb.cool/khs1994-docker/lrew/php
       name: 'Build Image'

dockerfile/php/.github/workflows/php_8_2.yml

@@ -197,5 +197,5 @@ jobs:
         PHP_TAG_VERSION: "8.2.26"
         TYPE: ${{ matrix.TYPE }}
         add_mirror: registry.us-east-1.aliyuncs.com/khs1994-us/php docker.cnb.cool/khs1994-docker/khs1994/php ghcr.io/khs1994/php
-        add_mirror2: ghcr.io/lrew/php
+        add_mirror2: ghcr.io/lrew/php docker.cnb.cool/khs1994-docker/lrew/php
       name: 'Build Image'

dockerfile/php/.github/workflows/php_8_3.yml

@@ -209,6 +209,6 @@ jobs:
         PHP_TAG_VERSION: "8.3.12"
         TYPE: ${{ matrix.TYPE }}
         add_mirror: registry.us-east-1.aliyuncs.com/khs1994-us/php docker.cnb.cool/khs1994-docker/khs1994/php ghcr.io/khs1994/php
-        add_mirror2: ghcr.io/lrew/php
+        add_mirror2: ghcr.io/lrew/php docker.cnb.cool/khs1994-docker/lrew/php
         ARM: ${{ matrix.DIST == '24.04-arm' }}
       name: 'Build Image'

dockerfile/php/.github/workflows/php_8_4.yml

@@ -0,0 +1,214 @@
+on:
+  push:
+    branches:
+    - master
+    tags:
+    - '*'
+  workflow_dispatch:
+    inputs:
+      PHP_VERSION:
+        description: php version
+        required: true
+        default: "8.4.0"
+
+name: PHP_8.4
+
+env:
+  PHP_CUSTOM_VERSION: ${{ github.event.inputs.PHP_VERSION }}
+
+defaults:
+  run:
+    shell: bash --noprofile --norc -exo pipefail {0}
+
+jobs:
+  build:
+    name: Build
+    strategy:
+      max-parallel: 1
+      matrix:
+        # TYPE: [CLI, FPM, UNIT, COMPOSER, SWOOLE, PPM, SUPERVISORD]
+        TYPE: [CLI, FPM, COMPOSER, S6, UNIT, SWOOLE]
+        DIST: ["24.04-arm","24.04"]
+    runs-on: ubuntu-${{ matrix.DIST }}
+    steps:
+    - uses: actions/checkout@main
+      with:
+        fetch-depth: 2
+    - run: |
+        env
+        docker --version
+        docker compose version
+      name: 'manifest'
+    - run: |
+        echo ${DOCKER_PASSWORD} | docker login -u ${DOCKER_USERNAME} --password-stdin
+        # echo ${DOCKER_PASSWORD} | docker login -u ${TENCENT_DOCKER_USERNAME} --password-stdin uswccr.ccs.tencentyun.com
+        echo ${DOCKER_PASSWORD} | docker login -u ${ALIYUN_DOCKER_USERNAME} --password-stdin registry.us-east-1.aliyuncs.com
+        echo ${GHCR_IO_TOKEN} | docker login -u khs1994 --password-stdin ghcr.io
+        echo ${CODING_DOCKER_PASSWORD} | docker login -u cnb --password-stdin docker.cnb.cool
+      name: 'Docker Login'
+      env:
+        DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+        DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
+        TENCENT_DOCKER_USERNAME: ${{secrets.TENCENT_DOCKER_USERNAME}}
+        ALIYUN_DOCKER_USERNAME: ${{secrets.ALIYUN_DOCKER_USERNAME}}
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        GHCR_IO_TOKEN: ${{secrets.GHCR_IO_TOKEN}}
+        CODING_DOCKER_PASSWORD: ${{secrets.CODING_DOCKER_PASSWORD}}
+    - uses: docker-practice/actions-setup-docker@master
+      with:
+        docker_channel: test
+        docker_version: "20.10"
+    - run: |
+        docker --version
+        docker compose version
+        docker buildx version
+        docker
+      name: 'install-after-manifest'
+    - run: |
+        cp .env.example .env
+
+        if [ -n "${PHP_CUSTOM_VERSION}" ];then
+          export PHP_TAG_VERSION=$PHP_CUSTOM_VERSION
+        fi
+
+        echo $GITHUB_REF | grep -q 'refs/tags/' && IS_TAG_EVENT=1 || true
+
+        if ! [ -n "${IS_TAG_EVENT}" -o "${GITHUB_EVENT_NAME}" = 'workflow_dispatch' ];then \
+            IS_PUSH=--push; \
+            DOCKER_HUB_USERNAME=$DOCKER_HUB_USERNAME_TEST; \
+            mirror="${add_mirror2}"; \
+        else \
+          IS_PUSH=--push \
+          && mirror="${add_mirror}"; \
+        fi
+
+        VCS_REF=`git rev-parse --short HEAD`
+
+        if [ "${ARM}" = "true" ];then
+          IS_PUSH=""
+          PLATFORM="linux/arm64"
+          CACHE_IMAGE=ghcr.io/${DOCKER_HUB_USERNAME}/php-cache-arm
+
+          options="--build-arg USERNAME=$DOCKER_HUB_USERNAME \
+        --build-arg VCS_REF=$VCS_REF \
+        --build-arg PHP_VERSION=$PHP_TAG_VERSION \
+        --cache-from=${CACHE_IMAGE}:${FOLDER}-${TYPE,,}-cache \
+        --cache-to=${CACHE_IMAGE}:${FOLDER}-${TYPE,,}-cache"
+        else
+          CACHE_IMAGE=ghcr.io/${DOCKER_HUB_USERNAME}/php-cache
+          CACHE_IMAGE_ARM=ghcr.io/${DOCKER_HUB_USERNAME}/php-cache-arm
+
+          options="--build-arg USERNAME=$DOCKER_HUB_USERNAME \
+        --build-arg VCS_REF=$VCS_REF \
+        --build-arg PHP_VERSION=$PHP_TAG_VERSION \
+        --cache-from=${CACHE_IMAGE}:${FOLDER}-${TYPE,,}-cache \
+        --cache-from=${CACHE_IMAGE_ARM}:${FOLDER}-${TYPE,,}-cache \
+        --cache-to=${CACHE_IMAGE}:${FOLDER}-${TYPE,,}-cache"
+        fi
+
+
+        # CACHE_IMAGE_ARM=ghcr.io/${DOCKER_HUB_USERNAME}/php-cache-arm
+        # CACHE_IMAGE=${DOCKER_HUB_USERNAME}/php
+
+        if [ "$TYPE" = "UNIT" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-unit-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-unit-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/unit
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "SUPERVISORD" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-supervisord-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-supervisord-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/supervisord
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "COMPOSER" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-composer-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-composer-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/composer
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "SINGLE" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-single-alpine \
+          ${IS_PUSH} ${FOLDER}/single
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "SWOOLE" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-swoole-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-swoole-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/swoole
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "FPM" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          --target=php -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-fpm-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-fpm-alpine ";done) \
+          ${fpmTagOptions} \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/fpm
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "CLI" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-cli-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-cli-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/cli
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "S6" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-s6-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-s6-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/s6
+          echo ::endgroup::
+        fi
+
+        if [ "$TYPE" = "PPM" ];then
+          echo ::group::Build $TYPE
+          docker buildx build $options \
+          --build-arg ALPINE_URL=${ALPINE_URL:-dl-cdn.alpinelinux.org} \
+          -t $DOCKER_HUB_USERNAME/php:${PHP_TAG_VERSION}-ppm-alpine \
+          $(for item in `echo $mirror`;do echo " -t ${item}:${PHP_TAG_VERSION}-ppm-alpine ";done) \
+          --platform ${PLATFORM} ${IS_PUSH} ${FOLDER}/ppm
+          echo ::endgroup::
+        fi
+      env:
+        GITHUB_EVENT_NAME: ${{github.event_name}}
+        DOCKER_HUB_USERNAME: khs1994
+        DOCKER_HUB_USERNAME_TEST: lrew
+        PLATFORM: linux/amd64,linux/arm64 #,linux/arm/v7
+        PHP_VERSION: 8_4_X
+        FOLDER: "8.4"
+        PHP_TAG_VERSION: "8.4.0"
+        TYPE: ${{ matrix.TYPE }}
+        add_mirror: registry.us-east-1.aliyuncs.com/khs1994-us/php docker.cnb.cool/khs1994-docker/khs1994/php ghcr.io/khs1994/php
+        add_mirror2: ghcr.io/lrew/php docker.cnb.cool/khs1994-docker/lrew/php
+        ARM: ${{ matrix.DIST == '24.04-arm' }}
+      name: 'Build Image'

dockerfile/php/.github/workflows/php_nightly.yml

@@ -232,6 +232,18 @@ jobs:
       with:
         image: ${{ steps.build.outputs.image }}
         args: --file=nightly/${{ steps.build.outputs.type }}/Dockerfile
+      # Replace any "undefined" security severity values with 0. The undefined value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See  https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
+    - name: Post-process sarif output for security severities set to "undefined"
+      run: |
+        sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
+      # Replace any "null" security severity values with 0. The undefined value is used in the case
+      # the NVD CVSS Score is not available.
+      # See  https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
+    - name: Post-process sarif output for security severities set to "null"
+      run: |
+        sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v3
       continue-on-error: true