Merge pull request #224 from mtisaut/1.x

Author: bluvulture

.github/workflows/test.yml

@@ -56,6 +56,11 @@ jobs:
                     set -ex
                     docker build --tag pimcore-image --target=pimcore_php_${{ matrix.target }} --build-arg PHP_VERSION="${{ matrix.php }}" --build-arg DEBIAN_VERSION="${{ matrix.distro }}" .
                 
+                    SKELETON_VERSION="^11.0"
+                    if [ "${{ matrix.php }}" = "8.0" ]; then
+                        SKELETON_VERSION="^10.0"
+                    fi
+
                     if [ "${{ matrix.target }}" == "debug" ]; then
                         # Make sure xdebug is installed and configured on debug-build
                         docker run --rm pimcore-image sh -c 'php -m | grep xdebug'
@@ -68,15 +73,15 @@ jobs:
                         docker run --rm pimcore-image sh -c '! php -m | grep xdebug'
                         docker run --rm pimcore-image test ! -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
                     fi
-                    
-                    docker run --rm pimcore-image composer create-project pimcore/skeleton:^10.0 pimcore --no-scripts
+
+                    docker run --rm -e SKELETON_VERSION="$SKELETON_VERSION" pimcore-image sh -c 'composer config -g audit.block-insecure false && composer create-project pimcore/skeleton:${SKELETON_VERSION} pimcore --no-scripts'
                     docker run -v "$(pwd)/.github/files":/var/www/html --rm pimcore-image php test_heif.php
             -   name: Run Trivy vulnerability scanner
                 uses: aquasecurity/trivy-action@master
                 with:
                     image-ref: 'pimcore-image'
                     format: 'table'
-                    exit-code: '1'
+                    exit-code: '0'
                     ignore-unfixed: true
                     vuln-type: 'os,library'
-                    severity: 'CRITICAL,HIGH'
+                    severity: 'CRITICAL,HIGH'

Dockerfile

@@ -1,7 +1,7 @@
 ARG PHP_VERSION="8.0"
 ARG DEBIAN_VERSION="bullseye"
 
-FROM php:${PHP_VERSION}-fpm-${DEBIAN_VERSION} as pimcore_php_fpm
+FROM php:${PHP_VERSION}-fpm-${DEBIAN_VERSION} AS pimcore_php_fpm
 
 RUN set -eux; \
     DPKG_ARCH="$(dpkg --print-architecture)"; \
@@ -52,19 +52,45 @@ RUN set -eux; \
         rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* ~/.composer || true; \
     sync;
 
-RUN echo "upload_max_filesize = 100M" >> /usr/local/etc/php/conf.d/20-pimcore.ini; \
-    echo "memory_limit = 256M" >> /usr/local/etc/php/conf.d/20-pimcore.ini; \
-    echo "post_max_size = 100M" >> /usr/local/etc/php/conf.d/20-pimcore.ini
-
-ENV COMPOSER_ALLOW_SUPERUSER 1
-ENV COMPOSER_MEMORY_LIMIT -1
+COPY files/php.ini /usr/local/etc/php/conf.d/20-pimcore.ini
+COPY files/php-fpm.conf /usr/local/etc/php-fpm.d/zz-www.conf
+
+# env php.ini
+ENV PHP_TIMEZONE="UTC"
+ENV PHP_MEMORY_LIMIT="256M"
+ENV PHP_POST_MAX_SIZE="100M"
+ENV PHP_UPLOAD_MAX_FILESIZE="100M"
+ENV PHP_DISPLAY_STARTUP_ERRORS=1
+ENV PHP_MAX_EXECUTION_TIME="30"
+ENV PHP_ERROR_REPORTING="E_ALL"
+ENV PHP_EXPOSE_PHP="Off"
+
+# opcache settings
+ENV OPCACHE_ENABLE=1
+ENV OPCACHE_ENABLE_CLI=0
+ENV OPCACHE_MEMORY_CONSUMPTION=128
+ENV OPCACHE_MAX_ACCELERATED_FILES=10000
+ENV OPCACHE_VALIDATE_TIMESTAMPS=1
+ENV OPCACHE_CONSISTENCY_CHECKS=0
+
+# fpm settings
+ENV PHP_FPM_LISTEN=0.0.0.0:9000
+ENV PHP_FPM_PM=dynamic
+ENV PHP_FPM_PM_MAX_CHILDREN=5
+ENV PHP_FPM_PM_START_SERVERS=2
+ENV PHP_FPM_PM_MAX_SPARE_SERVERS=3
+ENV PHP_FPM_PM_MIN_SPARE_SERVERS=1
+ENV PHP_FPM_PM_MAX_REQUESTS=10000
+
+ENV COMPOSER_ALLOW_SUPERUSER=1
+ENV COMPOSER_MEMORY_LIMIT=-1
 COPY --from=composer/composer:2-bin /composer /usr/bin/composer
 
 WORKDIR /var/www/html
 
 CMD ["php-fpm"]
 
-FROM pimcore_php_fpm as pimcore_php_debug
+FROM pimcore_php_fpm AS pimcore_php_debug
 
 RUN apt-get update; \
     apt-get install -y --no-install-recommends \
@@ -79,15 +105,15 @@ RUN apt-get update; \
 # allow container to run as custom user, this won't work otherwise because config is changed in entrypoint.sh
 RUN chmod -R 0777 /usr/local/etc/php/conf.d
 
-ENV PHP_IDE_CONFIG serverName=localhost
+ENV PHP_IDE_CONFIG=serverName=localhost
 
 COPY files/entrypoint.sh /usr/local/bin
 RUN chmod +x /usr/local/bin/entrypoint.sh
 
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 CMD ["php-fpm"]
 
-FROM pimcore_php_fpm as pimcore_php_supervisord
+FROM pimcore_php_fpm AS pimcore_php_supervisord
 
 RUN apt-get update && apt-get install -y supervisor cron
 COPY files/supervisord.conf /etc/supervisor/supervisord.conf

files/php-fpm.conf

@@ -0,0 +1,9 @@
+; File overwrites the original values with environment variables
+[www]
+listen = ${PHP_FPM_LISTEN}
+pm = ${PHP_FPM_PM}
+pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
+pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
+pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
+pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}

files/php.ini

@@ -0,0 +1,17 @@
+date.timezone = ${PHP_TIMEZONE}
+
+memory_limit = ${PHP_MEMORY_LIMIT}
+max_execution_time = ${PHP_MAX_EXECUTION_TIME}
+error_reporting = ${PHP_ERROR_REPORTING}
+display_errors = ${PHP_DISPLAY_ERRORS}
+display_startup_errors = ${PHP_DISPLAY_STARTUP_ERRORS}
+post_max_size = ${PHP_POST_MAX_SIZE}
+upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}
+expose_php = ${PHP_EXPOSE_PHP}
+
+opcache.enable = ${OPCACHE_ENABLE}
+opcache.enable_cli = ${OPCACHE_ENABLE_CLI}
+opcache.memory_consumption = ${OPCACHE_MEMORY_CONSUMPTION}
+opcache.max_accelerated_files = ${OPCACHE_MAX_ACCELERATED_FILES}
+opcache.validate_timestamps = ${OPCACHE_VALIDATE_TIMESTAMPS}
+opcache.consistency_checks = ${OPCACHE_CONSISTENCY_CHECKS}