diff --git a/apache/Dockerfile b/apache/Dockerfile index d038b6e..aef6d6f 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -1,47 +1,69 @@ FROM php:7.2-apache LABEL maintainer="markus@martialblog.de" ARG version='3.15.8+190130' +ARG sha256_checksum='0eb46c81c8fce8eb40625a899ed3a32a2f63a4dd9158da7ee2df2d78a67d4c0b' # Install OS dependencies -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive \ - apt-get install --no-install-recommends -y \ - libldap2-dev \ - zlib1g-dev \ - libc-client-dev \ - libkrb5-dev \ - libpng-dev \ - libpq-dev \ - netcat \ - && apt-get autoclean; apt-get autoremove && \ - rm -rf /var/lib/apt/lists/* +RUN set -ex; \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --no-install-recommends -y \ + \ + libldap2-dev \ + zlib1g-dev \ + libc-client-dev \ + libkrb5-dev \ + libpng-dev \ + libpq-dev \ + netcat \ + \ + && apt-get autoclean; apt-get autoremove; \ + rm -rf /var/lib/apt/lists/* # Link LDAP library for PHP ldap extension -RUN ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/ -# Configure PHP imap plugin -RUN docker-php-ext-configure imap --with-kerberos --with-imap-ssl +RUN set -ex; \ + ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/ -# Install PHP Plugins -RUN docker-php-ext-install -j5 \ - gd \ - imap \ - ldap \ - mbstring \ - pdo \ - pdo_mysql \ - pdo_pgsql \ - pgsql \ - zip +# Install PHP Plugins and Configure PHP imap plugin +RUN set -ex; \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \ + docker-php-ext-install -j5 \ + gd \ + imap \ + ldap \ + mbstring \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + pgsql \ + zip -# Download, unzip and chmod of LimeSurvey +ENV LIMESURVEY_VERSION=$version + +# Apache configuration +RUN a2enmod headers rewrite remoteip; \ + {\ + echo RemoteIPHeader X-Real-IP ;\ + echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ + echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ + echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ + } > /etc/apache2/conf-available/remoteip.conf;\ + a2enconf remoteip + +# Use the default production configuration +RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" + +# Download, unzip and chmod LimeSurvey from official GitHub repository ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp -RUN tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm "/tmp/${version}.tar.gz" && \ - chown -R www-data:www-data /var/www/html - -RUN a2enmod headers rewrite remoteip +RUN set -ex; \ + echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + \ + tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/${version}.tar.gz" && \ + chown -R www-data:www-data /var/www/html COPY entrypoint.sh entrypoint.sh + ENTRYPOINT ["/var/www/html/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/fpm-alpine/Dockerfile b/fpm-alpine/Dockerfile index c0795f1..9bc0236 100644 --- a/fpm-alpine/Dockerfile +++ b/fpm-alpine/Dockerfile @@ -1,38 +1,45 @@ FROM php:7.2-fpm-alpine LABEL maintainer="markus@martialblog.de" ARG version='3.15.8+190130' +ARG sha256_checksum='0eb46c81c8fce8eb40625a899ed3a32a2f63a4dd9158da7ee2df2d78a67d4c0b' # Install OS dependencies -RUN apk add --no-cache --virtual .build-deps \ - libpng-dev \ - openldap-dev \ - imap-dev \ - postgresql-dev && \ - apk add --no-cache netcat-openbsd bash +RUN set -ex; \ + apk add --no-cache --virtual .build-deps \ + libpng-dev \ + openldap-dev \ + imap-dev \ + postgresql-dev && \ + apk add --no-cache netcat-openbsd bash # Install PHP Plugins -RUN docker-php-ext-configure imap --with-imap-ssl && \ - docker-php-ext-install \ - gd \ - imap \ - ldap \ - mbstring \ - pdo \ - pdo_mysql \ - pdo_pgsql \ - pgsql \ - zip +RUN set -ex; \ + docker-php-ext-configure imap --with-imap-ssl && \ + docker-php-ext-install \ + gd \ + imap \ + ldap \ + mbstring \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + pgsql \ + zip # Download, unzip and chmod of LimeSurvey ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp -RUN tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm -rf "/tmp/${version}.tar.gz" \ - /var/www/html/docs \ - /var/www/html/tests \ - /var/www/html/*.md && \ - chown -R www-data:root /var/www/ ; \ - chmod -R g=u /var/www +RUN set -ex; \ + echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + \ + tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ + \ + rm -rf "/tmp/${version}.tar.gz" \ + /var/www/html/docs \ + /var/www/html/tests \ + /var/www/html/*.md && \ + chown -R www-data:root /var/www/ ; \ + chmod -R g=u /var/www EXPOSE 9000 diff --git a/fpm/Dockerfile b/fpm/Dockerfile index 533a0dc..73339d2 100644 --- a/fpm/Dockerfile +++ b/fpm/Dockerfile @@ -1,44 +1,54 @@ FROM php:7.2-fpm LABEL maintainer="markus@martialblog.de" ARG version='3.15.8+190130' +ARG sha256_checksum='0eb46c81c8fce8eb40625a899ed3a32a2f63a4dd9158da7ee2df2d78a67d4c0b' # Install OS dependencies -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive \ - apt-get install --no-install-recommends -y \ - libldap2-dev \ - zlib1g-dev \ - libc-client-dev \ - libkrb5-dev \ - libpng-dev \ - libpq-dev \ - netcat \ - && apt-get autoclean; apt-get autoremove && \ - rm -rf /var/lib/apt/lists/* +RUN set -ex; \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --no-install-recommends -y \ + \ + libldap2-dev \ + zlib1g-dev \ + libc-client-dev \ + libkrb5-dev \ + libpng-dev \ + libpq-dev \ + netcat \ + \ + && apt-get autoclean; apt-get autoremove; \ + rm -rf /var/lib/apt/lists/* # Link LDAP library for PHP ldap extension -RUN ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/ +RUN set -ex; \ + ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/ -RUN docker-php-ext-configure imap --with-kerberos --with-imap-ssl +# Install PHP Plugins and Configure PHP imap plugin +RUN set -ex; \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \ + docker-php-ext-install -j5 \ + gd \ + imap \ + ldap \ + mbstring \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + pgsql \ + zip -# Install PHP Plugins -RUN docker-php-ext-install -j5 \ - gd \ - imap \ - ldap \ - mbstring \ - pdo \ - pdo_mysql \ - pdo_pgsql \ - pgsql \ - zip +ENV LIMESURVEY_VERSION=$version -# Download, unzip and chmod of LimeSurvey +# Download, unzip and chmod LimeSurvey from official GitHub repository ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp -RUN tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm "/tmp/${version}.tar.gz" && \ - chown -R www-data:www-data /var/www/html +RUN set -ex; \ + echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + \ + tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/${version}.tar.gz" && \ + chown -R www-data:www-data /var/www/html EXPOSE 9000 diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 50d4dd5..0000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -feedparser==5.2.1 diff --git a/upgrade.py b/upgrade.py deleted file mode 100755 index a1ce293..0000000 --- a/upgrade.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env python3 - - -import argparse -import feedparser -import sys -import subprocess - -dockerfile_apache = 'apache/Dockerfile' -dockerfile_fpm = 'fpm/Dockerfile' -dockerfile_alpine = 'fpm-alpine/Dockerfile' - -limesv_feed_url = 'https://github.com/LimeSurvey/LimeSurvey/releases.atom' -docker_feed_url = 'https://github.com/martialblog/docker-limesurvey/releases.atom' - -limesv_feed = feedparser.parse(limesv_feed_url) -docker_feed = feedparser.parse(docker_feed_url) - -limesv_current_release = limesv_feed.entries[0].title_detail.value -docker_current_release = docker_feed.entries[0].title_detail.value - -argumentparser = argparse.ArgumentParser(description='Updates the LimeSurvey Version in the Dockerfiles') -argumentparser.add_argument('--noop', dest='noop', action="store_true", required=False, help="Don't push just commit") -argumentparser.add_argument('--check', dest='check', action="store_true", required=False, help="Only check if there's a new version available") - -cmdargs = argumentparser.parse_args() - -if limesv_current_release == docker_current_release: - print('Nothing to do.') - sys.exit(0) - -print('New Version {} available.'.format(limesv_current_release)) - -if cmdargs.check: - sys.exit(0) - -commit_message = 'Updating to Version {}'.format(limesv_current_release) - -# Dockerfiles -regexp = 's/[0-9]+\.[0-9]+\.[0-9]+[0-9]*/{new_version}/'.format(new_version=limesv_current_release) -subprocess.call(['sed', '-i', '-e', regexp, dockerfile_apache]) -subprocess.call(['sed', '-i', '-e', regexp, dockerfile_fpm]) -subprocess.call(['sed', '-i', '-e', regexp, dockerfile_alpine]) -print('> Updated Dockerfiles') - -# Git Commit/Tag -# subprocess.call(['git', 'checkout', '-b', limesv_current_release]) -subprocess.call(['git', 'add', dockerfile_apache]) -subprocess.call(['git', 'add', dockerfile_fpm]) -subprocess.call(['git', 'commit', '-m', commit_message]) -subprocess.call(['git', 'tag', limesv_current_release]) -print('> Created new Commit and Tag') - -if cmdargs.noop: - sys.exit(0) - -# Git Push -# subprocess.call(['git', 'push', 'origin', limesv_current_release]) -subprocess.call(['git', 'push']) -subprocess.call(['git', 'push', 'origin', '--tags']) -print('> Pushed to new Branch') - -sys.exit(0) diff --git a/upgrade.sh b/upgrade.sh new file mode 100755 index 0000000..2501333 --- /dev/null +++ b/upgrade.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# Upgrade script + +if [ $# -eq 0 ] + then + echo 'Pass new LimeSurvey Version tag:' + echo 'upgrade.sh 3.15.8+190130' + exit 1 +fi + +NEW_VERSION=$1 + +grep -qc $NEW_VERSION apache/Dockerfile fpm/Dockerfile fpm-alpine/Dockerfile + +if [ $? -eq 0 ] + then + echo "Already at version ${NEW_VERSION}" + exit 0 +fi + +# Download, unzip and chmod LimeSurvey from official GitHub repository +wget -P /tmp "https://github.com/LimeSurvey/LimeSurvey/archive/${NEW_VERSION}.tar.gz" +SHA256_CHECKSUM=$(sha256 "${NEW_VERSION}.tar.gz") + +# Update lines in the files +sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" apache/Dockerfile fpm/Dockerfile fpm-alpine/Dockerfile +sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" apache/Dockerfile fpm/Dockerfile fpm-alpine/Dockerfile + +# After that, check and commit