Upgrading to Version 5.1.2+210813

- since we are not in charge of the app

.gitattributes

@@ -0,0 +1,2 @@
+# force LF in entrypoint.sh
+entrypoint.sh text eol=lf

.github/workflows/build-latest-container-images.yaml

@@ -0,0 +1,96 @@
+name: Publish Latest Container Images
+on:
+  push:
+    tags:
+      - '5.*'
+
+jobs:
+  lint_dockerfiles:
+    name: Lint Dockerfile with hadolint
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dockerfile:
+          - 5.0/apache/Dockerfile
+          - 5.0/fpm-alpine/Dockerfile
+          - 5.0/fpm/Dockerfile
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/hadolint-action@v1.5.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL4006 DL3008 DL3018
+
+  push_images_to_registries:
+    name: Push Container Images to registries
+    runs-on: ubuntu-latest
+    needs: [lint_dockerfiles]
+    environment: docker-build
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+        with:
+          buildkitd-flags: --debug
+      - name: 'Log in to DockerHub'
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - name: 'Apache variant metadata'
+        id: metadata-apache
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{raw}},suffix=-apache
+            type=semver,pattern={{major}},suffix=-apache
+          flavor: |
+            latest=false
+      - name: 'Build and push latest Apache container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/apache
+          push: true
+          tags: ${{ steps.metadata-apache.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}
+
+      - name: 'FPM variant metadata'
+        id: metadata-fpm
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm
+            type=semver,pattern={{major}},suffix=-fpm
+      - name: 'Build and push latest fpm container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/fpm
+          push: true
+          tags: ${{ steps.metadata-fpm.outputs.tags }}
+          labels: ${{ steps.metadata-fpm.outputs.labels }}
+
+      - name: 'FPM Alpine variant metadata'
+        id: metadata-fpm-alpine
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm-alpine
+            type=semver,pattern={{major}},suffix=-fpm-alpine
+      - name: 'Build and push latest fpm-alpine container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/fpm-alpine
+          push: true
+          tags: ${{ steps.metadata-fpm-alpine.outputs.tags }}
+          labels: ${{ steps.metadata-fpm-alpine.outputs.labels }}

.github/workflows/build-lts-container-images.yaml

@@ -0,0 +1,96 @@
+name: Publish LTS Container Images
+on:
+  push:
+    tags:
+      - '3.*'
+
+jobs:
+  lint_dockerfiles:
+    name: 'Lint Dockerfile with hadolint'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dockerfile:
+          - 3.0/apache/Dockerfile
+          - 3.0/fpm-alpine/Dockerfile
+          - 3.0/fpm/Dockerfile
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/hadolint-action@v1.5.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL4006 DL3008 DL3018
+
+  push_images_to_registries:
+    name: 'Push container images to registries'
+    runs-on: ubuntu-latest
+    needs: [lint_dockerfiles]
+    environment: docker-build
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+        with:
+          buildkitd-flags: --debug
+      - name: 'Log in to DockerHub'
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - name: 'Apache variant metadata'
+        id: metadata-apache
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{raw}},suffix=-apache
+            type=semver,pattern={{major}},suffix=-apache
+          flavor: |
+            latest=false
+      - name: 'Build and push LTS apache container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/apache
+          push: true
+          tags: ${{ steps.metadata-apache.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}
+
+      - name: 'FPM variant metadata'
+        id: metadata-fpm
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm
+            type=semver,pattern={{major}},suffix=-fpm
+      - name: 'Build and push LTS fpm container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/fpm
+          push: true
+          tags: ${{ steps.metadata-fpm.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}
+
+      - name: 'FPM Alpine variant metadata'
+        id: metadata-fpm-alpine
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm-alpine
+            type=semver,pattern={{major}},suffix=-fpm-alpine
+      - name: 'Build and push LTS fpm-alpine container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/fpm-alpine
+          push: true
+          tags: ${{ steps.metadata-fpm-alpine.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}

.github/workflows/lint-dockerfiles.yaml

@@ -0,0 +1,24 @@
+---
+name: Lint Dockerfile
+
+on: [push, pull_request]
+
+jobs:
+  lint:
+    name: Lint Dockerfile with hadolint
+    strategy:
+      matrix:
+        dockerfile:
+          - 3.0/apache/Dockerfile
+          - 3.0/fpm-alpine/Dockerfile
+          - 3.0/fpm/Dockerfile
+          - 5.0/apache/Dockerfile
+          - 5.0/fpm-alpine/Dockerfile
+          - 5.0/fpm/Dockerfile
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/hadolint-action@v1.5.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL4006 DL3008 DL3018

.github/workflows/test-latest-container-images.yaml

@@ -0,0 +1,52 @@
+name: Test Latest Container Images
+
+on: [push, pull_request]
+
+jobs:
+  test_images:
+    name: Test Latest Container Images with Trivy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        context:
+          - apache
+          - fpm-alpine
+          - fpm
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+
+      - name: 'Build Container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/${{ matrix.context }}
+          push: false
+          load: true
+          tags: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+
+      - name: 'Run Structure tests'
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+          config: tests/${{ matrix.context }}-tests.yaml
+
+      - name: 'Run vulnerability scanner'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          exit-code: '0'
+          # Since we are not in charge of the Application
+          vuln-type: 'os'
+          output: trivy-results-5-${{ matrix.context }}.sarif
+          severity: 'CRITICAL,HIGH'
+
+      - name: 'Upload Trivy scan results to GitHub'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: trivy-results-5-${{ matrix.context }}.sarif
+          category: "${{ matrix.context }}"

.github/workflows/test-lts-container-images.yaml

@@ -0,0 +1,52 @@
+name: Test LTS Container Images
+
+on: [push, pull_request]
+
+jobs:
+  test_images:
+    name: Test LTS Container Images with Trivy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        context:
+          - apache
+          - fpm-alpine
+          - fpm
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+
+      - name: 'Build Container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/${{ matrix.context }}
+          push: false
+          load: true
+          tags: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+
+      - name: 'Run Structure tests'
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+          config: tests/${{ matrix.context }}-tests.yaml
+
+      - name: 'Run vulnerability scanner'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          exit-code: '0'
+          # Since we are not in charge of the Application
+          vuln-type: 'os'
+          output: trivy-results-3-${{ matrix.context }}.sarif
+          severity: 'CRITICAL,HIGH'
+
+      - name: 'Upload Trivy scan results to GitHub'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: trivy-results-3-${{ matrix.context }}.sarif
+          category: "${{ matrix.context }}"

.travis.yml

@@ -1,13 +0,0 @@
-sudo: required
-language: bash
-services:
-  - docker
-
-matrix:
-  include:
-    - env: TAG=martialblog/limesurvey-apache
-      script: cd 3.0/apache; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG
-    - env: TAG=martialblog/limesurvey-fpm
-      script: cd 3.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG
-    - env: TAG=martialblog/limesurvey-alpine
-      script: cd 3.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG

3.0/apache/Dockerfile

@@ -1,7 +1,9 @@
-FROM php:7.2-apache
+FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.27+200720'
-ARG sha256_checksum='52b977f58a422dbb0d9284e362c86dc8e1b9c3d4035975c144b5256b27d55af5'
+ARG version='3.27.11+210809'
+ARG sha256_checksum='c24df0e007e9a9c4e64a1e57c07a559e1866d79a32f8ab736efc0e73aa8a28b1'
+ARG USER=root
+ARG LISTEN_PORT=80
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +14,15 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
+        libtidy-dev \
+        libsodium-dev \
         netcat \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
@@ -28,7 +34,7 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
         exif \
@@ -40,6 +46,8 @@ RUN set -ex; \
         pdo_mysql \
         pdo_pgsql \
         pgsql \
+        sodium \
+        tidy \
         zip
 
 ENV LIMESURVEY_VERSION=$version
@@ -58,16 +66,17 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
-
 RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
         echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
         tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         rm -f "/tmp/limesurvey.tar.gz" && \
-        chown -R www-data:www-data /var/www/html
+        chown -R www-data:www-data /var/www/html /etc/apache2
 
+WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
-
+COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf
+USER $USER
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["apache2-foreground"]

3.0/apache/entrypoint.sh

@@ -11,21 +11,22 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
-ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
-ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
-ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
-
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
 
+LISTEN_PORT=${LISTEN_PORT:-"80"}
+
 if [ -z "$DB_PASSWORD" ]; then
     echo >&2 'Error: Missing DB_PASSWORD'
     exit 1
@@ -36,9 +37,14 @@ if [ -z "$ADMIN_PASSWORD" ]; then
     exit 1
 fi
 
+if [ "$LISTEN_PORT" != "80" ]; then
+    echo "Info: Customizing Apache Listen port to $LISTEN_PORT"
+    sed -i "s/Listen 80\$/Listen $LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf
+fi
+
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -61,7 +67,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -85,11 +91,19 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
-      'showScriptName' => true,
+      'showScriptName' => $SHOW_SCRIPT_NAME,
     ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
   ),
   'config'=>array(
     'publicurl'=>'$PUBLIC_URL',
@@ -102,38 +116,25 @@ EOF
 
 fi
 
-# Check if security config already provisioned
-if [ -f application/config/security.php ]; then
-    echo 'Info: security.php already provisioned'
-else
-    echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
-
-        cat <<EOF > application/config/security.php
-<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
-\$config = array();
-\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
-\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
-\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
-return \$config;
-EOF
-    else
-        echo >&2 'Warning: No encryption keys were provided'
-        echo >&2 'Warning: A security.php config will be created by the application'
-        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
-    fi
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
 fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

3.0/apache/vhosts-access-log.conf

@@ -0,0 +1,3 @@
+SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog

3.0/fpm-alpine/Dockerfile

@@ -1,22 +1,26 @@
-FROM php:7.2-fpm-alpine
+FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.27+200720'
-ARG sha256_checksum='52b977f58a422dbb0d9284e362c86dc8e1b9c3d4035975c144b5256b27d55af5'
+ARG version='3.27.11+210809'
+ARG sha256_checksum='c24df0e007e9a9c4e64a1e57c07a559e1866d79a32f8ab736efc0e73aa8a28b1'
 
 # Install OS dependencies
 RUN set -ex; \
         apk add --no-cache --virtual .build-deps \
         freetype-dev \
         libpng-dev \
+        libzip-dev \
         libjpeg-turbo-dev \
+        tidyhtml-dev \
+        libsodium-dev \
         openldap-dev \
+        oniguruma-dev \
         imap-dev \
         postgresql-dev && \
         apk add --no-cache netcat-openbsd bash
 
 # Install PHP Plugins
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr ; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
         docker-php-ext-configure imap --with-imap-ssl && \
         docker-php-ext-install \
         gd \
@@ -27,12 +31,13 @@ RUN set -ex; \
         pdo_mysql \
         pdo_pgsql \
         pgsql \
+        sodium \
+        tidy \
         zip
 
-# Download, unzip and chmod of LimeSurvey
-RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
-
+# Download, unzip and chmod LimeSurvey from official GitHub repository
 RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
         echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
         tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
@@ -46,6 +51,7 @@ RUN set -ex; \
 
 EXPOSE 9000
 
+WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["php-fpm"]

3.0/fpm-alpine/entrypoint.sh

@@ -11,17 +11,16 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
-ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
-ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
-ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
-
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -38,7 +37,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -61,7 +60,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -85,11 +84,19 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
-      'showScriptName' => true,
+      'showScriptName' => $SHOW_SCRIPT_NAME,
     ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
   ),
   'config'=>array(
     'publicurl'=>'$PUBLIC_URL',
@@ -102,38 +109,25 @@ EOF
 
 fi
 
-# Check if security config already provisioned
-if [ -f application/config/security.php ]; then
-    echo 'Info: security.php already provisioned'
-else
-    echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
-
-        cat <<EOF > application/config/security.php
-<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
-\$config = array();
-\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
-\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
-\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
-return \$config;
-EOF
-    else
-        echo >&2 'Warning: No encryption keys were provided'
-        echo >&2 'Warning: A security.php config will be created by the application'
-        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
-    fi
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
 fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
-FROM php:7.2-fpm
+FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.27+200720'
-ARG sha256_checksum='52b977f58a422dbb0d9284e362c86dc8e1b9c3d4035975c144b5256b27d55af5'
+ARG version='3.27.11+210809'
+ARG sha256_checksum='c24df0e007e9a9c4e64a1e57c07a559e1866d79a32f8ab736efc0e73aa8a28b1'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +12,15 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
+        libtidy-dev \
+        libsodium-dev \
         netcat \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
@@ -28,7 +32,7 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
         exif \
@@ -40,14 +44,15 @@ RUN set -ex; \
         pdo_mysql \
         pdo_pgsql \
         pgsql \
+        sodium \
+        tidy \
         zip
 
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
-
 RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
         echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
         tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
@@ -56,6 +61,7 @@ RUN set -ex; \
 
 EXPOSE 9000
 
+WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["php-fpm"]

3.0/fpm/entrypoint.sh

@@ -11,17 +11,16 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
-ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
-ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
-ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
-
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
@@ -38,7 +37,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -61,7 +60,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -85,11 +84,19 @@ return array(
       'charset' => '$DB_CHARSET',
       'tablePrefix' => '$DB_TABLE_PREFIX',
     ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
     'urlManager' => array(
       'urlFormat' => '$URL_FORMAT',
       'rules' => array(),
-      'showScriptName' => true,
+      'showScriptName' => $SHOW_SCRIPT_NAME,
     ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
   ),
   'config'=>array(
     'publicurl'=>'$PUBLIC_URL',
@@ -102,38 +109,25 @@ EOF
 
 fi
 
-# Check if security config already provisioned
-if [ -f application/config/security.php ]; then
-    echo 'Info: security.php already provisioned'
-else
-    echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
-
-        cat <<EOF > application/config/security.php
-<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
-\$config = array();
-\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
-\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
-\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
-return \$config;
-EOF
-    else
-        echo >&2 'Warning: No encryption keys were provided'
-        echo >&2 'Warning: A security.php config will be created by the application'
-        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
-    fi
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
 fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

4.0/apache/Dockerfile

@@ -1,7 +1,9 @@
-FROM php:7.2-apache
+FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.3.4+200713'
-ARG sha256_checksum='d35a90e969de9ecd86def6e40de3785d43ac6d4430cb3d40a611781a0f7b5ede'
+ARG version='4.6.3+210518'
+ARG sha256_checksum='3c59afc13d0cf974c465c5f851cb8837117518e94031f5e3a28ba468ad734ce2'
+ARG USER=root
+ARG LISTEN_PORT=80
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +14,15 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
+        libtidy-dev \
+        libsodium-dev \
         netcat \
         curl \
         \
@@ -29,7 +35,7 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
         exif \
@@ -41,6 +47,8 @@ RUN set -ex; \
         pdo_mysql \
         pdo_pgsql \
         pgsql \
+        sodium \
+        tidy \
         zip
 
 ENV LIMESURVEY_VERSION=$version
@@ -59,16 +67,16 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
-
 RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
         echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
         tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         rm -f "/tmp/limesurvey.tar.gz" && \
-        chown -R www-data:www-data /var/www/html
+        chown -R www-data:www-data /var/www/html /etc/apache2
 
+WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
-
+USER $USER
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["apache2-foreground"]

4.0/apache/entrypoint.sh

@@ -20,12 +20,15 @@ ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
 DEBUG=${DEBUG:-0}
 DEBUG_SQL=${DEBUG_SQL:-0}
 
+LISTEN_PORT=${LISTEN_PORT:-"80"}
+
 if [ -z "$DB_PASSWORD" ]; then
     echo >&2 'Error: Missing DB_PASSWORD'
     exit 1
@@ -36,9 +39,14 @@ if [ -z "$ADMIN_PASSWORD" ]; then
     exit 1
 fi
 
+if [ "$LISTEN_PORT" != "80" ]; then
+    echo "Info: Customizing Apache Listen port to $LISTEN_PORT"
+    sed -i "s/Listen 80\$/Listen $LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf
+fi
+
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -61,7 +69,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -90,6 +98,9 @@ return array(
       'rules' => array(),
       'showScriptName' => true,
     ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
   ),
   'config'=>array(
     'publicurl'=>'$PUBLIC_URL',
@@ -107,7 +118,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -128,12 +139,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

4.0/fpm-alpine/Dockerfile

@@ -1,22 +1,26 @@
-FROM php:7.2-fpm-alpine
+FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.3.4+200713'
-ARG sha256_checksum='d35a90e969de9ecd86def6e40de3785d43ac6d4430cb3d40a611781a0f7b5ede'
+ARG version='4.6.3+210518'
+ARG sha256_checksum='3c59afc13d0cf974c465c5f851cb8837117518e94031f5e3a28ba468ad734ce2'
 
 # Install OS dependencies
 RUN set -ex; \
         apk add --no-cache --virtual .build-deps \
         freetype-dev \
         libpng-dev \
+        libzip-dev \
         libjpeg-turbo-dev \
+        tidyhtml-dev \
+        libsodium-dev \
         openldap-dev \
+        oniguruma-dev \
         imap-dev \
         postgresql-dev && \
         apk add --no-cache netcat-openbsd bash
 
 # Install PHP Plugins
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr ; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
         docker-php-ext-configure imap --with-imap-ssl && \
         docker-php-ext-install \
         exif \
@@ -28,12 +32,13 @@ RUN set -ex; \
         pdo_mysql \
         pdo_pgsql \
         pgsql \
+        sodium \
+        tidy \
         zip
 
-# Download, unzip and chmod of LimeSurvey
-RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
-
+# Download, unzip and chmod LimeSurvey from official GitHub repository
 RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
         echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
         tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
@@ -47,6 +52,7 @@ RUN set -ex; \
 
 EXPOSE 9000
 
+WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["php-fpm"]

4.0/fpm-alpine/entrypoint.sh

@@ -20,6 +20,7 @@ ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
@@ -38,7 +39,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -61,7 +62,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -90,6 +91,9 @@ return array(
       'rules' => array(),
       'showScriptName' => true,
     ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
   ),
   'config'=>array(
     'publicurl'=>'$PUBLIC_URL',
@@ -107,7 +111,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -128,12 +132,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

4.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
-FROM php:7.2-fpm
+FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.3.4+200713'
-ARG sha256_checksum='d35a90e969de9ecd86def6e40de3785d43ac6d4430cb3d40a611781a0f7b5ede'
+ARG version='4.6.3+210518'
+ARG sha256_checksum='3c59afc13d0cf974c465c5f851cb8837117518e94031f5e3a28ba468ad734ce2'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +12,15 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
+        libtidy-dev \
+        libsodium-dev \
         netcat \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
@@ -28,7 +32,7 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
         exif \
@@ -40,14 +44,15 @@ RUN set -ex; \
         pdo_mysql \
         pdo_pgsql \
         pgsql \
+        sodium \
+        tidy \
         zip
 
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
-
 RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
         echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
         tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
@@ -56,6 +61,7 @@ RUN set -ex; \
 
 EXPOSE 9000
 
+WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["php-fpm"]

4.0/fpm/entrypoint.sh

@@ -20,6 +20,7 @@ ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
 ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
@@ -38,7 +39,7 @@ fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
     do
         echo "Info: Waiting for database connection..."
         sleep 5
@@ -61,7 +62,7 @@ else
         DB_CHARSET=${DB_CHARSET:-'utf8'}
     fi
 
-    if [ ! -z "$DB_SOCK" ]; then
+    if [ -n "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
         DB_CONNECT='unix_socket'
     else
@@ -90,6 +91,9 @@ return array(
       'rules' => array(),
       'showScriptName' => true,
     ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
   ),
   'config'=>array(
     'publicurl'=>'$PUBLIC_URL',
@@ -107,7 +111,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
@@ -128,12 +132,14 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-if [ $? -eq 0 ]; then
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
     echo ''
     echo 'Running console.php install'
-    php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
 fi
 
 exec "$@"

5.0/apache/Dockerfile

@@ -0,0 +1,85 @@
+FROM php:8-apache
+LABEL maintainer="markus@martialblog.de"
+ARG version='5.1.2+210813'
+ARG sha256_checksum='c8763494cabae983611e177bb551c837441509d8c94dd7e1f4825eff954c962a'
+ARG USER=www-data
+ARG LISTEN_PORT=8080
+
+# Install OS dependencies
+RUN set -ex; \
+        apt-get update && \
+        DEBIAN_FRONTEND=noninteractive \
+        apt-get install --no-install-recommends -y \
+        \
+        libldap2-dev \
+        libfreetype6-dev \
+        libjpeg-dev \
+        libonig-dev \
+        zlib1g-dev \
+        libc-client-dev \
+        libkrb5-dev \
+        libpng-dev \
+        libpq-dev \
+        libzip-dev \
+        libtidy-dev \
+        libsodium-dev \
+        netcat \
+        curl \
+        \
+        && apt-get -y autoclean; apt-get -y autoremove; \
+        rm -rf /var/lib/apt/lists/*
+
+# Link LDAP library for PHP ldap extension
+RUN set -ex; \
+        ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/
+
+# Install PHP Plugins and Configure PHP imap plugin
+RUN set -ex; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
+        docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
+        docker-php-ext-install -j5 \
+        exif \
+        gd \
+        imap \
+        ldap \
+        mbstring \
+        pdo \
+        pdo_mysql \
+        pdo_pgsql \
+        pgsql \
+        sodium \
+        tidy \
+        zip
+
+ENV LIMESURVEY_VERSION=$version
+
+# Apache configuration
+RUN a2enmod headers rewrite remoteip; \
+        {\
+        echo RemoteIPHeader X-Real-IP ;\
+        echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
+        echo RemoteIPTrustedProxy 172.16.0.0/12 ;\
+        echo RemoteIPTrustedProxy 192.168.0.0/16 ;\
+        } > /etc/apache2/conf-available/remoteip.conf;\
+        a2enconf remoteip
+
+# Use the default production configuration
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+
+# Download, unzip and chmod LimeSurvey from official GitHub repository
+RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
+        \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
+        chown -R "$USER:$USER" /var/www/html /etc/apache2
+
+EXPOSE $LISTEN_PORT
+
+WORKDIR /var/www/html
+COPY entrypoint.sh entrypoint.sh
+COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf
+USER $USER
+ENTRYPOINT ["/var/www/html/entrypoint.sh"]
+CMD ["apache2-foreground"]

5.0/apache/entrypoint.sh

@@ -0,0 +1,166 @@
+#!/bin/bash
+# Entrypoint for Docker Container
+
+
+DB_TYPE=${DB_TYPE:-'mysql'}
+DB_HOST=${DB_HOST:-'mysql'}
+DB_PORT=${DB_PORT:-'3306'}
+DB_SOCK=${DB_SOCK:-}
+DB_NAME=${DB_NAME:-'limesurvey'}
+DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
+DB_USERNAME=${DB_USERNAME:-'limesurvey'}
+DB_PASSWORD=${DB_PASSWORD:-}
+
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
+ADMIN_USER=${ADMIN_USER:-'admin'}
+ADMIN_NAME=${ADMIN_NAME:-'admin'}
+ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
+
+BASE_URL=${BASE_URL:-}
+PUBLIC_URL=${PUBLIC_URL:-}
+URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
+
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+LISTEN_PORT=${LISTEN_PORT:-"8080"}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
+
+if [ "$LISTEN_PORT" != "80" ]; then
+    echo "Info: Customizing Apache Listen port to $LISTEN_PORT"
+    sed -i "s/Listen 80\$/Listen $LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf
+fi
+
+# Check if database is available
+if [ -z "$DB_SOCK" ]; then
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
+    do
+        echo "Info: Waiting for database connection..."
+        sleep 5
+    done
+fi
+
+# Check if config already provisioned
+if [ -f application/config/config.php ]; then
+    echo 'Info: config.php already provisioned'
+else
+    echo 'Info: Generating config.php'
+
+    if [ "$DB_TYPE" = 'mysql' ]; then
+        echo 'Info: Using MySQL configuration'
+        DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
+    fi
+
+    if [ "$DB_TYPE" = 'pgsql' ]; then
+        echo 'Info: Using PostgreSQL configuration'
+        DB_CHARSET=${DB_CHARSET:-'utf8'}
+    fi
+
+    if [ -n "$DB_SOCK" ]; then
+        echo 'Info: Using unix socket'
+        DB_CONNECT='unix_socket'
+    else
+        echo 'Info: Using TCP connection'
+        DB_CONNECT='host'
+    fi
+
+    if [ -z "$PUBLIC_URL" ]; then
+        echo 'Info: Setting PublicURL'
+    fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => $SHOW_SCRIPT_NAME,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
+
+# Check if LimeSurvey database is provisioned
+echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
+php application/commands/console.php updatedb
+
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
+    echo 'Info: Database already provisioned'
+else
+    echo ''
+    echo 'Running console.php install'
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
+fi
+
+exec "$@"

5.0/apache/vhosts-access-log.conf

@@ -0,0 +1,3 @@
+SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog

5.0/fpm-alpine/Dockerfile

@@ -0,0 +1,60 @@
+FROM php:8-fpm-alpine
+LABEL maintainer="markus@martialblog.de"
+ARG version='5.1.2+210813'
+ARG sha256_checksum='c8763494cabae983611e177bb551c837441509d8c94dd7e1f4825eff954c962a'
+ARG USER=www-data
+
+# Install OS dependencies
+RUN set -ex; \
+        apk add --no-cache --virtual .build-deps \
+        freetype-dev \
+        libpng-dev \
+        libzip-dev \
+        libjpeg-turbo-dev \
+        tidyhtml-dev \
+        libsodium-dev \
+        openldap-dev \
+        oniguruma-dev \
+        imap-dev \
+        postgresql-dev && \
+        apk add --no-cache netcat-openbsd bash
+
+# Install PHP Plugins
+RUN set -ex; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
+        docker-php-ext-configure imap --with-imap-ssl && \
+        docker-php-ext-install \
+        exif \
+        gd \
+        imap \
+        ldap \
+        mbstring \
+        pdo \
+        pdo_mysql \
+        pdo_pgsql \
+        pgsql \
+        sodium \
+        tidy \
+        zip
+
+# Download, unzip and chmod LimeSurvey from official GitHub repository
+RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
+        \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        \
+        rm -rf "/tmp/limesurvey.tar.gz" \
+        /var/www/html/docs \
+        /var/www/html/tests \
+        /var/www/html/*.md && \
+        chown -R "${USER}:root" /var/www/ ; \
+        chmod -R g=u /var/www
+
+EXPOSE 9000
+
+WORKDIR /var/www/html
+COPY entrypoint.sh entrypoint.sh
+USER $USER
+ENTRYPOINT ["/var/www/html/entrypoint.sh"]
+CMD ["php-fpm"]

5.0/fpm-alpine/entrypoint.sh

@@ -0,0 +1,159 @@
+#!/bin/bash
+# Entrypoint for Docker Container
+
+
+DB_TYPE=${DB_TYPE:-'mysql'}
+DB_HOST=${DB_HOST:-'mysql'}
+DB_PORT=${DB_PORT:-'3306'}
+DB_SOCK=${DB_SOCK:-}
+DB_NAME=${DB_NAME:-'limesurvey'}
+DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
+DB_USERNAME=${DB_USERNAME:-'limesurvey'}
+DB_PASSWORD=${DB_PASSWORD:-}
+
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
+ADMIN_USER=${ADMIN_USER:-'admin'}
+ADMIN_NAME=${ADMIN_NAME:-'admin'}
+ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
+
+BASE_URL=${BASE_URL:-}
+PUBLIC_URL=${PUBLIC_URL:-}
+URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
+
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
+
+# Check if database is available
+if [ -z "$DB_SOCK" ]; then
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
+    do
+        echo "Info: Waiting for database connection..."
+        sleep 5
+    done
+fi
+
+# Check if config already provisioned
+if [ -f application/config/config.php ]; then
+    echo 'Info: config.php already provisioned'
+else
+    echo 'Info: Generating config.php'
+
+    if [ "$DB_TYPE" = 'mysql' ]; then
+        echo 'Info: Using MySQL configuration'
+        DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
+    fi
+
+    if [ "$DB_TYPE" = 'pgsql' ]; then
+        echo 'Info: Using PostgreSQL configuration'
+        DB_CHARSET=${DB_CHARSET:-'utf8'}
+    fi
+
+    if [ -n "$DB_SOCK" ]; then
+        echo 'Info: Using unix socket'
+        DB_CONNECT='unix_socket'
+    else
+        echo 'Info: Using TCP connection'
+        DB_CONNECT='host'
+    fi
+
+    if [ -z "$PUBLIC_URL" ]; then
+        echo 'Info: Setting PublicURL'
+    fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => $SHOW_SCRIPT_NAME,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
+
+# Check if LimeSurvey database is provisioned
+echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
+php application/commands/console.php updatedb
+
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
+    echo 'Info: Database already provisioned'
+else
+    echo ''
+    echo 'Running console.php install'
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
+fi
+
+exec "$@"

5.0/fpm/Dockerfile

@@ -0,0 +1,69 @@
+FROM php:8-fpm
+LABEL maintainer="markus@martialblog.de"
+ARG version='5.1.2+210813'
+ARG sha256_checksum='c8763494cabae983611e177bb551c837441509d8c94dd7e1f4825eff954c962a'
+ARG USER=www-data
+
+# Install OS dependencies
+RUN set -ex; \
+        apt-get update && \
+        DEBIAN_FRONTEND=noninteractive \
+        apt-get install --no-install-recommends -y \
+        \
+        libldap2-dev \
+        libfreetype6-dev \
+        libjpeg-dev \
+        libonig-dev \
+        zlib1g-dev \
+        libc-client-dev \
+        libkrb5-dev \
+        libpng-dev \
+        libpq-dev \
+        libzip-dev \
+        libtidy-dev \
+        libsodium-dev \
+        netcat \
+        \
+        && apt-get -y autoclean; apt-get -y autoremove; \
+        rm -rf /var/lib/apt/lists/*
+
+# Link LDAP library for PHP ldap extension
+RUN set -ex; \
+        ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/
+
+# Install PHP Plugins and Configure PHP imap plugin
+RUN set -ex; \
+        docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \
+        docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
+        docker-php-ext-install -j5 \
+        exif \
+        gd \
+        imap \
+        ldap \
+        mbstring \
+        pdo \
+        pdo_mysql \
+        pdo_pgsql \
+        pgsql \
+        sodium \
+        tidy \
+        zip
+
+ENV LIMESURVEY_VERSION=$version
+
+# Download, unzip and chmod LimeSurvey from official GitHub repository
+RUN set -ex; \
+        curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
+        \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
+        chown -R "$USER:$USER" /var/www/html
+
+EXPOSE 9000
+
+WORKDIR /var/www/html
+COPY entrypoint.sh entrypoint.sh
+USER $USER
+ENTRYPOINT ["/var/www/html/entrypoint.sh"]
+CMD ["php-fpm"]

5.0/fpm/entrypoint.sh

@@ -0,0 +1,159 @@
+#!/bin/bash
+# Entrypoint for Docker Container
+
+
+DB_TYPE=${DB_TYPE:-'mysql'}
+DB_HOST=${DB_HOST:-'mysql'}
+DB_PORT=${DB_PORT:-'3306'}
+DB_SOCK=${DB_SOCK:-}
+DB_NAME=${DB_NAME:-'limesurvey'}
+DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
+DB_USERNAME=${DB_USERNAME:-'limesurvey'}
+DB_PASSWORD=${DB_PASSWORD:-}
+
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
+ADMIN_USER=${ADMIN_USER:-'admin'}
+ADMIN_NAME=${ADMIN_NAME:-'admin'}
+ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
+
+BASE_URL=${BASE_URL:-}
+PUBLIC_URL=${PUBLIC_URL:-}
+URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
+
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
+
+# Check if database is available
+if [ -z "$DB_SOCK" ]; then
+    until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
+    do
+        echo "Info: Waiting for database connection..."
+        sleep 5
+    done
+fi
+
+# Check if config already provisioned
+if [ -f application/config/config.php ]; then
+    echo 'Info: config.php already provisioned'
+else
+    echo 'Info: Generating config.php'
+
+    if [ "$DB_TYPE" = 'mysql' ]; then
+        echo 'Info: Using MySQL configuration'
+        DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
+    fi
+
+    if [ "$DB_TYPE" = 'pgsql' ]; then
+        echo 'Info: Using PostgreSQL configuration'
+        DB_CHARSET=${DB_CHARSET:-'utf8'}
+    fi
+
+    if [ -n "$DB_SOCK" ]; then
+        echo 'Info: Using unix socket'
+        DB_CONNECT='unix_socket'
+    else
+        echo 'Info: Using TCP connection'
+        DB_CONNECT='host'
+    fi
+
+    if [ -z "$PUBLIC_URL" ]; then
+        echo 'Info: Setting PublicURL'
+    fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    //'session' => array (
+    //   'class' => 'application.core.web.DbHttpSession',
+    //   'connectionID' => 'db',
+    //   'sessionTableName' => '{{sessions}}',
+    //),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => $SHOW_SCRIPT_NAME,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+    echo 'Info: Setting Table Session'
+    # Remove the comments in the config
+    sed -i "s/\/\///g" application/config/config.php
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
+
+# Check if LimeSurvey database is provisioned
+echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
+php application/commands/console.php updatedb
+
+PHP_UPDATEDB_EXIT_CODE=$?
+
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
+    echo 'Info: Database already provisioned'
+else
+    echo ''
+    echo 'Running console.php install'
+    php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME $ADMIN_EMAIL"
+fi
+
+exec "$@"

CONTRIBUTING.md

@@ -4,31 +4,49 @@ Every Pull Request is welcome.
 
 ## Upgrading the Version
 
-To upgrade the LimeSurvey Version the ARG variable needs to be changed.
+The versions in this repository should correspond to the [GitHub LimeSurvey Releases](https://github.com/LimeSurvey/LimeSurvey/releases)
+
+To update the version, simply update ARG variables for version and corresponding checksum:
 
 ```bash
-$ grep Agrep ARG apache/Dockerfile
-ARG version='3.7.0+180418'
+# Version from GitHub Tags
+# sha256 of tar.gz from GitHub Releases
+
+$ grep ARG 4.0/apache/Dockerfile
+ARG version='4.3.13+200824'
+ARG sha256_checksum='4e9c6f20e'
 ```
 
-Since this is a reoccuring and boring task, a script is provided.
+It is best to use the upgrade shell script:
 
 ```bash
-# Dependencies
-python3 -m venv .venv
-source .venv/bin/activate
-pip3 install -r requirements.txt
+./upgrade.sh 4.3.13+200824
+# Check if sha256 is correct
 
-# Upgrades to latest Limesurvey version
-./upgrade.py
+git add 4.0/ && git commit -m 'Upgrading to Version 4.3.13+200824'
+git tag 4.3.13-200824
 ```
 
 ## Testing
 
-In order to make sure the image works as promised, some tests are provided:
-
-```bash
-./tests/run.sh
-```
+In order to make sure the image works as promised, some container-structure-tests are provided. The tests require the `container-structure-test` tool to be installed.
 
 For further information:  https://github.com/GoogleContainerTools/container-structure-test
+
+```bash
+make apache-latest
+
+container-structure-test test --image docker.io/martialblog/limesurvey:5-apache --config tests/apache-tests.yaml
+```
+
+```bash
+make fpm-latest
+
+container-structure-test test --image  docker.io/martialblog/limesurvey:5-fpm-alpine --config tests/fpm-alpine-tests.yaml
+```
+
+```bash
+make fpm-alpine-latest
+
+container-structure-test test --image  docker.io/martialblog/limesurvey:5-fpm --config tests/fpm-tests.yaml
+```

Makefile

@@ -0,0 +1,14 @@
+# .PHONY: apache fpm fpm-alpine
+
+apache-lts:
+	docker build --pull -t docker.io/martialblog/limesurvey:3-apache 3.0/apache
+apache-latest:
+	docker build --pull -t docker.io/martialblog/limesurvey:5-apache 5.0/apache
+fpm-alpine-lts:
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
+fpm-alpine-latest:
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
+fpm-lts:
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm 3.0/fpm
+fpm-latest:
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm 5.0/fpm

README.md

@@ -1,27 +1,48 @@
-[![Build Status](https://travis-ci.org/martialblog/docker-limesurvey.svg?branch=master)](https://travis-ci.org/martialblog/docker-limesurvey)
+[![Lint Dockerfile](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml)
+[![Test LTS Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml)
+[![Test Latest Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml)
 [![](https://images.microbadger.com/badges/image/martialblog/limesurvey.svg)](https://microbadger.com/images/martialblog/limesurvey "Get your own image badge on microbadger.com")
 
 # LimeSurvey Docker
 
 Dockerfile to build a [LimeSurvey](https://limesurvey.org) Image for the Docker container platform.
 
-# Using the apache image
+## Quick reference
 
-The apache image comes with an Apache Webserver and PHP installed.
+- **Maintained by:** https://github.com/martialblog/
+- **Where to get help:** [GitHub Issues](https://github.com/martialblog/docker-limesurvey/issues)
 
-# Apache Configuration
+## Supported tags and respective Dockerfile links
+
+- [`5-apache`, `5.<BUILD-NUMBER>-apache`, `latest` ](https://github.com/martialblog/docker-limesurvey/blob/master/5.0/apache/Dockerfile)
+- [`5-fpm`, `5.<BUILD-NUMBER>-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/5.0/fpm/Dockerfile)
+- [`5-fpm-alpine`, `5.<BUILD-NUMBER>-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/5.0/fpm-alpine/Dockerfile)
+- [`3-apache`, `3.<BUILD-NUMBER>-apache`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/apache/Dockerfile)
+- [`3-fpm`, `3.<BUILD-NUMBER>-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/fpm/Dockerfile)
+- [`3-fpm-alpine`, `3.<BUILD-NUMBER>-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/fpm-alpine/Dockerfile)
+
+# Using the Apache Image
+
+The `apache` image comes with an Apache Webserver and PHP installed.
+
+This image is also available in a `rootless` variant with `www-data` as default user and Apache listening on 8080. Starting from 5.0, the `rootless` variant is the default for Apache images.
+
+## Apache Configuration
 
 To change to Apache Webserver configuration, mount a Volume into the Container at:
 
- - /etc/apache2/sites-available/000-default.conf
+ - `/etc/apache2/sites-available/000-default.conf`
 
 See the example configuration provided.
 
-# Using the fpm image
+The Apache port can be specified by setting the environment variable `LISTEN_PORT` (e.g. `LISTEN_PORT=8080`). Starting from 5.0, Apache defaults to listening on a non-privilged port (8080) in inside the container.
+
+# Using the fpm Image
 
 To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example.
 
-# Using the fpm image with https
+## Using the fpm Image with HTTPS
+
 If you would like to run the fpm setup with https, you can get a free certificate from Letsencrypt. As an example, the configuration in *docker-compose.fpm-certbot.yml*
 will take care of getting a certificate and installing it. Please note that you will have to adjust the domain name in the file *examples/nginx-certbot.conf* to match
 the domain used in the *HOSTNAMES* variable in the docker-compose configuration file. If you added both the a domain and the hostname *www* within the domain,
@@ -36,11 +57,11 @@ LimeSurvey requires an external database (MySQL, PostgreSQL) to run. See *docker
 
 To preserve the uploaded files assign the upload folder into a volume. See *docker-compose.yml* for example.
 
-Path: */var/www/html/upload/surveys*
+Path: `/var/www/html/upload/surveys`
 
 **Hint**: The mounted directory must be owned by the webserver user (e.g. www-data)
 
-# LimeSurvey Configuration
+# LimeSurvey configuration
 
 The entrypoint will create a new config.php if none is provided and run the LimeSurvey command line interface for installation.
 
@@ -48,20 +69,31 @@ The entrypoint will create a new config.php if none is provided and run the Lime
 
 To change to LimeSurvey configuration, you can mount a Volume into the Container at:
 
- - /my-data/config.php:/var/www/html/application/config/config.php
+ - `/my-data/config.php:/var/www/html/application/config/config.php`
 
 **Hint**: If this configuration is present before the installation, the LimeSurvey Web Installer will not run automatically.
 
-## Data Encryption
+## Data encryption
 
-LimeSurvey 4 supports data encryption, this image give you these options:
+LimeSurvey version 4.0 and newer support data encryption, this image give you these options:
 
 * Provide a security.php file directly (volume)
-* Provide encryption keys for the security.php file (environment variables)
-* Provide nothing and get a non-persistent security.php file
+* Provide encryption keys for the `security.php` file (environment variables)
+* Provide nothing and get a non-persistent `security.php` file
 
 For further details on the settings see: https://manual.limesurvey.org/Data_encryption
 
+# Reverse Proxy configuration
+
+## Traefik example
+
+```
+# BASE_URL = /limesurvey
+"traefik.http.routers.limesurvey.rule=PathPrefix(`/limesurvey`)",
+"traefik.http.routers.limesurvey.middlewares=strip-limesurvey@docker",
+"traefik.http.middlewares.strip-limesurvey.stripprefix.prefixes=/limesurvey",
+```
+
 # Environment Variables
 
 | Parameter       | Description                               |
@@ -79,16 +111,20 @@ For further details on the settings see: https://manual.limesurvey.org/Data_encr
 | ADMIN_EMAIL     | Initial LimeSurvey Admin Email            |
 | ADMIN_PASSWORD  | Initial LimeSurvey Admin Password         |
 | PUBLIC_URL      | Public URL for public scripts             |
+| BASE_URL        | Application Base URL                      |
 | URL_FORMAT      | URL Format. path or get                   |
+| TABLE_SESSION   | Enable table sessions (true)              |
+| SHOW_SCRIPT_NAME | Script name in URL (true|false). Default: true |
 | DEBUG           | Debug level (0, 1, 2). Default: 0         |
 | DEBUG_SQL       | SQL Debug level (0, 1, 2). Default 0      |
 | ENCRYPT_KEYPAIR  | Data encryption keypair                  |
 | ENCRYPT_PUBLIC_KEY | Data encryption public key             |
-| ENCRYPY_SECRET_KEY | Data encryption secret key             |
+| ENCRYPT_SECRET_KEY | Data encryption secret key             |
+| LISTEN_PORT     | Apache: Listen port. Default: 8080        |
 
 For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings
 
-# Running this image with docker-compose
+# Running LimeSurvey with docker-compose
 
 The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the [repository](https://github.com/martialblog/docker-limesurvey).
 
@@ -102,6 +138,48 @@ http://localhost:8080/
 http://localhost:8080/index.php/admin
 ```
 
+# Running LimeSurvey with Helm
+
+A Helm Chart for this Image can be used for deployments. Please refer to the Helm Repository for further details:
+
+https://github.com/martialblog/helm-charts
+
+# Upgrade Guide
+
+These guides are only referring to the Docker Image, for details on the application users should consult the [official LimeSurvey documentation](https://manual.limesurvey.org/Upgrading_from_a_previous_version) for details.
+
+## Upgrading the FPM Images
+
+If you are using docker-compose to run the FPM Images, you need to stop the application and webserver Containers and delete the application volume:
+
+```
+$ docker volume ls
+DRIVER    VOLUME NAME
+local     docker-limesurvey_lime
+
+$ docker volume rm docker-limesurvey_lime
+```
+
+## Upgrading to 5.0 from 4.x
+
+The default user in the Container will now be *www-data* (uid 33 in Debian, uid 82 in Alpine), any volumes mounted need the corresponding permissions:
+
+```
+# Debian
+$ ls -ln upload/
+total 4
+drwxr-xr-x 3 33 33 4096 Jun  3 13:51 surveys
+```
+
+```
+# Alpine
+$ ls -ln upload/
+total 4
+drwxr-xr-x 3 82 82 4096 Jun  3 13:51 surveys
+```
+
+If you are using the Apache2 Images, the default port will now be **8080**. Depending on your setup the port configurations might need adjustment.
+
 # References
 
 - https://www.limesurvey.org/

docker-compose.example.yml

@@ -6,7 +6,7 @@ services:
     environment:
       - DB_TYPE=pgsql
       - DB_PORT=5432
-      - DB_HOST=limesurvey_db_1.limesurvey_default
+      - DB_HOST=db
       - DB_PASSWORD=example
       - DB_NAME=limesurvey
       - DB_USERNAME=limesurvey
@@ -18,12 +18,14 @@ services:
     volumes:
       - limesurvey:/var/www/html/upload/surveys
     ports:
-      - 8080:80
+      - 8080:8080
     depends_on:
       - db
   db:
-    image: postgres:9.6-alpine
+    image: postgres:10-alpine
     restart: always
+    volumes:
+      - db-data:/var/lib/postgresql
     environment:
       - POSTGRES_USER=limesurvey
       - POSTGRES_DB=limesurvey
@@ -31,3 +33,4 @@ services:
 
 volumes:
   limesurvey:
+  db-data:

docker-compose.fpm-certbot.yml

@@ -2,9 +2,10 @@ version: "3.0"
 services:
   limesurvey:
     build:
-      context: 4.0/fpm/
+      context: 5.0/fpm/
       dockerfile: Dockerfile
     volumes:
+      # Hint: This is just an example, change /tmp to something persistent
       - /tmp/upload/surveys:/var/www/html/upload/surveys
       - lime:/var/www/html
     links:

docker-compose.fpm.alpine.yml

@@ -2,9 +2,10 @@ version: "3.0"
 services:
   limesurvey:
     build:
-      context: 4.0/fpm-alpine/
+      context: 5.0/fpm-alpine/
       dockerfile: Dockerfile
     volumes:
+      # Hint: This is just an example, change /tmp to something persistent
       - /tmp/upload/surveys:/var/www/html/upload/surveys
       - lime:/var/www/html
     links:
@@ -12,7 +13,7 @@ services:
     depends_on:
       - lime-db
     environment:
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-web:

docker-compose.fpm.yml

@@ -2,9 +2,10 @@ version: "3.0"
 services:
   limesurvey:
     build:
-      context: 4.0/fpm/
+      context: 5.0/fpm/
       dockerfile: Dockerfile
     volumes:
+      # Hint: This is just an example, change /tmp to something persistent
       - /tmp/upload/surveys:/var/www/html/upload/surveys
       - lime:/var/www/html
     links:
@@ -12,7 +13,7 @@ services:
     depends_on:
       - lime-db
     environment:
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-web:

docker-compose.pgsql.yml

@@ -2,25 +2,31 @@ version: "3.0"
 services:
   limesurvey:
     build:
-      context: 4.0/apache/
+      context: 5.0/apache/
       dockerfile: Dockerfile
     volumes:
+      # Hint: This is just an example, change /tmp to something persistent
       - /tmp/upload/surveys:/var/www/html/upload/surveys
     links:
       - lime-db
     depends_on:
       - lime-db
     ports:
-      - "8080:80"
+      - "8080:8080"
     environment:
       - "DB_TYPE=pgsql"
       - "DB_PORT=5432"
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-db:
     image: postgres:10
+    volumes:
+      - db-data:/var/lib/postgresql
     environment:
       - "POSTGRES_USER=limesurvey"
       - "POSTGRES_DB=limesurvey"
       - "POSTGRES_PASSWORD=secret"
+
+volumes:
+  db-data:

docker-compose.yml

@@ -2,18 +2,19 @@ version: "3.0"
 services:
   limesurvey:
     build:
-      context: 4.0/apache/
+      context: 5.0/apache/
       dockerfile: Dockerfile
     volumes:
+      # Hint: This is just an example, change /tmp to something persistent
       - /tmp/upload/surveys:/var/www/html/upload/surveys
     links:
       - lime-db
     depends_on:
       - lime-db
     ports:
-      - "8080:80"
+      - "8080:8080"
     environment:
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-db:

examples/apache-example.conf

@@ -1,4 +1,4 @@
-<VirtualHost *:80>
+<VirtualHost *:8080>
 	ServerAdmin foo@bar.com
 	DocumentRoot /var/www/html
         Alias /lime "/var/www/html"

makefile

@@ -1,14 +0,0 @@
-.PHONY: apache fpm fpm-alpine
-
-apache:
-	docker build --pull -t limesurvey:apache 3.0/apache
-apache4:
-	docker build --pull -t limesurvey:apache 4.0/apache
-fpm-alpine:
-	docker build --pull -t limesurvey:fpm-alpine 3.0/fpm-alpine
-fpm-alpine4:
-	docker build --pull -t limesurvey:fpm-alpine 4.0/fpm-alpine
-fpm:
-	docker build --pull -t limesurvey:fpm 3.0/fpm
-fpm4:
-	docker build --pull -t limesurvey:fpm 4.0/fpm

nginx-certbot/Dockerfile

@@ -1,10 +1,14 @@
-FROM nginx
-RUN apt-get update && \
-    apt-get install -y certbot curl python-certbot-nginx && \
-    apt-get -y autoclean; apt-get -y autoremove; \
-    rm -rf /var/lib/apt/lists/*
+FROM nginx:stable
+LABEL maintainer="markus@martialblog.de"
+
+RUN set -ex; \
+        apt-get update && \
+        DEBIAN_FRONTEND=noninteractive \
+        apt-get install --no-install-recommends -y \
+        certbot curl python-certbot-nginx && \
+        apt-get -y autoclean; apt-get -y autoremove; \
+        rm -rf /var/lib/apt/lists/*
 
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod 700 /entrypoint.sh
-
 CMD ["/entrypoint.sh"]

nginx-certbot/entrypoint.sh

@@ -1,25 +1,25 @@
 #!/bin/sh
 
-cert_path=/etc/letsencrypt/live/$(echo $HOSTNAMES | awk '{print $1}')
+cert_path=/etc/letsencrypt/live/$(echo "$HOSTNAMES" | awk '{print $1}')
 mkdir -p cert_path
 
 # if there is no certificate yet, get one
 email="--email $CERT_EMAIL"
-if [ -z $CERT_EMAIL ]
+if [ -z "$CERT_EMAIL" ]
 then
     email='--register-unsafely-without-email'
 fi
-if [ ! -e $cert_path/privkey.pem ]
+if [ ! -e "$cert_path/privkey.pem" ]
 then
     names=""
     for h in $HOSTNAMES
     do
-        names=$(echo "$names -d $h")
+        names="$names -d $h"
     done
     echo "Getting new certificate..."
     /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf
     /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem
-    /usr/bin/certbot certonly --standalone $names --agree-tos $email
+    /usr/bin/certbot certonly --standalone "$names" --agree-tos "$email"
 fi
 
-nginx -g "daemon off;"
+nginx -g "daemon off;"

tests/fpm-alpine-tests.yaml

@@ -0,0 +1,57 @@
+schemaVersion: "2.0.0"
+
+globalEnvVars:
+  - key: "PATH"
+    value: "/env/bin:$PATH"
+
+fileContentTests:
+  - name: 'Limesurvey admin file content'
+    path: '/var/www/html/admin/index.php'
+    expectedContents: ['LimeSurvey']
+  - name: 'Entrypoint file content'
+    path: '/var/www/html/entrypoint.sh'
+    expectedContents: ['console.php', 'ADMIN_USER']
+
+fileExistenceTests:
+  - name: 'Limesurvey files'
+    path: '/var/www/html/index.php'
+    shouldExist: true
+    permissions: '-rw-rw-r--'
+  - name: 'Limesurvey admin files'
+    path: '/var/www/html/admin/index.php'
+    shouldExist: true
+    permissions: '-rw-rw-r--'
+  - name:  "Dependencies - PHP - gd"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-gd.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - imap"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-imap.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - ldap"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-ldap.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pgsql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pgsql.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - zip"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-zip.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - sodium"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pdo_mysql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pdo_pgsql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_pgsql.ini'
+    shouldExist: true
+
+commandTests:
+  - name:  "Dependencies - netcat"
+    command: "apk"
+    args: ["info", "-e", "netcat-openbsd"]
+    exitCode: 0
+  - name:  "Dependencies - PHP Modules"
+    command: "php"
+    args: ["-m"]
+    expectedOutput: ["ldap", "zip", "pdo_mysql", "pdo_sqlite", "gd", "mbstring", "PDO", "imap"]

tests/fpm-tests.yaml

@@ -0,0 +1 @@
+apache-tests.yaml

tests/run.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-IMAGE=$1
-
-if [ ! -f container-structure-test ]; then
-   curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
-   mv container-structure-test-linux-amd64 container-structure-test
-   chmod +x container-structure-test
-fi
-
-./container-structure-test test --image $IMAGE --config tests/image_tests.yaml

upgrade.sh

@@ -11,11 +11,14 @@ if [ $# -eq 0 ]
 fi
 
 NEW_VERSION=$1
-MAJOR_VERSION=$(echo $NEW_VERSION | cut -c 1 | awk '{print $1".0"}')
+MAJOR_VERSION="${NEW_VERSION%%.*}.0"
+NEW_TAG="${NEW_VERSION%+*}-${NEW_VERSION#*+}"
 
-grep -qc $NEW_VERSION $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
+grep -qc "$NEW_VERSION" "$MAJOR_VERSION/apache/Dockerfile" "$MAJOR_VERSION/fpm/Dockerfile" "$MAJOR_VERSION/fpm-alpine/Dockerfile"
 
-if [ $? -eq 0 ]
+GREP_NEW_VERSION_EXIT_CODE=$?
+
+if [ $GREP_NEW_VERSION_EXIT_CODE -eq 0 ]
    then
        echo "Already at version ${NEW_VERSION}"
        exit 0
@@ -27,7 +30,9 @@ wget -P /tmp "https://github.com/LimeSurvey/LimeSurvey/archive/${NEW_VERSION}.ta
 SHA256_CHECKSUM=$(sha256sum "/tmp/${NEW_VERSION}.tar.gz" | awk '{ print $1 }')
 
 # Update lines in the files
-sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
-sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
+sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" "$MAJOR_VERSION/apache/Dockerfile" "$MAJOR_VERSION/fpm/Dockerfile" "$MAJOR_VERSION/fpm-alpine/Dockerfile"
+sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" "$MAJOR_VERSION/apache/Dockerfile" "$MAJOR_VERSION/fpm/Dockerfile" "$MAJOR_VERSION/fpm-alpine/Dockerfile"
 
 # After that, check and commit
+echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_TAG}"
+echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_TAG}"