Upgrading to LTS Version 3.27.4+210622

* Add Trivy Scan and Structure Tests
* Update README, fancy new Badges!
* Update Makefile, full-qualified Image names

.github/workflows/build-latest-container-images.yaml

@@ -0,0 +1,96 @@
+name: Publish Latest Container Images
+on:
+  push:
+    tags:
+      - '5.*'
+
+jobs:
+  lint_dockerfiles:
+    name: Lint Dockerfile with hadolint
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dockerfile:
+          - 5.0/apache/Dockerfile
+          - 5.0/fpm-alpine/Dockerfile
+          - 5.0/fpm/Dockerfile
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/hadolint-action@v1.5.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL4006 DL3008 DL3018
+
+  push_images_to_registries:
+    name: Push Container Images to registries
+    runs-on: ubuntu-latest
+    needs: [lint_dockerfiles]
+    environment: docker-build
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+        with:
+          buildkitd-flags: --debug
+      - name: 'Log in to DockerHub'
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - name: 'Apache variant metadata'
+        id: metadata-apache
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{raw}},suffix=-apache
+            type=semver,pattern={{major}},suffix=-apache
+          flavor: |
+            latest=false
+      - name: 'Build and push latest Apache container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/apache
+          push: true
+          tags: ${{ steps.metadata-apache.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}
+
+      - name: 'FPM variant metadata'
+        id: metadata-fpm
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm
+            type=semver,pattern={{major}},suffix=-fpm
+      - name: 'Build and push latest fpm container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/fpm
+          push: true
+          tags: ${{ steps.metadata-fpm.outputs.tags }}
+          labels: ${{ steps.metadata-fpm.outputs.labels }}
+
+      - name: 'FPM Alpine variant metadata'
+        id: metadata-fpm-alpine
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm-alpine
+            type=semver,pattern={{major}},suffix=-fpm-alpine
+      - name: 'Build and push latest fpm-alpine container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/fpm-alpine
+          push: true
+          tags: ${{ steps.metadata-fpm-alpine.outputs.tags }}
+          labels: ${{ steps.metadata-fpm-alpine.outputs.labels }}

.github/workflows/build-lts-container-images.yaml

@@ -0,0 +1,96 @@
+name: Publish LTS Container Images
+on:
+  push:
+    tags:
+      - '3.*'
+
+jobs:
+  lint_dockerfiles:
+    name: 'Lint Dockerfile with hadolint'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dockerfile:
+          - 3.0/apache/Dockerfile
+          - 3.0/fpm-alpine/Dockerfile
+          - 3.0/fpm/Dockerfile
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/hadolint-action@v1.5.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL4006 DL3008 DL3018
+
+  push_images_to_registries:
+    name: 'Push container images to registries'
+    runs-on: ubuntu-latest
+    needs: [lint_dockerfiles]
+    environment: docker-build
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+        with:
+          buildkitd-flags: --debug
+      - name: 'Log in to DockerHub'
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+      - name: 'Apache variant metadata'
+        id: metadata-apache
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{raw}},suffix=-apache
+            type=semver,pattern={{major}},suffix=-apache
+          flavor: |
+            latest=false
+      - name: 'Build and push LTS apache container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/apache
+          push: true
+          tags: ${{ steps.metadata-apache.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}
+
+      - name: 'FPM variant metadata'
+        id: metadata-fpm
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm
+            type=semver,pattern={{major}},suffix=-fpm
+      - name: 'Build and push LTS fpm container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/fpm
+          push: true
+          tags: ${{ steps.metadata-fpm.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}
+
+      - name: 'FPM Alpine variant metadata'
+        id: metadata-fpm-alpine
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            docker.io/martialblog/limesurvey
+          tags: |
+            type=semver,pattern={{version}},suffix=-fpm-alpine
+            type=semver,pattern={{major}},suffix=-fpm-alpine
+      - name: 'Build and push LTS fpm-alpine container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/fpm-alpine
+          push: true
+          tags: ${{ steps.metadata-fpm-alpine.outputs.tags }}
+          labels: ${{ steps.metadata-apache.outputs.labels }}

.github/workflows/lint-dockerfiles.yaml

@@ -0,0 +1,24 @@
+---
+name: Lint Dockerfile
+
+on: [push, pull_request]
+
+jobs:
+  lint:
+    name: Lint Dockerfile with hadolint
+    strategy:
+      matrix:
+        dockerfile:
+          - 3.0/apache/Dockerfile
+          - 3.0/fpm-alpine/Dockerfile
+          - 3.0/fpm/Dockerfile
+          - 5.0/apache/Dockerfile
+          - 5.0/fpm-alpine/Dockerfile
+          - 5.0/fpm/Dockerfile
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hadolint/hadolint-action@v1.5.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL4006 DL3008 DL3018

.github/workflows/test-latest-container-images.yaml

@@ -0,0 +1,49 @@
+name: Test Latest Container Images
+
+on: [push, pull_request]
+
+jobs:
+  test_images:
+    name: Test Latest Container Images with Trivy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        context:
+          - apache
+          - fpm-alpine
+          - fpm
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+
+      - name: 'Build Container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/${{ matrix.context }}
+          push: false
+          load: true
+          tags: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+
+      - name: 'Run Structure tests'
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+          config: tests/${{ matrix.context }}-tests.yaml
+
+      - name: 'Run vulnerability scanner'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: trivy-results-5-${{ matrix.context }}.sarif
+          severity: 'CRITICAL,HIGH'
+
+      - name: 'Upload Trivy scan results to GitHub'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: trivy-results-5-${{ matrix.context }}.sarif
+          category: "${{ matrix.context }}"

.github/workflows/test-lts-container-images.yaml

@@ -0,0 +1,49 @@
+name: Test LTS Container Images
+
+on: [push, pull_request]
+
+jobs:
+  test_images:
+    name: Test LTS Container Images with Trivy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        context:
+          - apache
+          - fpm-alpine
+          - fpm
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+
+      - name: 'Build Container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/${{ matrix.context }}
+          push: false
+          load: true
+          tags: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+
+      - name: 'Run Structure tests'
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+          config: tests/${{ matrix.context }}-tests.yaml
+
+      - name: 'Run vulnerability scanner'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: trivy-results-3-${{ matrix.context }}.sarif
+          severity: 'CRITICAL,HIGH'
+
+      - name: 'Upload Trivy scan results to GitHub'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: trivy-results-3-${{ matrix.context }}.sarif
+          category: "${{ matrix.context }}"

.travis.yml

@@ -1,18 +0,0 @@
-sudo: required
-language: bash
-services:
-  - docker
-install:
-jobs:
-  include:
-    - env: HADOLINT="${HOME}/hadolint"
-      script:
-          - curl -sL -o ${HADOLINT} "https://github.com/hadolint/hadolint/releases/download/v1.23.0/hadolint-$(uname -s)-$(uname -m)"
-          - chmod 700 ${HADOLINT}
-          - git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 ${HADOLINT} --ignore DL4006 --ignore DL3008 --ignore DL3018
-    - env: TAG=martialblog/limesurvey-apache
-      script: cd 5.0/apache; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG
-    - env: TAG=martialblog/limesurvey-fpm
-      script: cd 5.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG
-    - env: TAG=martialblog/limesurvey-alpine
-      script: cd 5.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG

3.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.2+210608'
+ARG version='3.27.4+210622'
-ARG sha256_checksum='84532a6e609cc8bb383db416a90d7e0eb684dfed10fcce232942702c988a996f'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 ARG USER=root
 ARG LISTEN_PORT=80
 

3.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.2+210608'
+ARG version='3.27.4+210622'
-ARG sha256_checksum='84532a6e609cc8bb383db416a90d7e0eb684dfed10fcce232942702c988a996f'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 
 # Install OS dependencies
 RUN set -ex; \

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.2+210608'
+ARG version='3.27.4+210622'
-ARG sha256_checksum='84532a6e609cc8bb383db416a90d7e0eb684dfed10fcce232942702c988a996f'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 
 # Install OS dependencies
 RUN set -ex; \

5.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:8-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='5.0.3+210609'
+ARG version='5.0.4+210614'
-ARG sha256_checksum='639e51ddbe6f8c85fdbf1ba583365380750a280e42d76eddfcdabe3918d176e4'
+ARG sha256_checksum='b2981b68269f3c9711d7479a509bdef2763827e620b097f8a235f82dabc65f7b'
 ARG USER=www-data
 ARG LISTEN_PORT=8080
 

5.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:8-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='5.0.3+210609'
+ARG version='5.0.4+210614'
-ARG sha256_checksum='639e51ddbe6f8c85fdbf1ba583365380750a280e42d76eddfcdabe3918d176e4'
+ARG sha256_checksum='b2981b68269f3c9711d7479a509bdef2763827e620b097f8a235f82dabc65f7b'
 ARG USER=www-data
 
 # Install OS dependencies

5.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:8-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='5.0.3+210609'
+ARG version='5.0.4+210614'
-ARG sha256_checksum='639e51ddbe6f8c85fdbf1ba583365380750a280e42d76eddfcdabe3918d176e4'
+ARG sha256_checksum='b2981b68269f3c9711d7479a509bdef2763827e620b097f8a235f82dabc65f7b'
 ARG USER=www-data
 
 # Install OS dependencies

Makefile

@@ -1,14 +1,14 @@
 # .PHONY: apache fpm fpm-alpine
 
 apache-lts:
-	docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache
+	docker build --pull -t docker.io/martialblog/limesurvey:3-apache 3.0/apache
 apache-latest:
-	docker build --pull -t martialblog/limesurvey:5-apache 5.0/apache
+	docker build --pull -t docker.io/martialblog/limesurvey:5-apache 5.0/apache
 fpm-alpine-lts:
-	docker build --pull -t martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
 fpm-alpine-latest:
-	docker build --pull -t martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
 fpm-lts:
-	docker build --pull -t martialblog/limesurvey:3-fpm 3.0/fpm
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm 3.0/fpm
 fpm-latest:
-	docker build --pull -t martialblog/limesurvey:5-fpm 5.0/fpm
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm 5.0/fpm

README.md

@@ -1,4 +1,6 @@
-[![Build Status](https://travis-ci.com/martialblog/docker-limesurvey.svg?branch=master)](https://travis-ci.com/martialblog/docker-limesurvey)
+[![Lint Dockerfile](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml)
+[![Test LTS Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml)
+[![Test Latest Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml)
 [![](https://images.microbadger.com/badges/image/martialblog/limesurvey.svg)](https://microbadger.com/images/martialblog/limesurvey "Get your own image badge on microbadger.com")
 
 # LimeSurvey Docker

tests/fpm-alpine-tests.yaml

@@ -0,0 +1,57 @@
+schemaVersion: "2.0.0"
+
+globalEnvVars:
+  - key: "PATH"
+    value: "/env/bin:$PATH"
+
+fileContentTests:
+  - name: 'Limesurvey admin file content'
+    path: '/var/www/html/admin/index.php'
+    expectedContents: ['LimeSurvey']
+  - name: 'Entrypoint file content'
+    path: '/var/www/html/entrypoint.sh'
+    expectedContents: ['console.php', 'ADMIN_USER']
+
+fileExistenceTests:
+  - name: 'Limesurvey files'
+    path: '/var/www/html/index.php'
+    shouldExist: true
+    permissions: '-rw-rw-r--'
+  - name: 'Limesurvey admin files'
+    path: '/var/www/html/admin/index.php'
+    shouldExist: true
+    permissions: '-rw-rw-r--'
+  - name:  "Dependencies - PHP - gd"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-gd.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - imap"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-imap.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - ldap"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-ldap.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pgsql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pgsql.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - zip"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-zip.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - sodium"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pdo_mysql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pdo_pgsql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_pgsql.ini'
+    shouldExist: true
+
+commandTests:
+  - name:  "Dependencies - netcat"
+    command: "apk"
+    args: ["info", "-e", "netcat-openbsd"]
+    exitCode: 0
+  - name:  "Dependencies - PHP Modules"
+    command: "php"
+    args: ["-m"]
+    expectedOutput: ["ldap", "zip", "pdo_mysql", "pdo_sqlite", "gd", "mbstring", "PDO", "imap"]

tests/fpm-tests.yaml

@@ -0,0 +1 @@
+apache-tests.yaml

tests/run.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-IMAGE=$1
-
-if [ ! -f container-structure-test ]; then
-   curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
-   mv container-structure-test-linux-amd64 container-structure-test
-   chmod +x container-structure-test
-fi
-
-./container-structure-test test --image $IMAGE --config tests/image_tests.yaml

upgrade.sh

@@ -12,6 +12,7 @@ fi
 
 NEW_VERSION=$1
 MAJOR_VERSION=$(echo $NEW_VERSION | cut -c 1 | awk '{print $1".0"}')
+NEW_TAG=$(echo $NEW_VERSION | sed "s/+/-/")
 
 grep -qc $NEW_VERSION $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
 
@@ -31,5 +32,5 @@ sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" $MAJOR_VERSION/apache/D
 sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
 
 # After that, check and commit
-echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
+echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_TAG}"
-echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
+echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_TAG}"