Merge pull request #16753 from noone-silent/5.0.x-dockerfile

niden · web-flow · commit 2b2a2fccf360 · 2025-04-13T13:29:54.000Z
T16752-create-docker-image-on-release
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -2,28 +2,55 @@ name: Build Dockerfiles
 
 on:
   push:
-    paths:
-      - 'docker/**'
-
-permissions:
-  contents: read # to fetch code (actions/checkout)
+    tags:
+      - v*
 
 jobs:
   build:
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     strategy:
       fail-fast: false
       matrix:
-        php:
-          - '8.1'
-          - '8.2'
-          - '8.3'
-          - '8.4'
+        php: [ '8.1', '8.2', '8.3', '8.4' ]
 
     name: Build Dockerfile PHP ${{ matrix.php }}
     steps:
       - uses: actions/checkout@v4
 
-      - name: Build Dockerfile
-        run: docker build docker/${{ matrix.php }}
+      - name: Login to Github Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_LOGIN }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          file: docker/Dockerfile
+          tags: |
+            phalcon/cphalcon:${{ github.ref_name }}-php${{ matrix.php }}
+            ghcr.io/phalcon/cphalcon:${{ github.ref_name }}-php${{ matrix.php }}
+          build-args: |
+            PHP_VERSION=${{ matrix.php }}
+            PHALCON_VERSION=${{ github.ref_name }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/CHANGELOG-5.0.md b/CHANGELOG-5.0.md
@@ -3,6 +3,7 @@
 ## [5.9.3](https://github.com/phalcon/cphalcon/releases/tag/v5.9.3) (2025-xx-xx)
 
 ### Changed
+- Added Multi-Stage Dockerfile and Github action for release Docker images to ghcr.io and Docker Hub. [#16752](https://github.com/phalcon/cphalcon/issues/16752)
 
 ### Added
  
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,10 +1,26 @@
 # For local development only.
 
 services:
+  cphalcon-8.0:
+    container_name: cphalcon-8.0
+    hostname: cphalcon-80
+    build:
+      dockerfile: docker/Dockerfile
+      target: dev
+      args:
+        PHP_VERSION: 8.0
+    working_dir: /srv
+    volumes:
+      - .:/srv
+
   cphalcon-8.1:
     container_name: cphalcon-8.1
     hostname: cphalcon-81
-    build: docker/8.1
+    build:
+      dockerfile: docker/Dockerfile
+      target: dev
+      args:
+        PHP_VERSION: 8.1
     working_dir: /srv
     ports:
       - "9501:9501"
@@ -14,23 +30,35 @@ services:
   cphalcon-8.2:
     container_name: cphalcon-8.2
     hostname: cphalcon-82
-    build: docker/8.2
+    build:
+      dockerfile: docker/Dockerfile
+      target: dev
+      args:
+        PHP_VERSION: 8.2
     working_dir: /srv
     volumes:
       - .:/srv
 
   cphalcon-8.3:
     container_name: cphalcon-8.3
     hostname: cphalcon-83
-    build: docker/8.3
+    build:
+      dockerfile: docker/Dockerfile
+      target: dev
+      args:
+        PHP_VERSION: 8.3
     working_dir: /srv
     volumes:
       - .:/srv
 
   cphalcon-8.4:
     container_name: cphalcon-8.4
     hostname: cphalcon-84
-    build: docker/8.4
+    build:
+      dockerfile: docker/Dockerfile
+      target: dev
+      args:
+        PHP_VERSION: 8.4
     working_dir: /srv
     volumes:
       - .:/srv
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,151 @@
+ARG PHP_VERSION=8.4
+
+FROM php:${PHP_VERSION}-fpm AS base
+
+# This part installs the required php extensions to compile phalcon.
+# Additional extensions that are mostly used are installed here too.
+
+ARG PHP_VERSION=8.4
+ARG UID=1000
+ARG GID=1000
+ARG USER=phalcon
+ARG GROUP=phalcon
+
+# hadolint ignore=DL3022
+COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
+
+SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
+
+RUN set -eux \
+# Add user and group
+    && groupadd -g "${GID}" "${GROUP}" \
+    && useradd -l -u "${UID}" -g "${GID}" -d /app "${USER}" \
+    && usermod -s /bin/bash "${USER}" \
+    && mkdir /app \
+    && chown "${USER}":"${GROUP}" /app \
+    && chmod 0770 /app \
+# Install base extensions
+    && install-php-extensions \
+      apcu \
+      gettext \
+      gd \
+      igbinary \
+      imagick \
+      intl \
+      mysqli \
+      opcache \
+      pdo_mysql \
+      pdo_pgsql \
+      pgsql \
+      redis \
+      xsl \
+      yaml \
+      zip \
+# Copy ini file \
+    && mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \
+# Write ini files
+    && sed -i -e "s/;error_log = syslog/error_log = \/proc\/self\/fd\/2/" /usr/local/etc/php/php.ini \
+# Write fpm file
+    && sed -i -e "/error_log = .*/c\error_log = \/proc\/self\/fd\/2" /usr/local/etc/php-fpm.conf \
+    && sed -i -e "/;pid = .*/c\pid = /run/php/php-fpm.pid" /usr/local/etc/php-fpm.conf \
+# Write fpm pool
+    && sed -i -e "s/^;clear_env = no$/clear_env = no/" /usr/local/etc/php-fpm.d/www.conf \
+    && sed -i -e "s/;owner = www-data/owner = ${USER}/g" /usr/local/etc/php-fpm.d/www.conf \
+    && sed -i -e "s/;user = www-data/user = ${USER}/g" /usr/local/etc/php-fpm.d/www.conf \
+    && sed -i -e "s/;group = www-data/group = ${GROUP}/g" /usr/local/etc/php-fpm.d/www.conf \
+# Load healthcheck script \
+    && curl -o /usr/local/bin/php-fpm-healthcheck \
+      https://raw.githubusercontent.com/renatomefi/php-fpm-healthcheck/master/php-fpm-healthcheck \
+    && chown "${USER}":"${GROUP}" /usr/local/bin/php-fpm-healthcheck \
+    && chmod 0770 /usr/local/bin/php-fpm-healthcheck \
+# Set correct pid file location and permissions \
+    && mkdir -p /run/php \
+    && chown "${USER}":"${GROUP}" /run/php \
+    && chmod 0770 /run/php \
+# Cleanup
+   && apt-get autoremove --purge -y \
+   && apt-get autoclean -y \
+   && apt-get clean -y \
+   && rm -rf /tmp/* /var/tmp/* \
+   && find /var/cache/apt/archives /var/lib/apt/lists -not -name lock -type f -delete \
+   && find /var/cache -type f -delete \
+   && find /var/log -type f -delete
+
+HEALTHCHECK --interval=5s --timeout=1s \
+    CMD php-fpm-healthcheck || exit 1
+
+FROM base AS dev
+
+# This part prepares a dev environment to compile phalcon from zephir
+
+# hadolint ignore=DL3022
+COPY --from=composer/composer:2 --chown=${USER}:${GROUP} --chmod=0770 /usr/bin/composer /usr/bin/composer
+
+WORKDIR /srv
+
+SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
+
+RUN set -eux \
+    && apt-get update \
+    && apt-get install -yq --no-install-recommends zip=3.* unzip=6.* \
+    && echo 'memory_limit = -1' > "$(php-config --ini-dir)/90-memory.ini" \
+    && install-php-extensions zephir_parser \
+# Cleanup
+   && apt-get autoclean -y \
+   && apt-get clean -y \
+   && rm -rf /tmp/* /var/tmp/*
+
+FROM dev AS phalcon
+
+# This part compiles phalcon from zephir code. It should not be used for anything else.
+# It should also not be used as base for anything else.
+
+COPY ./ /srv
+
+RUN set -eux \
+    && rm -rf /srv/vendor \
+    && composer global require phalcon/zephir:dev-development \
+    && /root/.composer/vendor/bin/zephir fullclean \
+    && /root/.composer/vendor/bin/zephir build \
+    && cat compile-errors.log
+
+FROM base AS prod
+
+# This part builds the last step required for production image.
+
+ARG PHALCON_VERSION=5.9.2
+
+ENV PATH=/app/bin:/app:${PATH} \
+    PHP_VERSION=${PHP_VERSION} \
+    PHALCON_VERSION=${PHALCON_VERSION}
+
+LABEL org.opencontainer.image.title="Phalcon ${PHALCON_VERSION} with php ${PHP_VERSION}" \
+    org.opencontainer.image.description="Docker image including Phalcon and PHP on Debian Bookworm" \
+    org.opencontainer.image.authors="Phalcon Team <team@phalconphp.com>" \
+    org.opencontainer.image.vendor="Phalcon PHP Framework" \
+    org.opencontainer.image.licenses="BSD-3-Clause" \
+    org.opencontainer.image.version="${PHALCON_VERSION}-php${PHP_VERSION}" \
+    org.opencontainer.image.url="https://github.com/phalcon/cphalcon/" \
+    org.opencontainer.image.source="https://github.com/phalcon/cphalcon/tree/${PHALCON_VERSION}/docker/Dockerfile"
+
+COPY --from=phalcon /srv/ext/modules/phalcon.so /tmp/phalcon.so
+
+SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
+
+RUN set -eux \
+# Install phalcon \
+    && mv /tmp/phalcon.so "$(php-config --extension-dir)/phalcon.so" \
+    && echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/70-phalcon.ini \
+# Cleanup
+   && rm -rf /tmp/* /var/tmp/* /srv /root/.composer /usr/bin/composer \
+   && apt-get autoremove --purge -y curl \
+   && apt-get autoclean -y \
+   && apt-get clean -y \
+   && rm -rf /tmp/* /var/tmp/* \
+   && find /var/cache/apt/archives /var/lib/apt/lists -not -name lock -type f -delete \
+   && find /var/cache -type f -delete \
+   && find /var/log -type f -delete
+
+WORKDIR /app
+
+USER ${USER}
