Update Dockerfile

Merge pull request #211 from PrivateBin/php84
upgrade to PHP 8.4 packages
2025-03-03 01:54:04 +00:00 · 2025-02-01 14:17:30 +01:00 · 2025-02-01 12:02:25 +01:00 · 2025-02-01 11:25:56 +01:00 · 2024-12-06 05:49:23 +01:00 · 2024-11-22 06:56:46 +01:00
6 changed files with 24 additions and 20 deletions
--- a/.github/workflows/owasp.yml
+++ b/.github/workflows/owasp.yml
@ -35,7 +35,7 @@ jobs:

      # Run OWASP scan
      - name: OWASP ZAP Full Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
        with:
          # GitHub Token to create issues in the repository
          #token: # optional, default is ${{ github.token }}
--- a/26
+++ b/26
@ -1,9 +1,9 @@
-FROM alpine:3.20.1
+FROM alpine:3.21

-ARG ALPINE_PACKAGES="php83-iconv php83-pdo_mysql php83-pdo_pgsql php83-openssl php83-simplexml"
+ARG ALPINE_PACKAGES="php84-iconv php84-pdo_mysql php84-pdo_pgsql php84-openssl php84-simplexml"
 ARG COMPOSER_PACKAGES="aws/aws-sdk-php google/cloud-storage"
 ARG PBURL=https://github.com/PrivateBin/PrivateBin/
-ARG RELEASE=1.7.4
+ARG RELEASE=1.7.6
 ARG UID=65534
 ARG GID=82

@ -24,6 +24,7 @@ RUN \
    ALPINE_PACKAGES="$(echo ${ALPINE_PACKAGES} | sed 's/,/ /g')" ;\
    ALPINE_COMPOSER_PACKAGES="" ;\
    if [ -n "${COMPOSER_PACKAGES}" ] ; then \
+        # we need these PHP 8.3 packages until composer gets updated to depend on PHP 8.4
        ALPINE_COMPOSER_PACKAGES="composer" ;\
        if [ -n "${ALPINE_PACKAGES##*php83-curl*}" ] ; then \
            ALPINE_COMPOSER_PACKAGES="php83-curl ${ALPINE_COMPOSER_PACKAGES}" ;\
@ -31,15 +32,18 @@ RUN \
        if [ -n "${ALPINE_PACKAGES##*php83-mbstring*}" ] ; then \
            ALPINE_COMPOSER_PACKAGES="php83-mbstring ${ALPINE_COMPOSER_PACKAGES}" ;\
        fi ;\
+        if [ -z "${ALPINE_PACKAGES##*php84-simplexml*}" ] ; then \
+            ALPINE_COMPOSER_PACKAGES="php83-simplexml ${ALPINE_COMPOSER_PACKAGES}" ;\
+        fi ;\
    fi \
 # Install dependencies
    && apk upgrade --no-cache \
-    && apk add --no-cache gnupg git nginx php83 php83-ctype php83-fpm php83-gd \
-        php83-opcache s6 tzdata ${ALPINE_PACKAGES} ${ALPINE_COMPOSER_PACKAGES} \
+    && apk add --no-cache gnupg git nginx php84 php84-ctype php84-fpm php84-gd \
+        php84-opcache s6 tzdata ${ALPINE_PACKAGES} ${ALPINE_COMPOSER_PACKAGES} \
 # Stabilize php config location
-    && mv /etc/php83 /etc/php \
-    && ln -s /etc/php /etc/php83 \
-    && ln -s $(which php83) /usr/local/bin/php \
+    && mv /etc/php84 /etc/php \
+    && ln -s /etc/php /etc/php84 \
+    && ln -s $(which php84) /usr/local/bin/php \
 # Remove (some of the) default nginx & php config
    && rm -f /etc/nginx.conf /etc/nginx/http.d/default.conf /etc/php/php-fpm.d/www.conf \
    && rm -rf /etc/nginx/sites-* \
@ -75,10 +79,10 @@ RUN \
    && mkdir -p /srv/data \
    && sed -i "s#define('PATH', '');#define('PATH', '/srv/');#" index.php \
 # Support running s6 under a non-root user
-    && mkdir -p /etc/s6/services/nginx/supervise /etc/s6/services/php-fpm83/supervise \
+    && mkdir -p /etc/s6/services/nginx/supervise /etc/s6/services/php-fpm84/supervise \
    && mkfifo \
        /etc/s6/services/nginx/supervise/control \
-        /etc/s6/services/php-fpm83/supervise/control \
+        /etc/s6/services/php-fpm84/supervise/control \
    && chown -R ${UID}:${GID} /etc/s6 /run /srv/* /var/lib/nginx /var/www \
    && chmod o+rwx /run /var/lib/nginx /var/lib/nginx/tmp \
 # Clean up
@ -93,7 +97,7 @@ WORKDIR /var/www
 USER ${UID}:${GID}

 # mark dirs as volumes that need to be writable, allows running the container --read-only
-VOLUME /run /srv/data /tmp /var/lib/nginx/tmp
+VOLUME /run /srv/data /srv/img /tmp /var/lib/nginx/tmp

 EXPOSE 8080

--- a/README.md
+++ b/README.md
@ -203,7 +203,7 @@ Options:
  -p, --purge       purge all expired pastes
  -s, --statistics  reads all stored pastes and comments and reports statistics

-docker exec -t privatebin migrate --help
+$ docker exec -t privatebin migrate --help
 migrate - Copy data between PrivateBin backends

 Usage:
@ -221,9 +221,9 @@ Options:
  -h, --help       displays this help message
  -n               dry run, do not copy data
  -v               be verbose
-  <srcconfdir>     use storage backend configration from conf.php found in
+  <srcconfdir>     use storage backend configuration from conf.php found in
                   this directory as source
-  <dstconfdir>     optionally, use storage backend configration from conf.php
+  <dstconfdir>     optionally, use storage backend configuration from conf.php
                   found in this directory as destination; defaults to:
                   /srv/bin/../cfg/conf.php
 ```
--- a/buildx.sh
+++ b/buildx.sh
@ -52,13 +52,13 @@ main() {
            BUILD_ARGS="--build-arg ALPINE_PACKAGES= --build-arg COMPOSER_PACKAGES="
            ;;
        gcs)
-            BUILD_ARGS="--build-arg ALPINE_PACKAGES=php83-openssl --build-arg COMPOSER_PACKAGES=google/cloud-storage"
+            BUILD_ARGS="--build-arg ALPINE_PACKAGES=php84-openssl --build-arg COMPOSER_PACKAGES=google/cloud-storage"
            ;;
        pdo)
-            BUILD_ARGS="--build-arg ALPINE_PACKAGES=php83-pdo_mysql,php83-pdo_pgsql --build-arg COMPOSER_PACKAGES="
+            BUILD_ARGS="--build-arg ALPINE_PACKAGES=php84-pdo_mysql,php84-pdo_pgsql --build-arg COMPOSER_PACKAGES="
            ;;
        s3)
-            BUILD_ARGS="--build-arg ALPINE_PACKAGES=php83-curl,php83-mbstring,php83-openssl,php83-simplexml --build-arg COMPOSER_PACKAGES=aws/aws-sdk-php"
+            BUILD_ARGS="--build-arg ALPINE_PACKAGES=php84-curl,php84-mbstring,php84-openssl,php84-simplexml --build-arg COMPOSER_PACKAGES=aws/aws-sdk-php"
            ;;
        *)
            BUILD_ARGS=""
--- a/etc/init.d/rc.local
+++ b/etc/init.d/rc.local
@ -1,3 +1,3 @@
 #!/bin/execlineb -P
 foreground { cp -r /etc/s6/services /run }
-/bin/s6-svscan /run/services
+s6-svscan /run/services
--- a/etc/s6/services/php-fpm84/run
+++ b/etc/s6/services/php-fpm84/run
@ -1,2 +1,2 @@
 #!/bin/execlineb -P
-/usr/sbin/php-fpm83
+/usr/sbin/php-fpm84
Author	SHA1	Message	Date
nune	d104b4f3b1	Update Dockerfile Some checks failed Security-scan / build (push) Has been cancelled Details Shellcheck / Shellcheck (push) Has been cancelled Details Build & Deploy container image / fs image / edge release (push) Has been cancelled Details Build & Deploy container image / gcs image / edge release (push) Has been cancelled Details Build & Deploy container image / nginx-fpm-alpine image / edge release (push) Has been cancelled Details Build & Deploy container image / pdo image / edge release (push) Has been cancelled Details Build & Deploy container image / s3 image / edge release (push) Has been cancelled Details Build & Deploy container image / fs image / stable release (push) Has been cancelled Details Build & Deploy container image / gcs image / stable release (push) Has been cancelled Details Build & Deploy container image / nginx-fpm-alpine image / stable release (push) Has been cancelled Details Build & Deploy container image / pdo image / stable release (push) Has been cancelled Details Build & Deploy container image / s3 image / stable release (push) Has been cancelled Details Snyk Container / snyk (push) Has been cancelled Details trivy-analysis / Trivy analysis (push) Has been cancelled Details	2025-03-03 01:54:04 +00:00
El RIDO	606baa89c9	Merge pull request #211 from PrivateBin/php84 upgrade to PHP 8.4 packages	2025-02-01 14:17:30 +01:00
El RIDO	4cec4761ef	upgrade to PHP 8.4 packages composer related packages need to stay at PHP 8.3 until the composer package gets upgrade in Alpine - they get removed again at the end of the image build	2025-02-01 12:02:25 +01:00
El RIDO	53489980c1	new release 1.7.6	2025-02-01 11:25:56 +01:00
El RIDO	e296cba5d6	Bump alpine from 3.20.3 to 3.21	2024-12-06 05:49:23 +01:00
El RIDO	1cd8f44849	Merge pull request #207 from PrivateBin/dependabot/github_actions/zaproxy/action-full-scan-0.12.0 Bump zaproxy/action-full-scan from 0.11.0 to 0.12.0	2024-11-22 06:56:46 +01:00
dependabot[bot]	8d911cbd2a	Bump zaproxy/action-full-scan from 0.11.0 to 0.12.0 Bumps [zaproxy/action-full-scan](https://github.com/zaproxy/action-full-scan) from 0.11.0 to 0.12.0. - [Release notes](https://github.com/zaproxy/action-full-scan/releases) - [Changelog](https://github.com/zaproxy/action-full-scan/blob/master/CHANGELOG.md) - [Commits](https://github.com/zaproxy/action-full-scan/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: zaproxy/action-full-scan dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-11-22 05:52:09 +00:00
El RIDO	5cae408aee	new release 1.7.5	2024-11-16 08:40:03 +01:00
El RIDO	eaa8107aca	Merge pull request #205 from PrivateBin/s6-usr-bin with s6 2.13.1.0 binaries live in /usr/bin instead of /bin	2024-10-23 07:23:03 +02:00
El RIDO	c2f338790d	typo in usage	2024-10-19 10:56:16 +02:00
El RIDO	53c3e60b9b	with s6 2.13.1.0 binaries live in /usr/bin instead of /bin this change makes the entrypoint script PATH dependent, but agnostic to the real location of the s6-svcscan binary, so it work both for alpine 3.20 as well as edge / future stable alpine releases see `d348893ddf (bc2914fbfe731ad6ff1eb5c019c39433c87bcaf5_22_24)`	2024-10-19 10:11:19 +02:00
El RIDO	3ede9d518e	Merge pull request #202 from PrivateBin/dependabot/github_actions/zaproxy/action-full-scan-0.11.0 Bump zaproxy/action-full-scan from 0.10.0 to 0.11.0	2024-09-26 08:34:50 +02:00
dependabot[bot]	e7959a773f	Bump zaproxy/action-full-scan from 0.10.0 to 0.11.0 Bumps [zaproxy/action-full-scan](https://github.com/zaproxy/action-full-scan) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/zaproxy/action-full-scan/releases) - [Changelog](https://github.com/zaproxy/action-full-scan/blob/master/CHANGELOG.md) - [Commits](https://github.com/zaproxy/action-full-scan/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: zaproxy/action-full-scan dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-26 05:13:24 +00:00
El RIDO	960be2c980	Merge pull request #201 from PrivateBin/dependabot/docker/alpine-3.20.3 Bump alpine from 3.20.2 to 3.20.3	2024-09-09 12:56:44 +02:00
dependabot[bot]	6a5de49db3	Bump alpine from 3.20.2 to 3.20.3 Bumps alpine from 3.20.2 to 3.20.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-09 05:44:22 +00:00
El RIDO	f8e50740ee	Bump alpine from 3.20.1 to 3.20.2	2024-07-23 06:59:24 +02:00