From 9757ff9e13acd32007f0fb2f4449ce3a48958d23 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sat, 17 Oct 2020 13:33:57 +0100 Subject: [PATCH 1/6] Reduce the size of the Nginx image --- Dockerfile | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9778c7d..084aec5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,26 @@ # syntax = docker/dockerfile:1.0-experimental +## Stage Nginx ARG nginx_version=latest -FROM nginx:${nginx_version} as nginx -LABEL uk.org.kodo.maintainer = "Dom Sekotill " +FROM nginx:${nginx_version} as nginx-stage +ENV STAGE=/stage +COPY --from=docker.kodo.org.uk/kodo.org.uk/docker/docker-build-helpers:latest \ + /scripts /bin +RUN config-nsswitch nginx +RUN collect-binaries /usr/sbin/nginx +# Don't need nginx modules currently +# RUN collect-binaries /etc/nginx/modules/* +RUN mkdir -p $STAGE/var/log/nginx $STAGE/var/cache/nginx +RUN ln -s /dev/stderr $STAGE/var/log/nginx/error.log + +## Nginx image +FROM scratch as nginx +COPY --from=nginx-stage /stage / COPY data/nginx /etc/nginx +LABEL uk.org.kodo.maintainer "Dom Sekotill " +STOPSIGNAL SIGTERM +EXPOSE 80 +CMD ["/usr/sbin/nginx", "-g", "daemon off;"] ARG php_version= -- GitLab From 7801bc49fbdd4ac362685a0bd43730a922a7f0f7 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sun, 18 Oct 2020 22:54:08 +0100 Subject: [PATCH 2/6] Rename script mount points to avoid a name conflict --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 084aec5..87b23c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,10 +25,10 @@ CMD ["/usr/sbin/nginx", "-g", "daemon off;"] ARG php_version= FROM php:${php_version:+$php_version-}fpm-alpine as deps -RUN --mount=type=bind,source=scripts/install-deps.sh,target=/stage /stage +RUN --mount=type=bind,source=scripts/install-deps.sh,target=/step /step FROM deps as compile -RUN --mount=type=bind,source=scripts/compile.sh,target=/stage /stage +RUN --mount=type=bind,source=scripts/compile.sh,target=/step /step FROM deps as fastcgi @@ -42,8 +42,8 @@ COPY --from=compile /usr/local/etc/php /usr/local/etc/php COPY --from=compile /usr/local/lib/php /usr/local/lib/php COPY scripts/wp.sh /usr/local/bin/wp COPY data/composer.json /app/composer.json -RUN --mount=type=bind,source=scripts/install-wp.sh,target=/stage \ - /stage ${wp_version} +RUN --mount=type=bind,source=scripts/install-wp.sh,target=/step \ + /step ${wp_version} COPY plugins/* wp-content/mu-plugins/ COPY data/fpm.conf /usr/local/etc/php-fpm.d/image.conf -- GitLab From aade1156ef8581ac9e7300d9c07e87f4b671dde5 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Sun, 18 Oct 2020 23:31:37 +0100 Subject: [PATCH 3/6] Reduce the size of the php/Wordpress image --- Dockerfile | 56 ++++++++++++++++++++++++++-------------- scripts/compile.sh | 16 ------------ scripts/install-deps.sh | 15 ++++++----- scripts/install-wp.sh | 16 +++++++----- scripts/prepare-stage.sh | 39 ++++++++++++++++++++++++++++ scripts/wp.sh | 2 +- 6 files changed, 95 insertions(+), 49 deletions(-) create mode 100755 scripts/prepare-stage.sh diff --git a/Dockerfile b/Dockerfile index 87b23c0..8708b34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,36 +23,52 @@ EXPOSE 80 CMD ["/usr/sbin/nginx", "-g", "daemon off;"] +## Stage PHP ARG php_version= -FROM php:${php_version:+$php_version-}fpm-alpine as deps +FROM php:${php_version:+$php_version-}fpm-alpine as php-stage +ENV STAGE=/stage/php RUN --mount=type=bind,source=scripts/install-deps.sh,target=/step /step - -FROM deps as compile RUN --mount=type=bind,source=scripts/compile.sh,target=/step /step +COPY --from=docker.kodo.org.uk/kodo.org.uk/docker/docker-build-helpers:1.0 \ + /scripts /bin +RUN --mount=type=bind,source=scripts/prepare-stage.sh,target=/step /step -FROM deps as fastcgi - -LABEL uk.org.kodo.maintainer "Dom Sekotill " +## Stage Wordpress +FROM php-stage as wordpress-stage ARG wp_version=latest -WORKDIR /app -ENV WORDPRESS_ROOT=/app - -COPY --from=compile /usr/local/etc/php /usr/local/etc/php -COPY --from=compile /usr/local/lib/php /usr/local/lib/php -COPY scripts/wp.sh /usr/local/bin/wp -COPY data/composer.json /app/composer.json +WORKDIR /stage/wordpress/app +ENV STAGE=/stage/wordpress WORDPRESS_ROOT=/stage/wordpress/app +COPY scripts/wp.sh /stage/wordpress/usr/bin/wp +COPY data/composer.json composer.json +COPY plugins wp-content/mu-plugins RUN --mount=type=bind,source=scripts/install-wp.sh,target=/step \ /step ${wp_version} -COPY plugins/* wp-content/mu-plugins/ -COPY data/fpm.conf /usr/local/etc/php-fpm.d/image.conf -COPY data/opcache.ini /usr/local/etc/php/conf.d/opcache-recommended.ini -COPY data/wp-config.php /usr/share/wordpress/wp-config.php -COPY scripts/entrypoint.sh /bin/entrypoint -# PAGER is used by the wp-cli tool, the default 'less' is not installed -ENV PAGER=more +## Stage configuration +FROM wordpress-stage as config-stage +WORKDIR /stage/config +ENV STAGE=/stage/config +COPY data/fpm.conf usr/local/etc/php-fpm.d/image.conf +COPY data/opcache.ini usr/local/etc/php/conf.d/opcache-recommended.ini +COPY data/wp-config.php usr/share/wordpress/wp-config.php +COPY scripts/entrypoint.sh bin/entrypoint + +## Final image composed of three layers: +## 1) PHP runtime and libs +## 2) Wordpress +## 3) Configuration +FROM scratch as fastcgi +LABEL uk.org.kodo.maintainer "Dom Sekotill " +COPY --from=php-stage /stage/php / +COPY --from=wordpress-stage /stage/wordpress / +COPY --from=config-stage /stage/config / +WORKDIR /app +ENV PREFIX=/usr +ENV WORDPRESS_ROOT=/app +ENV PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin +EXPOSE 9000 ENTRYPOINT ["/bin/entrypoint"] CMD ["php-fpm"] diff --git a/scripts/compile.sh b/scripts/compile.sh index bd52b78..2655dbe 100755 --- a/scripts/compile.sh +++ b/scripts/compile.sh @@ -1,18 +1,6 @@ #!/bin/bash set -eux -# Packaged build dependencies -BUILD_DEPS=( - autoconf - build-base - gmp-dev - imagemagick-dev - jpeg-dev - libpng-dev - libwebp-dev - libzip-dev -) - # Distributed extensions PHP_EXT=( bcmath @@ -30,10 +18,6 @@ php_version() { return 1 } -# Install packaged dependencies -apk update -apk add "${BUILD_DEPS[@]}" - # Build & install distributed extensions if php_version -gt 7.4; then GD_ARGS=( --with-jpeg=/usr --with-webp=/usr ) diff --git a/scripts/install-deps.sh b/scripts/install-deps.sh index e6b4d75..49cbec6 100755 --- a/scripts/install-deps.sh +++ b/scripts/install-deps.sh @@ -4,11 +4,14 @@ set -eux # Install packaged dependencies apk update apk add \ + autoconf \ bash \ - imagemagick-libs \ - libgmpxx \ - libjpeg \ - libpng \ - libwebp \ - libzip \ + build-base \ + gmp-dev \ + imagemagick-dev \ + jpeg-dev \ + less \ + libpng-dev \ + libwebp-dev \ + libzip-dev \ rsync \ diff --git a/scripts/install-wp.sh b/scripts/install-wp.sh index 55d1fb7..5707640 100755 --- a/scripts/install-wp.sh +++ b/scripts/install-wp.sh @@ -5,14 +5,18 @@ COMPOSER_INSTALLER_URL=https://getcomposer.org/installer WP_CLI_URL=https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar WP_PASSWORD_HASH=https://raw.githubusercontent.com/Ayesh/WordPress-Password-Hash/1.5.1 -# Install Composer +# Prepare stage +export PREFIX=$STAGE/usr/ +export PATH+=:$PREFIX/bin +mkdir -p $PREFIX/bin $PREFIX/lib + +# Install Composer directly to STAGE curl -sSL ${COMPOSER_INSTALLER_URL} | - php -- --install-dir=/usr/local/lib --filename=composer.phar -ln -s ../lib/composer.phar /usr/local/bin/composer + php -- --install-dir=$PREFIX/lib --filename=composer.phar +ln -s ../lib/composer.phar $PREFIX/bin/composer -# Install WP-CLI -curl -sSL ${WP_CLI_URL} \ - >/usr/local/lib/wp-cli.phar +# Install WP-CLI directly to STAGE +curl -sSL ${WP_CLI_URL} >$PREFIX/lib/wp-cli.phar # Install Wordpress core wp core download --skip-content --locale=en_GB --version=$1 diff --git a/scripts/prepare-stage.sh b/scripts/prepare-stage.sh new file mode 100755 index 0000000..a946426 --- /dev/null +++ b/scripts/prepare-stage.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -eux + +UTILS=( + cat + date + less + rsync + sort + xargs +) + +UTILS+=( + ls + du +) + +BASH_BINS=( + /bin/bash + /usr/lib/bash/head + /usr/lib/bash/sleep + /usr/lib/bash/unlink +) + +bootstrap-stage +stage-useradd www-data + +{ + # Shell & cmdline utils + which "${UTILS[@]}" + printf "%s\n" "${BASH_BINS[@]}" + + # PHP + echo /usr/local/bin/php + echo /usr/local/sbin/php-fpm + find /usr/local/lib/php /usr/local/etc/php -type f +} | collect-binaries + +ln -s bash $STAGE/bin/sh diff --git a/scripts/wp.sh b/scripts/wp.sh index 1e70eab..d221305 100755 --- a/scripts/wp.sh +++ b/scripts/wp.sh @@ -3,4 +3,4 @@ # installing it as root is idiocy. WP needs to be installed owned by a user # seperate from the server's user. 'root' is available for such, besides which # root in a container is not really root. -exec php -d memory_limit=512M /usr/local/lib/wp-cli.phar --allow-root "$@" +exec php -d memory_limit=512M $PREFIX/lib/wp-cli.phar --allow-root "$@" -- GitLab From dc7a246b6335c36ac8b6fe03a3a3d4ad605fe806 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Mon, 19 Oct 2020 13:49:29 +0100 Subject: [PATCH 4/6] Add build cache support to CI builds --- .gitlab-ci.d/funcs.sh | 30 ++++++++++++++++++++++++++++++ .gitlab-ci.yml | 5 ++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 .gitlab-ci.d/funcs.sh diff --git a/.gitlab-ci.d/funcs.sh b/.gitlab-ci.d/funcs.sh new file mode 100644 index 0000000..0826908 --- /dev/null +++ b/.gitlab-ci.d/funcs.sh @@ -0,0 +1,30 @@ +# Copyright (c) 2020 Dominik Sekotill +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +values() { + CACHE_IMG=${CI_REGISTRY_IMAGE}/${TARGET}/cache + RW_CACHE1=${CACHE_IMG}:latest + RW_CACHE2=${CACHE_IMG}:${CI_COMMIT_REF_NAME} + RW_CACHE3=${CACHE_IMG}:${CI_COMMIT_SHA} + RO_CACHE1=${CACHE_IMG}:${CI_COMMIT_BEFORE_SHA} +} + +cache_arg() { + values + arg="--cache-from=${RW_CACHE1},${RW_CACHE2},${RW_CACHE3},${RO_CACHE1}" + sed -n 's/FROM \([^ ]*:[^ ]*\).*/\1/p' Dockerfile | + while read image; do arg+=",$image"; done + echo "$arg" +} + +push_cache() ( + values + for tag in ${RW_CACHE1} ${RW_CACHE2} ${RW_CACHE3}; do + docker tag $1 ${tag} + docker push ${tag} + done +) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a30af80..6f8f01b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,7 +12,7 @@ services: before_script: - docker info - docker login -u gitlab-ci-token -p "$CI_JOB_TOKEN" "$CI_REGISTRY" - +- . .gitlab-ci.d/funcs.sh .build: &build stage: build @@ -23,10 +23,13 @@ before_script: --pull=true --tag=${BUILD_TAG} --target=${TARGET} + --build-arg BUILDKIT_INLINE_CACHE=1 + $(cache_arg) ${NGINX_VERSION:+--build-arg=nginx_version=$NGINX_VERSION} ${PHP_VERSION:+--build-arg=php_version=$PHP_VERSION} ${WORDPRESS_VERSION:+--build-arg=wp_version=$WORDPRESS_VERSION} - docker push ${BUILD_TAG} + - push_cache ${BUILD_TAG} .changes: &only-changes only: &change-files -- GitLab From cb09e7c738769dc4988d5f3ce1dfc1198a7f58ee Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Mon, 19 Oct 2020 20:35:03 +0100 Subject: [PATCH 5/6] Make build-arg names match GitLab-CI variable names This will allow interpretation of build-args in helper scripts. --- .gitlab-ci.yml | 6 +++--- Dockerfile | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6f8f01b..52044dd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -25,9 +25,9 @@ before_script: --target=${TARGET} --build-arg BUILDKIT_INLINE_CACHE=1 $(cache_arg) - ${NGINX_VERSION:+--build-arg=nginx_version=$NGINX_VERSION} - ${PHP_VERSION:+--build-arg=php_version=$PHP_VERSION} - ${WORDPRESS_VERSION:+--build-arg=wp_version=$WORDPRESS_VERSION} + ${NGINX_VERSION:+--build-arg=NGINX_VERSION=$NGINX_VERSION} + ${PHP_VERSION:+--build-arg=PHP_VERSION=$PHP_VERSION} + ${WORDPRESS_VERSION:+--build-arg=WORDPRESS_VERSION=$WORDPRESS_VERSION} - docker push ${BUILD_TAG} - push_cache ${BUILD_TAG} diff --git a/Dockerfile b/Dockerfile index 8708b34..27e025a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ # syntax = docker/dockerfile:1.0-experimental ## Stage Nginx -ARG nginx_version=latest -FROM nginx:${nginx_version} as nginx-stage +ARG NGINX_VERSION=latest +FROM nginx:${NGINX_VERSION} as nginx-stage ENV STAGE=/stage COPY --from=docker.kodo.org.uk/kodo.org.uk/docker/docker-build-helpers:latest \ /scripts /bin @@ -24,8 +24,8 @@ CMD ["/usr/sbin/nginx", "-g", "daemon off;"] ## Stage PHP -ARG php_version= -FROM php:${php_version:+$php_version-}fpm-alpine as php-stage +ARG PHP_VERSION= +FROM php:${PHP_VERSION:+$PHP_VERSION-}fpm-alpine as php-stage ENV STAGE=/stage/php RUN --mount=type=bind,source=scripts/install-deps.sh,target=/step /step RUN --mount=type=bind,source=scripts/compile.sh,target=/step /step @@ -36,14 +36,14 @@ RUN --mount=type=bind,source=scripts/prepare-stage.sh,target=/step /step ## Stage Wordpress FROM php-stage as wordpress-stage -ARG wp_version=latest +ARG WORDPRESS_VERSION=latest WORKDIR /stage/wordpress/app ENV STAGE=/stage/wordpress WORDPRESS_ROOT=/stage/wordpress/app COPY scripts/wp.sh /stage/wordpress/usr/bin/wp COPY data/composer.json composer.json COPY plugins wp-content/mu-plugins RUN --mount=type=bind,source=scripts/install-wp.sh,target=/step \ - /step ${wp_version} + /step ${WORDPRESS_VERSION} ## Stage configuration -- GitLab From e0816bb837bb5350ca8e92af2baa583be307baca Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Mon, 19 Oct 2020 20:52:21 +0100 Subject: [PATCH 6/6] Handle build-args in image names for build cache --- .gitlab-ci.d/dockerfile-parse.sed | 4 ++++ .gitlab-ci.d/funcs.sh | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100755 .gitlab-ci.d/dockerfile-parse.sed diff --git a/.gitlab-ci.d/dockerfile-parse.sed b/.gitlab-ci.d/dockerfile-parse.sed new file mode 100755 index 0000000..09813a7 --- /dev/null +++ b/.gitlab-ci.d/dockerfile-parse.sed @@ -0,0 +1,4 @@ +#!/usr/bin/env sed -nlf + +s/FROM[ ]\{1,\}\([^ ]*:[^ ]*\).*/image \1/p +s/ARG[ ]\{1,\}\([^= ]*\)=\(.*\)/var ${\1:=\2}/p diff --git a/.gitlab-ci.d/funcs.sh b/.gitlab-ci.d/funcs.sh index 0826908..496676f 100644 --- a/.gitlab-ci.d/funcs.sh +++ b/.gitlab-ci.d/funcs.sh @@ -16,8 +16,13 @@ values() { cache_arg() { values arg="--cache-from=${RW_CACHE1},${RW_CACHE2},${RW_CACHE3},${RO_CACHE1}" - sed -n 's/FROM \([^ ]*:[^ ]*\).*/\1/p' Dockerfile | - while read image; do arg+=",$image"; done + .gitlab-ci.d/dockerfile-parse.sed Dockerfile | + while read op value; do + case $op in + image) eval "arg+=\",$value\"" ;; + var) eval ": $value" ;; + esac + done echo "$arg" } -- GitLab