* merge the value of dockerfile_inline of service php-fpm with `p…

…hp-fpm-base` and passing args to prevent double escaping dockerfile variables in compose: docker/docs#18566 (comment) * move the value of env `PHP_INI_OPEN_BASEDIR` from `common.compose.yaml` to `php-fpm/compose.yaml` as `build.args` - remove all service-level key `depends_on: [php-fpm]` as it won't specify building order: docker/compose#8538 (comment) docker/compose#5228 (comment)
n0099 · Dec 22, 2024 · 1aaa989 · 1aaa989
1 parent 0b331b7
commit 1aaa989
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 31 deletions.
diff --git a/common.compose.yaml b/common.compose.yaml
@@ -2,11 +2,8 @@ services:
   common:
     extra_hosts:
       - docker-host.n0099.net:host-gateway
-    environment:
-      PHP_INI_OPEN_BASEDIR: /tmp:$WEB_ROOT
     volumes:
       - type: bind
         source: $WEB_ROOT
         target: $WEB_ROOT
-    pull_policy: build
     restart: on-failure
diff --git a/flarum/compose.yaml b/flarum/compose.yaml
@@ -3,8 +3,6 @@ services:
     extends:
       file: ../common.compose.yaml
       service: common
-    depends_on:
-      - php-fpm
     build:
       dockerfile_inline: |
         # syntax=docker/dockerfile:1

diff --git a/flarum/redis.compose.yaml b/flarum/redis.compose.yaml
@@ -5,7 +5,5 @@ services:
     extends:
       file: ../common.compose.yaml
       service: common
-    depends_on:
-      - php-fpm
     image: php-fpm
     command: php -d disable_functions $WEB_ROOT/flarum queue:work
diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile
@@ -1,9 +1,12 @@
 # syntax=docker/dockerfile:1
-FROM php:8.3-fpm
+FROM php:8.3-fpm AS php-fpm
 
-ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
-RUN install-php-extensions opcache && \
-    cp "$PHP_INI_DIR"/php.ini-production "$PHP_INI_DIR"/php.ini
+ADD --chmod=0755 \
+    https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions \
+    /usr/local/bin
+# https://github.com/docker/docs/issues/18566#issuecomment-1796418110
+RUN install-php-extensions opcache \
+ && cp "$PHP_INI_DIR"/php.ini-production "$PHP_INI_DIR"/php.ini
 COPY <<INI "$PHP_INI_DIR"/conf.d/Dockerfile.ini
 [PHP]
 ; https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass#filesystem-functions
@@ -20,6 +23,13 @@ opcache.max_accelerated_files = 65536
 opcache.file_cache = /tmp/opcache
 INI
 
+ARG PHP_INI_OPEN_BASEDIR
+# https://docs.docker.com/reference/dockerfile/#using-arg-variables
+# https://docs.docker.com/reference/compose-file/build/#args
+ENV PHP_INI_OPEN_BASEDIR=$PHP_INI_OPEN_BASEDIR
+# https://stackoverflow.com/questions/38438933/how-to-make-a-build-arg-mandatory-during-docker-build
+RUN test -n "$PHP_INI_OPEN_BASEDIR"
+
 COPY <<BASH /etc/rc.local
 # https://unix.stackexchange.com/questions/296705/using-sed-with-ampersand
 # https://unix.stackexchange.com/questions/32907/what-characters-do-i-need-to-escape-when-using-sed-in-a-sh-script
@@ -30,3 +40,10 @@ RUN chmod +x /etc/rc.local
 # https://stackoverflow.com/questions/47615751/docker-compose-run-a-script-after-container-has-started/47629959#47629959
 # https://unix.stackexchange.com/questions/144514/add-arguments-to-bash-c/144519#144519
 ENTRYPOINT ["sh", "-xc", "/etc/rc.local && exec \"$@\"", " "]
+
+ARG WEB_ROOT
+RUN test -n "$WEB_ROOT"
+WORKDIR $WEB_ROOT
+
+ARG PHP_EXTENSIONS
+RUN install-php-extensions $PHP_EXTENSIONS
diff --git a/php-fpm/compose.yaml b/php-fpm/compose.yaml
@@ -1,28 +1,14 @@
 services:
-  php-fpm-base:
-    image: php-fpm-base
-    build: # https://stackoverflow.com/questions/48874739/build-docker-image-that-depends-on-a-local-dockerfile/79166897#79166897
-      dockerfile: Dockerfile
-    entrypoint: sh -c exit
-    pull_policy: build
   php-fpm:
     extends:
       file: ../common.compose.yaml
       service: common
-    depends_on:
-      - php-fpm-base
-    image: php-fpm
-    # https://github.com/docker-library/php/blob/6b636b96c06be449514a5033037bf653d8a86967/8.3/bullseye/fpm/Dockerfile#L275
-    command: php-fpm
     ports:
       - $PHP_FPM_PORT:9000
     build:
-      dockerfile_inline: |
-        # syntax=docker/dockerfile:1
-        FROM php-fpm-base
-
-        ADD --chmod=0755 \
-          https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions \
-          /usr/local/bin
-        RUN install-php-extensions $PHP_EXTENSIONS
-        WORKDIR $WEB_ROOT
+      args:
+        PHP_INI_OPEN_BASEDIR: /tmp:$WEB_ROOT
+        PHP_EXTENSIONS: $PHP_EXTENSIONS
+        WEB_ROOT: $WEB_ROOT
+    # https://github.com/docker-library/php/blob/6b636b96c06be449514a5033037bf653d8a86967/8.3/bullseye/fpm/Dockerfile#L275
+    command: php-fpm