Compare commits

...

39 commits

Author SHA1 Message Date
86b714f862
add version comparison to plugins workflow 2024-12-27 17:41:45 +01:00
Jean-Christian Paul Denis
c0461931ce
Create bump_sysInfo.yml 2024-12-26 21:16:30 +01:00
Jean-Christian Paul Denis
5add4ecc5c
Create bump_dcLog.yml 2024-12-26 21:15:48 +01:00
Jean-Christian Paul Denis
5c0ff42742
Create bump_DotclearWatch.yml 2024-12-26 21:15:12 +01:00
2d96ad6293
oops 2024-12-26 21:08:35 +01:00
6440803124
add simple docker exemple and add some platforms 2024-12-25 18:46:16 +01:00
5df62582be
bump sysInfo from 10.3 to 10.4 2024-12-25 10:25:05 +01:00
781dc698e7
add licenses details 2024-12-21 20:43:51 +01:00
d77f147ac0
oops 2024-12-21 17:09:07 +01:00
f2e64f7544
fix docker scout organization 2024-12-21 17:04:20 +01:00
68c4e77975
oops 2024-12-21 16:56:45 +01:00
fa9fe2c5c1
fix docker scout environment 2024-12-21 16:51:10 +01:00
5cf9dfe32e
integrate docker scout 2024-12-21 16:45:27 +01:00
ad576b17ec
try to integrate docker scout 2024-12-21 16:32:19 +01:00
94e26d8895
remove linux/riscv64 from builds 2024-12-21 16:05:50 +01:00
a38a026ee4
add builds platforms 2024-12-21 16:02:12 +01:00
25323bd198
cleanup main docker-compose exemple 2024-12-21 15:50:33 +01:00
2eaa4724ce
cosmetic 2024-12-21 15:40:15 +01:00
2a4a56ba92
Fix workflows scheduler 2024-12-21 15:39:58 +01:00
1bed4fc629
add DEV mode to non stable releases 2024-12-21 15:35:16 +01:00
79fab4526d
add link to dw blog 2024-12-14 23:16:14 +01:00
70c616fa8e
cleanup 2024-12-14 23:15:00 +01:00
21761aff3a
use libxml instead of xq 2024-12-14 19:01:16 +01:00
a49a1817b2
no more need xq package 2024-12-14 15:03:55 +01:00
50af2a9a85
oops 2024-12-14 12:14:54 +01:00
c32f858907
fix image labels 2024-12-14 12:13:04 +01:00
7af8fdf898
add security section to readme file 2024-12-14 11:56:31 +01:00
19f8849420
better this way 2024-12-14 11:54:09 +01:00
fea46b2af3
final stage as www 2024-12-14 11:22:50 +01:00
f353b75b94
Revert "try to run entrypoint as non root user"
This reverts commit 14e3db80b5.
2024-12-13 19:04:32 +01:00
673773b6bf
fix volume exemples 2024-12-13 18:06:09 +01:00
14e3db80b5
try to run entrypoint as non root user 2024-12-13 18:05:41 +01:00
da05bcf92b
Revert "test fix"
This reverts commit a83c41cb9e.
2024-12-13 01:25:33 +01:00
a83c41cb9e
test fix 2024-12-13 01:21:12 +01:00
2b6f474541
cleanup ownership 2024-12-13 00:44:41 +01:00
ee0d865d14
cosmetic 2024-12-12 22:42:07 +01:00
cd2ce8f408
fix rights 2024-12-12 22:41:31 +01:00
8bbd7bd885
fix Alpine version 2024-12-12 22:36:39 +01:00
ed3ae04b8b
bump php 8.4 2024-12-10 01:01:12 +01:00
15 changed files with 463 additions and 113 deletions

View file

@ -0,0 +1,82 @@
name: Check plugin DotclearWatch
on:
schedule:
- cron: '15 23 * * *'
workflow_dispatch:
env:
PLUGIN_NAME: DotclearWatch
PLUGIN_REPO: jcdenis/DotclearWatch
PLUGIN_ENV: DC_DOCKER_PLUGIN_DOTCLEARWATCH
jobs:
version:
name: Check versions
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
distant: ${{ steps.distant.outputs.version }}
local: ${{ steps.local.outputs.version }}
newer: ${{ steps.compare.outputs.newer }}
steps:
- name: Read distant version
id: repository
uses: oprypin/find-latest-tag@v1.1.2
with:
repository: ${{ env.PLUGIN_REPO }}
prefix: 'v'
- name: Parse distant version
id: distant
run: |
version=${{ steps.repository.outputs.tag }}
echo "version=${version:1}" >> $GITHUB_OUTPUT
- name: Check out local repository
uses: actions/checkout@v4
- name: Parse local version
id: local
run: |
version=$(sed -n "s/\s*${{ env.PLUGIN_ENV }}=\(.*\)\s\(.*\)/\1/p" ./Dockerfile)
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Compare version
id: compare
run: |
echo '* Distant: ${{ steps.distant.outputs.version }}' >> $GITHUB_STEP_SUMMARY
echo '* Local: ${{ steps.local.outputs.version }}' >> $GITHUB_STEP_SUMMARY
function version { echo "$@" | awk -F. '{ printf("%d%04d%03d\n", $1,$2,$3); }'; }
if [ $(version '${{ steps.distant.outputs.version }}') -gt $(version '${{ steps.local.outputs.version }}') ]; then
echo '* Plugin ${{ env.PLUGIN_NAME }} has newer version ${{ steps.message.outputs.message }}' >> $GITHUB_STEP_SUMMARY
echo "newer=true" >> $GITHUB_OUTPUT
else
echo '* Plugin ${{ env.PLUGIN_NAME }} is up to date' >> $GITHUB_STEP_SUMMARY
echo "newer=false" >> $GITHUB_OUTPUT
fi
update:
needs: version
name: Update dockerfile
if: (needs.version.outputs.newer == 'true')
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Set message
id: message
run: |
message=$'Bump ${{ env.PLUGIN_NAME }} from ${{ needs.version.outputs.local }} to ${{ needs.version.outputs.distant }}'
echo "message=${message}" >> $GITHUB_OUTPUT
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Edit file
run: |
sed -i "s/${{ env.PLUGIN_ENV }}=${{ needs.version.outputs.local }}/${{ env.PLUGIN_ENV }}=${{ needs.version.outputs.distant }}/g" ./Dockerfile
- name: Commit change
uses: EndBug/add-and-commit@v9.1.4
with:
default_author: github_actions
message: ${{ steps.message.outputs.message }}
- name: summary
run: echo '* ${{ steps.message.outputs.message }}' >> $GITHUB_STEP_SUMMARY

82
.github/workflows/bump_dcLog.yml vendored Normal file
View file

@ -0,0 +1,82 @@
name: Check plugin dcLog
on:
schedule:
- cron: '25 23 * * *'
workflow_dispatch:
env:
PLUGIN_NAME: dclog
PLUGIN_REPO: jcdenis/dcLog
PLUGIN_ENV: DC_DOCKER_PLUGIN_DCLOG
jobs:
version:
name: Check versions
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
distant: ${{ steps.distant.outputs.version }}
local: ${{ steps.local.outputs.version }}
newer: ${{ steps.compare.outputs.newer }}
steps:
- name: Read distant version
id: repository
uses: oprypin/find-latest-tag@v1.1.2
with:
repository: ${{ env.PLUGIN_REPO }}
prefix: 'v'
- name: Parse distant version
id: distant
run: |
version=${{ steps.repository.outputs.tag }}
echo "version=${version:1}" >> $GITHUB_OUTPUT
- name: Check out local repository
uses: actions/checkout@v4
- name: Parse local version
id: local
run: |
version=$(sed -n "s/\s*${{ env.PLUGIN_ENV }}=\(.*\)\s\(.*\)/\1/p" ./Dockerfile)
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Compare version
id: compare
run: |
echo '* Distant: ${{ steps.distant.outputs.version }}' >> $GITHUB_STEP_SUMMARY
echo '* Local: ${{ steps.local.outputs.version }}' >> $GITHUB_STEP_SUMMARY
function version { echo "$@" | awk -F. '{ printf("%d%04d%03d\n", $1,$2,$3); }'; }
if [ $(version '${{ steps.distant.outputs.version }}') -gt $(version '${{ steps.local.outputs.version }}') ]; then
echo '* Plugin ${{ env.PLUGIN_NAME }} has newer version ${{ steps.message.outputs.message }}' >> $GITHUB_STEP_SUMMARY
echo "newer=true" >> $GITHUB_OUTPUT
else
echo '* Plugin ${{ env.PLUGIN_NAME }} is up to date' >> $GITHUB_STEP_SUMMARY
echo "newer=false" >> $GITHUB_OUTPUT
fi
update:
needs: version
name: Update dockerfile
if: (needs.version.outputs.newer == 'true')
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Set message
id: message
run: |
message=$'Bump ${{ env.PLUGIN_NAME }} from ${{ needs.version.outputs.local }} to ${{ needs.version.outputs.distant }}'
echo "message=${message}" >> $GITHUB_OUTPUT
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Edit file
run: |
sed -i "s/${{ env.PLUGIN_ENV }}=${{ needs.version.outputs.local }}/${{ env.PLUGIN_ENV }}=${{ needs.version.outputs.distant }}/g" ./Dockerfile
- name: Commit change
uses: EndBug/add-and-commit@v9.1.4
with:
default_author: github_actions
message: ${{ steps.message.outputs.message }}
- name: summary
run: echo '* ${{ steps.message.outputs.message }}' >> $GITHUB_STEP_SUMMARY

81
.github/workflows/bump_sysInfo.yml vendored Normal file
View file

@ -0,0 +1,81 @@
name: Check plugin sysInfo
on:
schedule:
- cron: '35 23 * * *'
workflow_dispatch:
env:
PLUGIN_NAME: sysInfo
PLUGIN_REPO: franck-paul/sysInfo
PLUGIN_ENV: DC_DOCKER_PLUGIN_SYSINFO
jobs:
version:
name: Check versions
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
distant: ${{ steps.distant.outputs.version }}
local: ${{ steps.local.outputs.version }}
newer: ${{ steps.compare.outputs.newer }}
steps:
- name: Read distant version
id: repository
uses: oprypin/find-latest-tag@v1.1.2
with:
repository: ${{ env.PLUGIN_REPO }}
- name: Parse distant version
id: distant
run: |
version=${{ steps.repository.outputs.tag }}
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Check out local repository
uses: actions/checkout@v4
- name: Parse local version
id: local
run: |
version=$(sed -n "s/\s*${{ env.PLUGIN_ENV }}=\(.*\)\s\(.*\)/\1/p" ./Dockerfile)
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Compare version
id: compare
run: |
echo '* Distant: ${{ steps.distant.outputs.version }}' >> $GITHUB_STEP_SUMMARY
echo '* Local: ${{ steps.local.outputs.version }}' >> $GITHUB_STEP_SUMMARY
function version { echo "$@" | awk -F. '{ printf("%d%04d%03d\n", $1,$2,$3); }'; }
if [ $(version '${{ steps.distant.outputs.version }}') -gt $(version '${{ steps.local.outputs.version }}') ]; then
echo '* Plugin ${{ env.PLUGIN_NAME }} has newer version ${{ steps.message.outputs.message }}' >> $GITHUB_STEP_SUMMARY
echo "newer=true" >> $GITHUB_OUTPUT
else
echo '* Plugin ${{ env.PLUGIN_NAME }} is up to date' >> $GITHUB_STEP_SUMMARY
echo "newer=false" >> $GITHUB_OUTPUT
fi
update:
needs: version
name: Update dockerfile
if: (needs.version.outputs.newer == 'true')
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Set message
id: message
run: |
message=$'Bump ${{ env.PLUGIN_NAME }} from ${{ needs.version.outputs.local }} to ${{ needs.version.outputs.distant }}'
echo "message=${message}" >> $GITHUB_OUTPUT
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Edit file
run: |
sed -i "s/${{ env.PLUGIN_ENV }}=${{ needs.version.outputs.local }}/${{ env.PLUGIN_ENV }}=${{ needs.version.outputs.distant }}/g" ./Dockerfile
- name: Commit change
uses: EndBug/add-and-commit@v9.1.4
with:
default_author: github_actions
message: ${{ steps.message.outputs.message }}
- name: summary
run: echo '* ${{ steps.message.outputs.message }}' >> $GITHUB_STEP_SUMMARY

View file

@ -55,10 +55,21 @@ jobs:
${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ github.ref_name }} ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ github.ref_name }}
ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ github.ref_name }} ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ github.ref_name }}
build-args: CANAL=stable build-args: CANAL=stable
platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Docker Scout
id: docker-scout
uses: docker/scout-action@v1.16.1
with:
command: environment,quickview,cves,recommendations
image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ github.ref_name }}
environment: stable
organization: ${{ env.DOCKER_NAMESPACE }}
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Send Telegram Message Ok - name: Send Telegram Message Ok
uses: appleboy/telegram-action@master uses: appleboy/telegram-action@master
env: env:

View file

@ -59,6 +59,12 @@ jobs:
SUMMARY=$'Image ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ steps.dotclear.outputs.tag }} found.' SUMMARY=$'Image ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ steps.dotclear.outputs.tag }} found.'
echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
- name: rebuild
if: ((steps.registry.outputs.image_exists == 'true') && (github.event.inputs.force_rebuild == 'true'))
run: |
SUMMARY=$'Rebuilding image ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ steps.dotclear.outputs.tag }} is forced.'
echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
- name: Check repository branch - name: Check repository branch
id: branch id: branch
uses: GuillaumeFalourd/branch-exists@v1.1 uses: GuillaumeFalourd/branch-exists@v1.1
@ -140,10 +146,32 @@ jobs:
ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ needs.check_image.outputs.version }} ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ needs.check_image.outputs.version }}
ghcr.io/${{ env.GITHUB_REPOSITORY }}:latest ghcr.io/${{ env.GITHUB_REPOSITORY }}:latest
build-args: CANAL=${{ env.DOTCLEAR_CANAL }} build-args: CANAL=${{ env.DOTCLEAR_CANAL }}
platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Docker Scout stable
id: docker-scout
uses: docker/scout-action@v1.16.1
with:
command: environment,quickview,cves,recommendations
image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ needs.check_image.outputs.version }}
environment: stable
organization: ${{ env.DOCKER_NAMESPACE }}
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Scout latest
id: docker-scout2
uses: docker/scout-action@v1.16.1
with:
command: environment,quickview,cves,recommendations
image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:latest
environment: latest
organization: ${{ env.DOCKER_NAMESPACE }}
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Send Telegram Message Ok - name: Send Telegram Message Ok
uses: appleboy/telegram-action@master uses: appleboy/telegram-action@master
env: env:

View file

@ -2,7 +2,7 @@ name: Build and push testing image
on: on:
schedule: schedule:
- cron: '0 1 * * *' - cron: '15 4 * * *'
workflow_dispatch: workflow_dispatch:
env: env:
@ -88,10 +88,21 @@ jobs:
${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ env.DOTCLEAR_CANAL }} ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ env.DOTCLEAR_CANAL }}
ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ env.DOTCLEAR_CANAL }} ghcr.io/${{ env.GITHUB_REPOSITORY }}:${{ env.DOTCLEAR_CANAL }}
build-args: CANAL=${{ env.DOTCLEAR_CANAL }} build-args: CANAL=${{ env.DOTCLEAR_CANAL }}
platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Docker Scout
id: docker-scout
uses: docker/scout-action@v1.16.1
with:
command: environment,quickview,cves,recommendations
image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:${{ env.DOTCLEAR_CANAL }}
environment: testing
organization: ${{ env.DOCKER_NAMESPACE }}
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Send Telegram Message Ok - name: Send Telegram Message Ok
uses: appleboy/telegram-action@master uses: appleboy/telegram-action@master
env: env:

View file

@ -2,7 +2,7 @@ name: Build and push dev image
on: on:
schedule: schedule:
- cron: '0 1 * * *' - cron: '15 4 * * *'
workflow_dispatch: workflow_dispatch:
env: env:
@ -55,10 +55,21 @@ jobs:
${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:dev ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:dev
ghcr.io/${{ env.GITHUB_REPOSITORY }}:dev ghcr.io/${{ env.GITHUB_REPOSITORY }}:dev
build-args: CANAL=${{ env.DOTCLEAR_CANAL }} build-args: CANAL=${{ env.DOTCLEAR_CANAL }}
platforms: linux/386,linux/amd64,linux/arm64,linux/arm/V7 platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Docker Scout
id: docker-scout
uses: docker/scout-action@v1.16.1
with:
command: environment,quickview,cves,recommendations
image: ${{ env.DOCKER_NAMESPACE }}/${{ env.DOTCLEAR_IMAGE }}:dev
environment: unstable
organization: ${{ env.DOCKER_NAMESPACE }}
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Send Telegram Message Ok - name: Send Telegram Message Ok
uses: appleboy/telegram-action@master uses: appleboy/telegram-action@master
env: env:

View file

@ -5,39 +5,51 @@
# Alpine # Alpine
## ##
# Use latest Alpine docker release # Use fix Alpine docker release
FROM alpine:latest FROM alpine:3.21.0
# Select Dotclear release canal (stable | unstable)
ARG CANAL stable
# Set environment variables
ENV DC_DOCKER_CANAL=$CANAL \
DC_DOCKER_PHP=php84 \
DC_DOCKER_PLUGIN_DOTCLEARWATCH=0.9.3 \
DC_DOCKER_PLUGIN_DCLOG=1.7.3 \
DC_DOCKER_PLUGIN_SYSINFO=10.4 \
DC_RC_PATH=/var/www/dotclear/config.php \
DC_PLUGINS_ROOT=/var/www/dotclear/plugins \
DC_TPL_CACHE=/var/www/dotclear/cache \
DC_VAR=/var/www/dotclear/var
# Image label
LABEL "org.opencontainers.image.authors"="Jean-Christian Paul Denis" \
"org.opencontainers.image.source"="https://github.com/JcDenis/docker-dotclear" \
"org.opencontainers.image.description"="Dotclear docker image $DC_DOCKER_CANAL" \
"org.opencontainers.image.licenses"="AGPL-3.0"
# Set system timezone # Set system timezone
RUN echo "UTC" > /etc/timezone RUN echo "UTC" > /etc/timezone
# Select Dotclear release canal (stable | unstable) # Create user
ARG CANAL stable RUN adduser -D -g 'www' www
ENV CNL_DOTCLEAR=$CANAL
# Image label
LABEL org.opencontainers.image.source=https://github.com/JcDenis/docker-dotclear
LABEL org.opencontainers.image.description="Dotclear docker image $CNL_DOTCLEAR"
LABEL org.opencontainers.image.licenses=AGPL-3.0
## ##
# Nginx # Nginx
## ##
# Create user
RUN adduser -D -g 'www' www
# Install required package # Install required package
RUN apk add --no-cache --update \ RUN apk add --no-cache --update \
nginx \ nginx \
curl \ curl \
tar \ tar \
unzip \ unzip \
xq libxml2-utils
# Create directories structure # Create directories structure
RUN mkdir -p /var/www/dotclear RUN mkdir -p /var/www/dotclear \
RUN chown -R www:www /var/lib/nginx /var/www && chown -R www:www /var/lib/nginx /var/www
# Copy nginx configuration # Copy nginx configuration
COPY etc/nginx.conf /etc/nginx/nginx.conf COPY etc/nginx.conf /etc/nginx/nginx.conf
@ -45,46 +57,47 @@ COPY etc/snippets_subfolder.conf /etc/nginx/snippets/snippets_subfolder.conf
COPY etc/snippets_subdomain.conf /etc/nginx/snippets/snippets_subdomain.conf COPY etc/snippets_subdomain.conf /etc/nginx/snippets/snippets_subdomain.conf
COPY etc/snippets_common.conf /etc/nginx/snippets/snippets_common.conf COPY etc/snippets_common.conf /etc/nginx/snippets/snippets_common.conf
# Fix vuln alpine 3.21.0 : curl 8.11.0-r2 => 8.11-r0
RUN apk upgrade curl
## ##
# PHP # PHP
## ##
# Try to bypass Alpine Linux iconv bug # Try to bypass Alpine Linux iconv bug
#RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ gnu-libiconv
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.12/community/ gnu-libiconv=1.15-r2 RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.12/community/ gnu-libiconv=1.15-r2
ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so ENV LD_PRELOAD=/usr/lib/preloadable_libiconv.so
# Use PHP 8.3 release
ENV VER_PHP=php83
# Install PHP required packages # Install PHP required packages
RUN apk add --no-cache --update \ RUN apk add --no-cache --update \
${VER_PHP}-common \ ${DC_DOCKER_PHP}-common \
${VER_PHP}-cli \ ${DC_DOCKER_PHP}-cli \
${VER_PHP}-fpm \ ${DC_DOCKER_PHP}-fpm \
${VER_PHP}-session \ ${DC_DOCKER_PHP}-session \
${VER_PHP}-curl \ ${DC_DOCKER_PHP}-curl \
${VER_PHP}-gd \ ${DC_DOCKER_PHP}-gd \
${VER_PHP}-gmp \ ${DC_DOCKER_PHP}-gmp \
${VER_PHP}-exif \ ${DC_DOCKER_PHP}-exif \
${VER_PHP}-tidy \ ${DC_DOCKER_PHP}-tidy \
${VER_PHP}-intl \ ${DC_DOCKER_PHP}-intl \
${VER_PHP}-json \ ${DC_DOCKER_PHP}-json \
${VER_PHP}-mbstring \ ${DC_DOCKER_PHP}-mbstring \
${VER_PHP}-iconv \ ${DC_DOCKER_PHP}-iconv \
${VER_PHP}-gettext \ ${DC_DOCKER_PHP}-gettext \
${VER_PHP}-mysqli \ ${DC_DOCKER_PHP}-mysqli \
${VER_PHP}-pgsql \ ${DC_DOCKER_PHP}-pgsql \
${VER_PHP}-opcache \ ${DC_DOCKER_PHP}-opcache \
${VER_PHP}-dom \ ${DC_DOCKER_PHP}-dom \
${VER_PHP}-xml \ ${DC_DOCKER_PHP}-xml \
${VER_PHP}-simplexml \ ${DC_DOCKER_PHP}-simplexml \
${VER_PHP}-zip \ ${DC_DOCKER_PHP}-zip \
${VER_PHP}-pdo_sqlite ${DC_DOCKER_PHP}-pdo_sqlite
# Copy PHP configuration # Copy PHP configuration
COPY etc/${CNL_DOTCLEAR}-php.ini /etc/${VER_PHP}/php.ini COPY etc/${DC_DOCKER_CANAL}-php.ini /etc/${DC_DOCKER_PHP}/php.ini
COPY etc/php-fpm.conf /etc/${VER_PHP}/php-fpm.d/www.conf COPY etc/php-fpm.conf /etc/${DC_DOCKER_PHP}/php-fpm.d/www.conf
## ##
# Dotclear # Dotclear
@ -92,62 +105,45 @@ COPY etc/php-fpm.conf /etc/${VER_PHP}/php-fpm.d/www.conf
# Download latest Dotclear version # Download latest Dotclear version
RUN curl -fsSL -o versions.xml "http://download.dotclear.org/versions.xml" \ RUN curl -fsSL -o versions.xml "http://download.dotclear.org/versions.xml" \
&& curl -fsSL -o dotclear.zip $(cat versions.xml | xq -x "//release[@name='$CNL_DOTCLEAR']/@href") \ && curl -fsSL -o dotclear.zip $(xmllint --xpath "//release[@name='$DC_DOCKER_CANAL']/@href" versions.xml | awk -F'[="]' '!/>/{print $(NF-1)}') \
&& echo "$(cat versions.xml | xq -x "//release[@name='$CNL_DOTCLEAR']/@checksum") dotclear.zip" | md5sum -c - \ && echo "$(xmllint --xpath "//release[@name='$DC_DOCKER_CANAL']/@checksum" versions.xml | awk -F'[="]' '!/>/{print $(NF-1)}') dotclear.zip" | md5sum -c - \
&& mkdir -p /usr/src/dotclear \ && mkdir -p /usr/src/dotclear \
&& unzip -d /usr/src dotclear.zip \ && unzip -d /usr/src dotclear.zip \
&& rm dotclear.zip \ && rm dotclear.zip
&& chown -R www:www /usr/src/dotclear \
&& chmod -R 755 /usr/src/dotclear/public /usr/src/dotclear/cache \
&& rm -f /var/www/dotclear/app/*
# Create www structure # Create predefined www structure
COPY www /var/lib/dotclear COPY www /var/lib/dotclear
RUN chown -R www:www /var/lib/dotclear
# These variables are only used for first install, see inc/config.php, from dotclear 2.32
# Custom path for dotclear config file
ENV DC_RC_PATH=/var/www/dotclear/config.php
# Directory of third party plugins
ENV DC_PLUGINS_ROOT=/var/www/dotclear/plugins
# Directory for template cache files
ENV DC_TPL_CACHE=/var/www/dotclear/cache
# Directory for dotclear var
ENV DC_VAR=/var/www/dotclear/var
## ##
# Plugins # Plugins
## ##
# DotclearWatch # DotclearWatch
ENV VER_DW=0.9.3 RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/DotclearWatch/releases/download/v$DC_DOCKER_PLUGIN_DOTCLEARWATCH/plugin-DotclearWatch.zip" \
RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/DotclearWatch/releases/download/v$VER_DW/plugin-DotclearWatch.zip" \
&& mkdir -p /var/lib/dotclear/plugins/DotclearWatch \ && mkdir -p /var/lib/dotclear/plugins/DotclearWatch \
&& unzip -d /var/lib/dotclear/plugins plugin.zip \ && unzip -d /var/lib/dotclear/plugins plugin.zip \
&& chown -R www:www /var/lib/dotclear/plugins \
&& rm plugin.zip && rm plugin.zip
# dcLog # dcLog
ENV VER_DL=1.7.3 RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/dcLog/releases/download/v$DC_DOCKER_PLUGIN_DCLOG/plugin-dcLog.zip" \
RUN curl -fsSL -o plugin.zip "https://github.com/JcDenis/dcLog/releases/download/v$VER_DL/plugin-dcLog.zip" \
&& mkdir -p /var/lib/dotclear/plugins/dcLog \ && mkdir -p /var/lib/dotclear/plugins/dcLog \
&& unzip -d /var/lib/dotclear/plugins plugin.zip \ && unzip -d /var/lib/dotclear/plugins plugin.zip \
&& chown -R www:www /var/lib/dotclear/plugins \
&& rm plugin.zip && rm plugin.zip
# sysInfo # sysInfo
ENV VER_SI=9.8 RUN curl -fsSL -o plugin.zip "https://github.com/franck-paul/sysInfo/releases/download/$DC_DOCKER_PLUGIN_SYSINFO/plugin-sysInfo-$DC_DOCKER_PLUGIN_SYSINFO.zip" \
RUN curl -fsSL -o plugin.zip "https://github.com/franck-paul/sysInfo/releases/download/$VER_SI/plugin-sysInfo-$VER_SI.zip" \
&& mkdir -p /var/lib/dotclear/plugins/sysInfo \ && mkdir -p /var/lib/dotclear/plugins/sysInfo \
&& unzip -d /var/lib/dotclear/plugins plugin.zip \ && unzip -d /var/lib/dotclear/plugins plugin.zip \
&& chown -R www:www /var/lib/dotclear/plugins \
&& rm plugin.zip && rm plugin.zip
## ##
# END # END
## ##
# Fix ownership
RUN chown -R www:www /var/lib/dotclear /usr/src/dotclear
# Docker container uses port 80 # Docker container uses port 80
EXPOSE 80 EXPOSE 80

View file

@ -11,11 +11,16 @@
## 1. THE SHORT WAY ## 1. THE SHORT WAY
In your futur server, with Docker compose installed, execute: In your futur server, with Docker installed, execute:
docker run -d --name dotclear -p 80:80 -v dotclear:/var/www/dotclear
or with Docker compose installed, execute:
curl -fsSL -o docker-compose.yaml https://raw.githubusercontent.com/JcDenis/docker-dotclear/refs/heads/master/docker-compose.yaml && docker-compose up -d curl -fsSL -o docker-compose.yaml https://raw.githubusercontent.com/JcDenis/docker-dotclear/refs/heads/master/docker-compose.yaml && docker-compose up -d
## 2. WHAT IS DOTCLEAR ## 2. WHAT IS DOTCLEAR
Dotclear is an open-source web publishing software. Dotclear is an open-source web publishing software.
@ -32,8 +37,9 @@ tool allowing anyone to publish on the web, regardless of their technical skills
This repository contains all features to build or run Dotclear on a Docker environment. This repository contains all features to build or run Dotclear on a Docker environment.
It is hightly based on work from [darknao](https://github.com/darknao/docker-dotclear). It is hightly based on work from [darknao](https://github.com/darknao/docker-dotclear).
* Dotclear docker images are avaialable at [Docker hub](https://hub.docker.com/r/jcpd/docker-dotclear) or [Github registry](https://github.com/JcDenis/docker-dotclear/pkgs/container/docker-dotclear) * Dotclear docker images are available at [Docker hub](https://hub.docker.com/r/jcpd/docker-dotclear) or [Github registry](https://github.com/JcDenis/docker-dotclear/pkgs/container/docker-dotclear)
* Dotclear docker sources are avaialable at [Github repository](https://github.com/JcDenis/docker-dotclear) * Dotclear docker sources are available at [Github repository](https://github.com/JcDenis/docker-dotclear)
* Dotclear docker helps (french) are available at [Doclear Watch Blog](https://docker.dotclear.watch)
### 3.1 TAGS ### 3.1 TAGS
@ -68,13 +74,12 @@ Or to build image from unstable canal, from the Dokerfile path, execute:
Builds should support: Builds should support:
* postgresql and mysql and sqlite database * postgresql and mysql and sqlite database
* linux/386,linux/amd64,linux/arm64,linux/arm/V7 plateforms * linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x (and more) plateforms
* docker container healthcheck * docker container healthcheck
### 3.3 DOCKER ### 3.3 DOCKER
#### 3.3.1 Exemple of a docker compose file with a mariadb database #### 3.3.1 Exemple of a docker compose file with a mariadb database
Create and edit a **docker-compose.yaml** file and put into it this contents : Create and edit a **docker-compose.yaml** file and put into it this contents :
@ -284,25 +289,59 @@ To upgrade Dotclear to next version it is recommanded to pull latest image and r
or use Dotclear buitin update system but themes wiil not be updated. or use Dotclear buitin update system but themes wiil not be updated.
### 4. TODO ## 4. TODO
* Add better cache management. From another container or from Dotclear container. * Add better cache management. From another container or from Dotclear container.
* Add mail support. * Add mail support.
### 5. CONTRIBUTING ## 5. SECURITY
* Nginx master process runs as root and set uid/gid to user www
* PHP-FPM master process runs as root and set uid/gid to user www
* Docker image entrypoint runs as root and set runuser to www at its end
* Dotclear application files are chown to user www
For security report see [SECURITY file](/SECURITY.md) or open a ticket on github repository.
## 6. CONTRIBUTING
This image is an open source project. If you'd like to contribute, please read the [CONTRIBUTING file](/CONTRIBUTING.md). This image is an open source project. If you'd like to contribute, please read the [CONTRIBUTING file](/CONTRIBUTING.md).
You can submit a pull request, or feel free to use any other way you'd prefer. You can submit a pull request, or feel free to use any other way you'd prefer.
### 6. LICENSE ## 7. LICENSES
Copyright Jean-Christian Paul Denis Many licenses are involved in there, from files in repository to those from softwares used in final Docker image.
AGPL-v3 <https://www.gnu.org/licenses/agpl-3.0.html>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Dotclear software is licensed under AGPL-3, Copyright Olivier Meunier & Association Dotclear ### 7.1 DOCKER-DOTCLEAR REPOSITORY FILES
All files in docker-dotclear repository are licensed under AGPL-3, Copyright (c) Jean-Christian Paul Denis.
Copyright (c) Jean-Christian Paul Denis
AGPL-v3 <https://www.gnu.org/licenses/agpl-3.0.html>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
### 7.2 LINUX ALPINE
Linux Alpine operating system in these final Docker images is licensed under MIT License, Copyright (c) 2019 Natanael Copa.
### 7.3 NGINX
NGINX web server in these final Docker images is licensed under 2-clause BSD-like license, Copyright (c) 2002-2021 Igor Sysoev, 2011-2024 Nginx, Inc.
### 7.4 PHP
PHP hypertext preprocessor in these final Docker images is licensed under the PHP License v3.01, copyright (c) the PHP Group.
### 7.5 DOTCLEAR
Dotclear software present in these final Docker images is licensed under AGPL-v3, Copyright (c) Olivier Meunier & Association Dotclear.

View file

@ -1,4 +1,5 @@
# jcpd/docker-dotclear:latest # Docker compose file exemple for latest Dotclear release.
# Using docker volumes and 2 containers, one for blog web server and one for the database
volumes: volumes:
dc_app: dc_app:
dc_db: dc_db:
@ -32,8 +33,8 @@ services:
ports: ports:
- 80:80 - 80:80
depends_on: depends_on:
dc_db: # MYSQL database service dc_db:
condition: service_healthy # Waiting for database ready condition: service_healthy
environment: environment:
DC_DBDRIVER: mysqlimb4 DC_DBDRIVER: mysqlimb4
DC_DBHOST: dc_db DC_DBHOST: dc_db

View file

@ -6,7 +6,7 @@
set -e set -e
# Read image version # Read image version
if [ "$CNL_DOTCLEAR" == "stable" ]; then if [ "$DC_DOCKER_CANAL" == "stable" ]; then
# stable = x.xx.x => x.xx.x # stable = x.xx.x => x.xx.x
export COMPARE_HAYSTACK="s/^\s*\"release_version\":\s*\"\(.*\)\",/\1/p" export COMPARE_HAYSTACK="s/^\s*\"release_version\":\s*\"\(.*\)\",/\1/p"
else else
@ -65,12 +65,13 @@ echo >&2 "Updating Dotclear common themes..."
cp -rf /var/www/dotclear/app/themes/* /var/www/dotclear/themes cp -rf /var/www/dotclear/app/themes/* /var/www/dotclear/themes
# DEBUG mode for non stable releases # DEBUG mode for non stable releases
if [ "$CNL_DOTCLEAR" == "stable" ]; then if [ "$DC_DOCKER_CANAL" == "stable" ]; then
echo >&2 "Disabling Dotclear DEBUG mode" echo >&2 "Disabling Dotclear DEBUG mode"
sed -i -e "s/ \/\/\*== DC_DEBUG ==/ \/\*== DC_DEBUG ==/g" /var/www/dotclear/app/src/Config.php sed -i -e "s/ \/\/\*== DC_DEBUG ==/ \/\*== DC_DEBUG ==/g" /var/www/dotclear/app/src/Config.php
else else
echo >&2 "Enabling Dotclear DEBUG mode" echo >&2 "Enabling Dotclear DEBUG mode and DEV mode"
sed -i -e "s/ \/\*== DC_DEBUG ==/ \/\/\*== DC_DEBUG ==/g" /var/www/dotclear/app/src/Config.php sed -i -e "s/ \/\*== DC_DEBUG ==/ \/\/\*== DC_DEBUG ==/g" /var/www/dotclear/app/src/Config.php
sed -i -e "s/'DC_DEV', false/'DC_DEV', true/g" /var/www/dotclear/app/src/Config.php
fi fi
# Various cleanup. Sorry not sorry. # Various cleanup. Sorry not sorry.
@ -82,17 +83,22 @@ rm -f /var/www/dotclear/servers/default.conf
# Fix www permissions # Fix www permissions
echo >&2 "Setting up permissions..." echo >&2 "Setting up permissions..."
chown -R www:www /var/www/dotclear chown -R www:www /var/www/dotclear
[ -e /var/www/dotclear/config.php ] && chmod 600 /var/www/dotclear/config.php
chmod 600 -R /var/www/dotclear/servers
# Print summary to docker logs # Print summary to docker logs
VERSION_INSTALLED=$(sed -n "s/^\s*\"release_version\":\s*\"\(.*\)\",/\1/p" release.json) VERSION_INSTALLED=$(sed -n "s/^\s*\"release_version\":\s*\"\(.*\)\",/\1/p" release.json)
echo >&2 "| Summary: " echo >&2 '┌──'
echo >&2 "| Alpine $(cat /etc/alpine-release)" echo >&2 "│ Summary: "
echo >&2 "| Nginx $(nginx -v 2>&1 | sed 's/nginx version: nginx\///')" echo >&2 "│ ◦ Alpine $(cat /etc/alpine-release)"
echo >&2 "| PHP $(php -r "echo PHP_VERSION;")" echo >&2 "│ ◦ Nginx $(nginx -v 2>&1 | sed 's/nginx version: nginx\///')"
echo >&2 "| Dotclear ${VERSION_INSTALLED}" echo >&2 "│ ◦ PHP $(php84 -r "echo PHP_VERSION;")"
echo >&2 "│ ◦ Dotclear ${VERSION_INSTALLED}"
echo >&2 '└──'
# Start web server # Start web server
php-fpm83 -D # FPM must start first in daemon mode php-fpm84 -D # FPM must start first in daemon mode
nginx # Then nginx in no daemon mode nginx # Then nginx in no daemon mode
exec "$@" # Switch from user root to wwww
exec runuser -u www "$@"

View file

@ -104,9 +104,9 @@ session.referer_check =
session.cache_limiter = nocache session.cache_limiter = nocache
session.cache_expire = 180 session.cache_expire = 180
session.use_trans_sid = 0 session.use_trans_sid = 0
session.sid_length = 26 #session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form=" session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5 #session.sid_bits_per_character = 5
[opcache] [opcache]
opcache.enable=1 opcache.enable=1

View file

@ -104,9 +104,9 @@ session.referer_check =
session.cache_limiter = nocache session.cache_limiter = nocache
session.cache_expire = 180 session.cache_expire = 180
session.use_trans_sid = 0 session.use_trans_sid = 0
session.sid_length = 26 #session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form=" session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5 #session.sid_bits_per_character = 5
[opcache] [opcache]
opcache.enable=1 opcache.enable=1

View file

@ -6,7 +6,7 @@ services:
restart: unless-stopped restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes: volumes:
- dcstable/db:/var/lib/mysql - dcstable_db:/var/lib/mysql
environment: environment:
MYSQL_ROOT_PASSWORD: dotclear_root MYSQL_ROOT_PASSWORD: dotclear_root
MYSQL_DATABASE: dotclear_db MYSQL_DATABASE: dotclear_db
@ -24,7 +24,7 @@ services:
container_name: dcstableapp container_name: dcstableapp
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- dcstable/app:/var/www/dotclear - dcstable_app:/var/www/dotclear
ports: ports:
- 80:80 - 80:80
depends_on: depends_on:
@ -40,4 +40,5 @@ services:
DC_ADMINMAILFROM: contact@exemple.com DC_ADMINMAILFROM: contact@exemple.com
volumes: volumes:
dcstable: dcstable_db:
dcstable_app:

View file

@ -10,7 +10,7 @@ services:
POSTGRES_DB: dcstable_db POSTGRES_DB: dcstable_db
PGDATA: /var/lib/postgresql/data/pgdata PGDATA: /var/lib/postgresql/data/pgdata
volumes: volumes:
- dcstable:/var/lib/postgresql/data - dcstable_db:/var/lib/postgresql/data
healthcheck: healthcheck:
test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ]
interval: 1s interval: 1s
@ -24,7 +24,7 @@ services:
ports: ports:
- 80:80 - 80:80
volumes: volumes:
- dcstable/app:/var/www/dotclear - dcstable_app:/var/www/dotclear
depends_on: depends_on:
dcstabledb: dcstabledb:
condition: service_healthy condition: service_healthy
@ -38,4 +38,5 @@ services:
DC_ADMINMAILFROM: contact@exemple.com DC_ADMINMAILFROM: contact@exemple.com
volumes: volumes:
dcstable: dcstable_db:
dcstable_app: