From 6943e423e1c4768ebd8f0d60881f830df157a763 Mon Sep 17 00:00:00 2001 From: Mario Tischlinger <91111902+mtisaut@users.noreply.github.com> Date: Thu, 27 Nov 2025 11:19:25 +0100 Subject: [PATCH 1/2] update Docker build and enable env based overrides --- Dockerfile | 50 +++++++++++++++++++++++++++++++++++----------- files/php-fpm.conf | 9 +++++++++ files/php.ini | 17 ++++++++++++++++ 3 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 files/php-fpm.conf create mode 100644 files/php.ini diff --git a/Dockerfile b/Dockerfile index 1c1c7161..de476d4b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG PHP_VERSION="8.2" ARG DEBIAN_VERSION="bullseye" -FROM php:${PHP_VERSION}-fpm-${DEBIAN_VERSION} as pimcore_php_min +FROM php:${PHP_VERSION}-fpm-${DEBIAN_VERSION} AS pimcore_php_min COPY files/build-cleanup.sh /usr/local/bin COPY files/build-install.sh /usr/local/bin @@ -30,12 +30,38 @@ RUN set -eux; \ RUN set -eux; build-cleanup.sh; -RUN echo "upload_max_filesize = 100M" >> /usr/local/etc/php/conf.d/20-pimcore.ini; \ - echo "memory_limit = 256M" >> /usr/local/etc/php/conf.d/20-pimcore.ini; \ - echo "post_max_size = 100M" >> /usr/local/etc/php/conf.d/20-pimcore.ini - -ENV COMPOSER_ALLOW_SUPERUSER 1 -ENV COMPOSER_MEMORY_LIMIT -1 +COPY files/php.ini /usr/local/etc/php/conf.d/20-pimcore.ini +COPY files/php-fpm.conf /usr/local/etc/php-fpm.d/zz-www.conf + +# env php.ini +ENV PHP_TIMEZONE="UTC" +ENV PHP_MEMORY_LIMIT="256M" +ENV PHP_POST_MAX_SIZE="100M" +ENV PHP_UPLOAD_MAX_FILESIZE="100M" +ENV PHP_DISPLAY_STARTUP_ERRORS=1 +ENV PHP_MAX_EXECUTION_TIME="30" +ENV PHP_ERROR_REPORTING="E_ALL" +ENV PHP_EXPOSE_PHP="Off" + +# opcache settings +ENV OPCACHE_ENABLE=1 +ENV OPCACHE_ENABLE_CLI=0 +ENV OPCACHE_MEMORY_CONSUMPTION=128 +ENV OPCACHE_MAX_ACCELERATED_FILES=10000 +ENV OPCACHE_VALIDATE_TIMESTAMPS=1 +ENV OPCACHE_CONSISTENCY_CHECKS=0 + +# fpm settings +ENV PHP_FPM_LISTEN=0.0.0.0:9000 +ENV PHP_FPM_PM=dynamic +ENV PHP_FPM_PM_MAX_CHILDREN=5 +ENV PHP_FPM_PM_START_SERVERS=2 +ENV PHP_FPM_PM_MAX_SPARE_SERVERS=3 +ENV PHP_FPM_PM_MIN_SPARE_SERVERS=1 +ENV PHP_FPM_PM_MAX_REQUESTS=10000 + +ENV COMPOSER_ALLOW_SUPERUSER=1 +ENV COMPOSER_MEMORY_LIMIT=-1 COPY --from=composer/composer:2-bin /composer /usr/bin/composer WORKDIR /var/www/html @@ -46,7 +72,7 @@ CMD ["php-fpm"] -FROM pimcore_php_min as pimcore_php_default +FROM pimcore_php_min AS pimcore_php_default RUN set -eux; build-install.sh; @@ -86,7 +112,7 @@ CMD ["php-fpm"] -FROM pimcore_php_default as pimcore_php_max +FROM pimcore_php_default AS pimcore_php_max RUN set -eux; build-install.sh; RUN set -eux; \ @@ -103,7 +129,7 @@ CMD ["php-fpm"] -FROM pimcore_php_default as pimcore_php_debug +FROM pimcore_php_default AS pimcore_php_debug RUN set -eux; build-install.sh; RUN pecl install xdebug; \ @@ -113,7 +139,7 @@ RUN set -eux; build-cleanup.sh; # allow container to run as custom user, this won't work otherwise because config is changed in entrypoint.sh RUN chmod -R 0777 /usr/local/etc/php/conf.d -ENV PHP_IDE_CONFIG serverName=localhost +ENV PHP_IDE_CONFIG=serverName=localhost COPY files/entrypoint.sh /usr/local/bin RUN chmod +x /usr/local/bin/entrypoint.sh @@ -121,7 +147,7 @@ RUN chmod +x /usr/local/bin/entrypoint.sh ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] CMD ["php-fpm"] -FROM pimcore_php_default as pimcore_php_supervisord +FROM pimcore_php_default AS pimcore_php_supervisord RUN apt-get update; \ apt-get install -y supervisor cron; diff --git a/files/php-fpm.conf b/files/php-fpm.conf new file mode 100644 index 00000000..73c4cdd3 --- /dev/null +++ b/files/php-fpm.conf @@ -0,0 +1,9 @@ +; File overwrites the original values with environment variables +[www] +listen = ${PHP_FPM_LISTEN} +pm = ${PHP_FPM_PM} +pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN} +pm.start_servers = ${PHP_FPM_PM_START_SERVERS} +pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS} +pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS} +pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS} diff --git a/files/php.ini b/files/php.ini new file mode 100644 index 00000000..0fbe507b --- /dev/null +++ b/files/php.ini @@ -0,0 +1,17 @@ +date.timezone = ${PHP_TIMEZONE} + +memory_limit = ${PHP_MEMORY_LIMIT} +max_execution_time = ${PHP_MAX_EXECUTION_TIME} +error_reporting = ${PHP_ERROR_REPORTING} +display_errors = ${PHP_DISPLAY_ERRORS} +display_startup_errors = ${PHP_DISPLAY_STARTUP_ERRORS} +post_max_size = ${PHP_POST_MAX_SIZE} +upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE} +expose_php = ${PHP_EXPOSE_PHP} + +opcache.enable = ${OPCACHE_ENABLE} +opcache.enable_cli = ${OPCACHE_ENABLE_CLI} +opcache.memory_consumption = ${OPCACHE_MEMORY_CONSUMPTION} +opcache.max_accelerated_files = ${OPCACHE_MAX_ACCELERATED_FILES} +opcache.validate_timestamps = ${OPCACHE_VALIDATE_TIMESTAMPS} +opcache.consistency_checks = ${OPCACHE_CONSISTENCY_CHECKS} From 78a4097136a3559012cb4626e785c5bc17842a96 Mon Sep 17 00:00:00 2001 From: Mario Tischlinger <91111902+mtisaut@users.noreply.github.com> Date: Thu, 27 Nov 2025 11:57:37 +0100 Subject: [PATCH 2/2] set workflow test branch to ^11 --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 40016f35..67e13df2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,7 +38,7 @@ jobs: docker run --rm pimcore-image test ! -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini fi - docker run --rm pimcore-image composer create-project pimcore/skeleton:11.x-dev pimcore --no-scripts + docker run --rm pimcore-image composer create-project pimcore/skeleton:^11.0 pimcore --no-scripts if [ "$imageVariant" != "min" ]; then docker run -v "$(pwd)/.github/files":/var/www/html --rm pimcore-image php test_heif.php @@ -52,4 +52,4 @@ jobs: exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH'