Add Wolfi images

WyriHaximus · WyriHaximus · commit 00ba5c94f8b0 · 2023-05-20T17:19:33.000+02:00
diff --git a/.github/workflows/ci-wolfi.yml b/.github/workflows/ci-wolfi.yml
@@ -0,0 +1,24 @@
+name: Continuous Integration (Wolfi)
+on:
+  pull_request:
+jobs:
+  build:
+    name: Building "${{ matrix.php }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php: ["8.1", "8.2"]
+    steps:
+      - uses: actions/checkout@v2
+      - uses: dbhi/qus/action@main
+      - run: docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen
+      - run: docker run --privileged  --rm -v "${PWD}":/work cgr.dev/chainguard/melange build wolfi-apk-${{ matrix.php }}-slim.yaml --arch amd64,arm64 --signing-key melange.rsa
+      - run: docker run --privileged  --rm -v "${PWD}":/work cgr.dev/chainguard/melange build wolfi-apk-${{ matrix.php }}.yaml --arch amd64,arm64 --signing-key melange.rsa
+      - run: docker run --rm -v ${PWD}:/work cgr.dev/chainguard/apko build --arch amd64,arm64 wolfi-image-${{ matrix.php }}-slim.yaml wyrihaximusnet/php:${{ matrix.php }}-nts-wolfi-slim php-${{ matrix.php }}-slim.tar -k melange.rsa.pub
+      - run: docker run --rm -v ${PWD}:/work cgr.dev/chainguard/apko build --arch amd64,arm64 wolfi-image-${{ matrix.php }}.yaml wyrihaximusnet/php:${{ matrix.php }}-nts-wolfi-slim php-${{ matrix.php }}.tar -k melange.rsa.pub
+      - run: docker load < php-${{ matrix.php }}-slim.tar
+      - run: docker load < php-${{ matrix.php }}.tar
+      - run: docker run --rm -t wyrihaximusnet/php:${{ matrix.php }}-nts-wolfi-slim-amd64 -v
+      - run: docker run --rm -t wyrihaximusnet/php:${{ matrix.php }}-nts-wolfi-slim-amd64 -m
+      - run: docker images
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ on:
   push:
     branches:
       - master
-  pull_request:
+#  pull_request:
   schedule:
     - cron:  '13 4 * * *'
 jobs:
@@ -95,7 +95,7 @@ jobs:
         run: |
           echo "Generate full image list"
           php utils/all-images.php
-          
+
           if [ "${{ github.event_name }}" == "schedule" ] ; then
             echo "This is a scheduled run, scanning for CVE's"
             php utils/all-image-tags.php | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress $(php -r "echo explode(\"#\", \"%\")[0];") > /dev/null || echo "%|"' >> images_with.cves
@@ -108,7 +108,7 @@ jobs:
 
             echo "Looking for newer upstream images"
             php utils/newer-upstream-images.php  >> images-that-need-updating.list
-          
+
             printf "image=%s" $(php utils/deduplicate-list.php) >> $GITHUB_OUTPUT
             exit 0
           fi
diff --git a/wolfi-apk-8.1-slim.yaml b/wolfi-apk-8.1-slim.yaml
@@ -0,0 +1,107 @@
+package:
+  name: php-81-slim
+  version: 0.1.0
+  description: PHP 8.1 Slim
+  target-architecture:
+    - all
+  copyright:
+    - license: MIT
+      paths:
+        - "*"
+  dependencies:
+    runtime:
+      - php81
+      - php81-common
+      - php81-curl
+      - php81-openssl
+      - php81-dev
+      - php81-pear
+      - php81-xml
+      - php81-dom
+      - php81-pcntl
+      - php81-pgsql
+      - php81-pdo
+      - php81-pdo_pgsql
+      - php81-bcmath
+      - php81-zip
+      - php81-gmp
+      - php81-iconv
+      - php81-opcache
+      - php81-intl
+      - php81-sockets
+      - libuv-dev
+      - icu-dev
+#      - libevent-dev
+
+environment:
+  contents:
+    repositories:
+      - https://dl-cdn.alpinelinux.org/alpine/edge/main
+      - https://dl-cdn.alpinelinux.org/alpine/edge/community
+    packages:
+      - ca-certificates-bundle
+      - curl
+      - git
+      - php81
+      - php81-common
+      - php81-curl
+      - php81-openssl
+      - php81-dev
+      - php81-pear
+      - php81-xml
+      - php81-dom
+      - autoconf
+      - dpkg-dev
+      - file
+      - g++
+      - gcc
+      - libc-dev
+      - make
+      - re2c
+      - composer
+      - libuv-dev
+      - icu-dev
+#      - libevent-dev
+      - openssl-dev
+      - coreutils
+      - procps
+
+pipeline:
+  - name: install pear
+    runs: |
+      set -x
+      wget -q pear.php.net/go-pear.phar
+      php go-pear.phar
+      mkdir -p $(php-config --extension-dir 2>/dev/null)
+      mkdir -p "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)"
+      mkdir -p "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)"
+  - name: ext-uv
+    runs: |
+      git clone https://github.com/amphp/ext-uv uv
+      cd uv
+      git fetch
+      git pull
+      phpize
+      ./configure
+      cat Makefile
+      make install
+      echo "extension=uv.so" > "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)/uv.ini"
+      cp "$(php-config --extension-dir 2>/dev/null)/uv.so" "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)/uv.so"
+  - name: ext-eio
+    runs: |
+      pecl install eio || pecl install eio-beta
+      echo "extension=eio.so" > "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)/eio.ini"
+      cp "$(php-config --extension-dir 2>/dev/null)/eio.so" "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)/eio.so"
+#  - name: ext-event
+#    runs: |
+#      pecl install event
+#      echo "extension=event.so" > "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)/event.ini"
+#      cp "$(php-config --extension-dir 2>/dev/null)/event.so" "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)/event.so"
+  - name: wait-for
+    runs: |
+      mkdir -p "${{targets.destdir}}/bin"
+      wget -q -O - https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > "${{targets.destdir}}/bin/wait-for"
+  - name: clean up pear
+    runs: |
+      rm go-pear.phar
+  - uses: strip
diff --git a/wolfi-apk-8.1.yaml b/wolfi-apk-8.1.yaml
@@ -0,0 +1,29 @@
+package:
+  name: php-81
+  version: 0.1.0
+  description: PHP 8.1
+  target-architecture:
+    - all
+  copyright:
+    - license: MIT
+      paths:
+        - "*"
+  dependencies:
+    runtime:
+      - php81-slim
+      - php81-gd
+      - php81-vips
+
+environment:
+  contents:
+    keyring:
+      - /work/melange.rsa.pub
+    repositories:
+      - https://dl-cdn.alpinelinux.org/alpine/edge/main
+      - https://dl-cdn.alpinelinux.org/alpine/edge/community
+      - '@local /work/packages'
+    packages:
+      - php81-slim@local
+
+pipeline:
+  - uses: strip
diff --git a/wolfi-apk-8.2-slim.yaml b/wolfi-apk-8.2-slim.yaml
@@ -0,0 +1,107 @@
+package:
+  name: php-82-slim
+  version: 0.1.0
+  description: PHP 8.2 Slim
+  target-architecture:
+    - all
+  copyright:
+    - license: MIT
+      paths:
+        - "*"
+  dependencies:
+    runtime:
+      - php82
+      - php82-common
+      - php82-curl
+      - php82-openssl
+      - php82-dev
+      - php82-pear
+      - php82-xml
+      - php82-dom
+      - php82-pcntl
+      - php82-pgsql
+      - php82-pdo
+      - php82-pdo_pgsql
+      - php82-bcmath
+      - php82-zip
+      - php82-gmp
+      - php82-iconv
+      - php82-opcache
+      - php82-intl
+      - php82-sockets
+      - libuv-dev
+      - icu-dev
+#      - libevent-dev
+
+environment:
+  contents:
+    repositories:
+      - https://dl-cdn.alpinelinux.org/alpine/edge/main
+      - https://dl-cdn.alpinelinux.org/alpine/edge/community
+    packages:
+      - ca-certificates-bundle
+      - curl
+      - git
+      - php82
+      - php82-common
+      - php82-curl
+      - php82-openssl
+      - php82-dev
+      - php82-pear
+      - php82-xml
+      - php82-dom
+      - autoconf
+      - dpkg-dev
+      - file
+      - g++
+      - gcc
+      - libc-dev
+      - make
+      - re2c
+      - composer
+      - libuv-dev
+      - icu-dev
+      #      - libevent-dev
+      - openssl-dev
+      - coreutils
+      - procps
+
+pipeline:
+#  - name: install pear
+#    runs: |
+#      set -x
+#      wget -q pear.php.net/go-pear.phar
+#      php go-pear.phar
+#      mkdir -p $(php-config --extension-dir 2>/dev/null)
+#      mkdir -p "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)"
+#      mkdir -p "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)"
+#  - name: ext-uv
+#    runs: |
+#      git clone https://github.com/amphp/ext-uv uv
+#      cd uv
+#      git fetch
+#      git pull
+#      phpize
+#      ./configure
+#      cat Makefile
+#      make install
+#      echo "extension=uv.so" > "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)/uv.ini"
+#      cp "$(php-config --extension-dir 2>/dev/null)/uv.so" "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)/uv.so"
+#  - name: ext-eio
+#    runs: |
+#      pecl install eio || pecl install eio-beta
+#      echo "extension=eio.so" > "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)/eio.ini"
+#      cp "$(php-config --extension-dir 2>/dev/null)/eio.so" "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)/eio.so"
+  #  - name: ext-event
+  #    runs: |
+  #      pecl install event
+  #      echo "extension=event.so" > "${{targets.destdir}}$(php-config --ini-dir 2>/dev/null)/event.ini"
+  #      cp "$(php-config --extension-dir 2>/dev/null)/event.so" "${{targets.destdir}}$(php-config --extension-dir 2>/dev/null)/event.so"
+  - name: wait-for
+    runs: |
+      mkdir -p "${{targets.destdir}}/bin"
+      wget -q -O - https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > "${{targets.destdir}}/bin/wait-for"
+#  - name: clean up pear
+#    runs: |
+#      rm go-pear.phar
+  - uses: strip
diff --git a/wolfi-apk-8.2.yaml b/wolfi-apk-8.2.yaml
@@ -0,0 +1,18 @@
+package:
+  name: php-82
+  version: 0.1.0
+  description: PHP 8.2
+  target-architecture:
+    - all
+  copyright:
+    - license: MIT
+      paths:
+        - "*"
+  dependencies:
+    runtime:
+      - php82-slim
+      - php82-gd
+      - php82-vips
+
+pipeline:
+  - uses: strip
diff --git a/wolfi-image-8.1-slim.yaml b/wolfi-image-8.1-slim.yaml
@@ -0,0 +1,19 @@
+contents:
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+    - https://dl-cdn.alpinelinux.org/alpine/edge/community
+    - '@local /work/packages'
+  packages:
+    - alpine-baselayout-data
+    - ca-certificates-bundle
+    - php-81-slim@local
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+  run-as: 65532
+entrypoint:
+  command: php
diff --git a/wolfi-image-8.1.yaml b/wolfi-image-8.1.yaml
@@ -0,0 +1,20 @@
+contents:
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+    - https://dl-cdn.alpinelinux.org/alpine/edge/community
+    - '@local /work/packages'
+  packages:
+    - alpine-baselayout-data
+    - ca-certificates-bundle
+    - php-81-slim@local
+    - php-81@local
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+  run-as: 65532
+entrypoint:
+  command: php
diff --git a/wolfi-image-8.2-slim.yaml b/wolfi-image-8.2-slim.yaml
@@ -0,0 +1,19 @@
+contents:
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+    - https://dl-cdn.alpinelinux.org/alpine/edge/community
+    - '@local /work/packages'
+  packages:
+    - alpine-baselayout-data
+    - ca-certificates-bundle
+    - php-82-slim@local
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+  run-as: 65532
+entrypoint:
+  command: php
diff --git a/wolfi-image-8.2.yaml b/wolfi-image-8.2.yaml
@@ -0,0 +1,20 @@
+contents:
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+    - https://dl-cdn.alpinelinux.org/alpine/edge/community
+    - '@local /work/packages'
+  packages:
+    - alpine-baselayout-data
+    - ca-certificates-bundle
+    - php-82-slim@local
+    - php-82@local
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+  run-as: 65532
+entrypoint:
+  command: php
