Optimized images

Signed-off-by: Moritz Friedrich <moritz@matchory.com>

Author: Radiergummi

Dockerfile

@@ -1,67 +1,61 @@
 # syntax=docker/dockerfile:1.13
-FROM php:8.4-cli AS base
-ARG user="5000"
-ARG uid="5000"
-
+FROM php:8.4-cli AS upstream
+FROM upstream AS base
 ARG APCU_VERSION="5.1.24"
 ARG REDIS_VERSION="6.1.0"
 ARG OPENSWOOLE_VERSION="25.2.0"
+ARG user="php"
+ARG uid="5000"
 
-# Persistent/Runtime dependencies
-RUN <<EOF
-set -eux
-apt-get update
-apt-get install --yes --no-install-recommends \
-  postgresql-client \
-  libstdc++6 \
-  colordiff \
-  gettext \
-  file \
-  acl \
-;
-apt-get purge --yes --auto-remove
-rm -rf /var/lib/apt/lists/*
-EOF
-
-# Create the application user
 RUN <<EOF
     set -eux
 
-    # Add a non-root user to run the application
-    adduser -D -G www-data -u "${uid}" -h "/home/${user}" "${user}"
-
-    # region Install Build Dependencies
-    apt-get update
-    apt-get install -y --no-install-recommends \
-      ${PHPIZE_DEPS} \
-      linux-headers-generic \
+    # region Install Dependencies
+    export RUNTIME_DEPENDENCIES="\
+      postgresql-client \
       libmemcached-dev \
-      postgresql-dev \
-      oniguruma-dev \
-      gnu-libiconv \
-      openssl-dev \
+      ca-certificates \
+      libyaml-dev \
       libzip-dev \
-      c-ares-dev \
-      pcre2-dev \
-      libstdc++ \
-      pcre-dev \
-      yaml-dev \
-      curl-dev \
-      zlib-dev \
-      icu-dev \
-      fcgi \
-    ; \
+      zlib1g-dev \
+      gettext \
+      openssl \
+      file \
+    "
+    export BUILD_DEPENDENCIES="\
+      ${PHPIZE_DEPS} \
+      linux-headers-generic \
+      libcurl4-openssl-dev \
+      libpcre3-dev \
+      libonig-dev \
+      libssl-dev \
+      libicu-dev \
+      libpq-dev \
+    "
+
+    apt-get update
+    apt-get install \
+        --yes \
+        --no-install-recommends \
+      ${BUILD_DEPENDENCIES} \
+      ${RUNTIME_DEPENDENCIES}
     # endregion
 
-    # region Install redis
-    curl -L -o /tmp/redis.tar.gz "https://github.com/phpredis/phpredis/archive/${REDIS_VERSION}.tar.gz"
+    # region Install redis extension
+    curl \
+        --fail \
+        --silent \
+        --location \
+        --output /tmp/redis.tar.gz \
+      "https://github.com/phpredis/phpredis/archive/${REDIS_VERSION}.tar.gz"
     tar xfz /tmp/redis.tar.gz
-    rm -r /tmp/redis.tar.gz
+    rm -rf /tmp/redis.tar.gz
     mkdir -p /usr/src/php/ext
     mv phpredis-* /usr/src/php/ext/redis
     # endregion
 
     # region Install Extensions
+    docker-php-source extract
     docker-php-ext-configure zip
     docker-php-ext-install -j$(nproc) \
       pdo_pgsql \
@@ -71,133 +65,130 @@ RUN <<EOF
       bcmath \
       pcntl \
       redis \
+      iconv \
       intl \
       zip \
     ;
     # endregion
 
-    # region Install OpenSwoole
-    docker-php-source extract
-    mkdir --parents /usr/src/php/ext/openswoole
-    curl \
-          --silent \
-          --fail \
-          --location \
-          --output openswoole.tar.gz \
-      "https://github.com/openswoole/swoole-src/archive/refs/tags/v${OPENSWOOLE_VERSION}.tar.gz"
-    tar xfz openswoole.tar.gz --strip-components=1 -C /usr/src/php/ext/openswoole
-    docker-php-ext-configure openswoole \
-      --enable-hook-curl \
-      --enable-openssl \
-      --enable-sockets \
-      --enable-mysqlnd \
-      --with-postgres \
-      --enable-http2 \
-      --enable-cares \
-    ;
-    docker-php-ext-install -j$(nproc) --ini-name zz-openswoole.ini openswoole
-    rm -f openswoole.tar.gz
-    docker-php-source delete
-    # endregion
-
     # region Install PECL Extensions
-    pecl install \
-      memcached \
-      excimer \
-      "apcu-${APCU_VERSION}" \
-      yaml \
-    ;
+    pecl install memcached
+    pecl install excimer
+    pecl install "apcu-${APCU_VERSION}"
+    pecl install yaml
+    pecl install "openswoole-${OPENSWOOLE_VERSION}"
     pecl clear-cache || true
     docker-php-ext-enable \
+      openswoole \
+      memcached \
       opcache \
       excimer \
       apcu \
       yaml \
     ;
+    docker-php-source delete
     # endregion
 
     # region Remove Build Dependencies
-    # Reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-    apt-mark auto '.*' > /dev/null
-    [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark
-
-    # Find and mark runtime dependencies for installed extensions
-    find /usr/local -type f -executable -exec ldd '{}' ';' \
-        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
-        | sort -u \
-        | xargs -r dpkg-query --search \
-        | cut -d: -f1 \
-        | sort -u \
-        | xargs -r apt-mark manual
-
-    # Remove build dependencies and clean up
-    apt-get purge --yes --auto-remove -o APT::AutoRemove::RecommendsImportant=false
-    rm -rf /var/lib/apt/lists/*
+    apt-get purge \
+        --option APT::AutoRemove::RecommendsImportant=false \
+        --auto-remove \
+        --yes \
+      ${BUILD_DEPENDENCIES} \
+    ;
+    rm -rf \
+      /usr/local/lib/php/test \
+      /usr/local/bin/phpdbg \
+      /usr/local/bin/docker-php-ext-* \
+      /usr/local/bin/docker-php-source \
+      /usr/local/bin/install-php-extensions \
+      /usr/local/bin/pear* \
+      /usr/local/bin/pecl \
+      /usr/local/bin/phpize \
+      /var/lib/apt/lists/* \
+      /var/cache/* \
+      /usr/src/* \
+      /tmp/*
     # endregion
+
+    # Add a non-root user to run the application
+    addgroup \
+        --gid "${uid}" \
+      "${user}"
+    adduser \
+        --home "/home/${user}" \
+        --disabled-password \
+        --disabled-login \
+        --uid "${uid}" \
+        --gid ${uid} \
+        --system \
+      "${user}"
 EOF
 
 # Copy custom PHP settings
 COPY --link php.ini "${PHP_INI_DIR}/conf.d/99-docker.ini"
 
 ENTRYPOINT ["docker-php-entrypoint"]
+
 VOLUME /var/run/php
+VOLUME /app
 EXPOSE 9000
 
 FROM base AS dev
 ENV COMPOSER_ALLOW_SUPERUSER="1"
+ENV PHP_OPCACHE_VALIDATE_TIMESTAMPS="1"
 
 # Enables PHPStorm to apply the correct path mapping on Xdebug breakpoints
 ENV PHP_IDE_CONFIG="serverName=Docker"
 
-RUN <<EOF
+RUN --mount=type=bind,from=upstream,source=/usr/local/bin,target=/usr/local/bin <<EOF
     set -eux
     ln -sf "${PHP_INI_DIR}/php.ini-development" "${PHP_INI_DIR}/php.ini"
 
-    # region Install Build Dependencies
-    savedAptMark="$(apt-mark showmanual)"
-    apt-get update
-    apt-get install --yes --no-install-recommends \
-      ${PHPIZE_DEPS} \
-      linux-headers-generic \
-    ;
-    # endregion
-
     # region Install XDebug
+    apt-get update
+    apt-get install \
+        --yes \
+        --no-install-recommends \
+      ${PHPIZE_DEPS}
     pecl install xdebug
     docker-php-ext-enable xdebug
-    # endregion
-
-    # region Remove Build Dependencies
-    apt-mark auto '.*' > /dev/null
-    [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark
-    find /usr/local -type f -executable -exec ldd '{}' ';' \
-        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
-        | sort -u \
-        | xargs -r dpkg-query --search \
-        | cut -d: -f1 \
-        | sort -u \
-        | xargs -r apt-mark manual
-    apt-get purge --yes --auto-remove -o APT::AutoRemove::RecommendsImportant=false
-    rm -rf /var/lib/apt/lists/*
+    apt-get purge \
+        --yes \
+        --auto-remove \
+      ${PHPIZE_DEPS}
+    rm -rf \
+      /var/lib/apt/lists/* \
+      /var/cache/* \
+      /tmp/*
     # endregion
 
     # region Configure XDebug
     # See https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host
     # See https://github.com/docker/for-linux/issues/264
     # The `client_host` below may optionally be replaced with `discover_client_host=yes`
     # Add `start_with_request=yes` to start debug session on each request
-    echo "xdebug.client_host = host.docker.internal" >> "${PHP_INI_DIR}/conf.d/docker-php-ext-xdebug.ini";
-    echo "xdebug.mode = off" >> "${PHP_INI_DIR}/conf.d/docker-php-ext-xdebug.ini";
+    echo "xdebug.client_host = host.docker.internal" >> "${PHP_INI_DIR}/conf.d/xdebug.ini";
+    echo "xdebug.mode = off" >> "${PHP_INI_DIR}/conf.d/xdebug.ini";
     # endregion
 EOF
 
 COPY --link --from=composer:latest /usr/bin/composer /usr/bin/composer
 
+ONBUILD ARG user="php"
+ONBUILD ARG uid="5000"
+ONBUILD USER "${uid}:${uid}"
+ONBUILD WORKDIR "/app"
+
 FROM base AS prod
-ENV PHP_OPCACHE_ENABLE="1"
 ENV PHP_OPCACHE_VALIDATE_TIMESTAMPS="0"
 ENV PHP_OPCACHE_MAX_ACCELERATED_FILES="10000"
 ENV PHP_OPCACHE_MEMORY_CONSUMPTION="192"
 ENV PHP_OPCACHE_MAX_WASTED_PERCENTAGE="10"
 
 RUN ln -sf "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini"
+
+ONBUILD ARG user="php"
+ONBUILD ARG uid="5000"
+ONBUILD USER "${uid}:${uid}"
+ONBUILD WORKDIR "/app"