Last active
September 8, 2023 13:20
-
-
Save mxr576/5f87063eb2e1e2b125257878018f048d to your computer and use it in GitHub Desktop.
DDQG Composer Audit Docker image with Composer Audit Changes plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # DO NOT forget flagging this as executable after download. | |
| # | |
| # Source: https://github.com/composer/docker/blob/cc32c94811040536eb15e46c251a5ee36d5da1ea/2.5/docker-entrypoint.sh | |
| isCommand() { | |
| # Retain backwards compatibility with common CI providers, | |
| # see: https://github.com/composer/docker/issues/107 | |
| if [ "$1" = "sh" ]; then | |
| return 1 | |
| fi | |
| composer help --no-interaction "$1" > /dev/null 2>&1 | |
| } | |
| # check if the first argument passed in looks like a flag | |
| if [ "${1#-}" != "$1" ]; then | |
| set -- /sbin/tini -- composer "$@" | |
| # check if the first argument passed in is composer | |
| elif [ "$1" = 'composer' ]; then | |
| set -- /sbin/tini -- "$@" | |
| # check if the first argument passed in matches a known command | |
| elif isCommand "$1"; then | |
| set -- /sbin/tini -- composer "$@" | |
| fi | |
| exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################ | |
| # DDQG Composer Audit Docker image with Composer Audit Changes plugin. | |
| # | |
| # Usage: | |
| # - docker buildx build --tag mxr576/ddqg_composer_audit:latest . | |
| # - docker run --rm -ti -v [PATH_TO_COMPOSER_PROJECT_ROOT]:/app -v ${COMPOSER_HOME:-$HOME/.composer}/cache:/tmp/composer/cache mxr576/ddqg_composer_audit:latest audit -d /app 2>/dev/null # Ignore STDERR that constains the #StandWithUkraine message and leads to malformed JSON output | |
| # | |
| # See further ideas at https://hub.docker.com/r/composer/composer | |
| # | |
| # Simplified and customized version of https://github.com/composer/docker/blob/cc32c94811040536eb15e46c251a5ee36d5da1ea/2.5/Dockerfile | |
| ################################################################################ | |
| FROM php:8.2-cli-alpine | |
| ARG COMPOSER_AUDIT_CHANGES_VERSION="^1.0@dev" | |
| ARG DDQG_COMPOSER_AUDIT_VERSION="^1.0@dev" | |
| ENV COMPOSER_ALLOW_SUPERUSER 1 | |
| ENV COMPOSER_HOME /tmp | |
| RUN set -eux ; \ | |
| apk add --no-cache --virtual .composer-rundeps \ | |
| bash \ | |
| coreutils \ | |
| git \ | |
| make \ | |
| openssh-client \ | |
| patch \ | |
| tini \ | |
| unzip \ | |
| zip \ | |
| $([ "$(apk --print-arch)" != "armhf" ] && echo p7zip) | |
| RUN printf "# \n\ | |
| date.timezone=Europe/Budapest\n\ | |
| memory_limit=-1\n\ | |
| " > $PHP_INI_DIR/php-cli.ini | |
| RUN set -eux ; \ | |
| # Install https://github.com/mlocati/docker-php-extension-installer. | |
| curl \ | |
| --silent \ | |
| --fail \ | |
| --location \ | |
| --retry 3 \ | |
| --output /usr/local/bin/install-php-extensions \ | |
| --url https://github.com/mlocati/docker-php-extension-installer/releases/download/2.1.26/install-php-extensions \ | |
| ; \ | |
| echo 0f2aaaf0372c71ec7d7b009efa69d43142058f6433b5fb868a05ea8cc487c34ce4bb93aff52a3c26a1eb32d93e2d5d8f8eb1ef44cc6fe07a5410bcf8e55a9a4e /usr/local/bin/install-php-extensions | sha512sum --strict --check ; \ | |
| chmod +x /usr/local/bin/install-php-extensions ; \ | |
| # Install necessary/useful extensions not included in base image. | |
| install-php-extensions \ | |
| bz2 \ | |
| zip \ | |
| ; \ | |
| # Install public keys for snapshot and tag validation, see https://composer.github.io/pubkeys.html, to make "composer diagnose" happy. \ | |
| curl \ | |
| --silent \ | |
| --fail \ | |
| --location \ | |
| --retry 3 \ | |
| --output /tmp/keys.dev.pub \ | |
| --url https://raw.githubusercontent.com/composer/composer.github.io/e7f28b7200249f8e5bc912b42837d4598c74153a/snapshots.pub \ | |
| ; \ | |
| echo 572b963c4b7512a7de3c71a788772440b1996d918b1d2b5354bf8ba2bb057fadec6f7ac4852f2f8a8c01ab94c18141ce0422aec3619354b057216e0597db5ac2 /tmp/keys.dev.pub | sha512sum --strict --check ; \ | |
| curl \ | |
| --silent \ | |
| --fail \ | |
| --location \ | |
| --retry 3 \ | |
| --output /tmp/keys.tags.pub \ | |
| --url https://raw.githubusercontent.com/composer/composer.github.io/e7f28b7200249f8e5bc912b42837d4598c74153a/releases.pub \ | |
| ; \ | |
| echo 47f374b8840dcb0aa7b2327f13d24ab5f6ae9e58aa630af0d62b3d0ea114f4a315c5d97b21dcad3c7ffe2f0a95db2edec267adaba3f4f5a262abebe39aed3a28 /tmp/keys.tags.pub | sha512sum --strict --check | |
| COPY docker-entrypoint.sh /docker-entrypoint.sh | |
| COPY --link --from=composer/composer:2-bin composer /usr/bin/composer | |
| RUN set -eux ; \ | |
| composer diagnose ; \ | |
| composer global config --no-plugins allow-plugins false; \ | |
| composer global req mxr576/ddqg-composer-audit:${DDQG_COMPOSER_AUDIT_VERSION} -n ; \ | |
| composer global req mxr576/composer-audit-changes:${COMPOSER_AUDIT_CHANGES_VERSION} -n ; \ | |
| composer global config --no-plugins allow-plugins.mxr576/ddqg-composer-audit true; \ | |
| composer global config --no-plugins allow-plugins.mxr576/composer-audit-changes true; \ | |
| composer clear-cache | |
| VOLUME /app | |
| WORKDIR /app | |
| # Required by "composer audit-changes". | |
| RUN git config --global --add safe.directory /app | |
| ENTRYPOINT ["/docker-entrypoint.sh"] | |
| CMD ["composer"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment