add arm image

Add multi-arch Docker builds

.github/workflows/build-php7-arm.yml

@@ -0,0 +1,43 @@
+name: Build PHP 7 ARM Image
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔍 Checkout code
+        uses: actions/checkout@v2
+
+      - name: 🏗️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: 🔑 Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: 🎃 Set up outputs
+        id: vars
+        run: |
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: ⚓ Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile.php7.arm
+          pull: true
+          push: true
+          # build-args: |
+          #   arg1=value1
+          #   arg2=value2
+          cache-from: type=registry,ref=mashirozx/php-nginx:php7-arm
+          cache-to: type=inline
+          tags: |
+            mashirozx/php-nginx:php7-arm
+            mashirozx/php-nginx:php7arm-${{steps.vars.outputs.sha_short}}

.github/workflows/build-php7.yml

@@ -0,0 +1,43 @@
+name: Build PHP 7 Image
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔍 Checkout code
+        uses: actions/checkout@v2
+
+      - name: 🏗️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: 🔑 Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: 🎃 Set up outputs
+        id: vars
+        run: |
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: ⚓ Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile.php7
+          pull: true
+          push: true
+          # build-args: |
+          #   arg1=value1
+          #   arg2=value2
+          cache-from: type=registry,ref=mashirozx/php-nginx:php7
+          cache-to: type=inline
+          tags: |
+            mashirozx/php-nginx:php7
+            mashirozx/php-nginx:php7-${{steps.vars.outputs.sha_short}}

.github/workflows/build-php8-arm.yml

@@ -0,0 +1,43 @@
+name: Build PHP 8 ARM Image
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔍 Checkout code
+        uses: actions/checkout@v2
+
+      - name: 🏗️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: 🔑 Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: 🎃 Set up outputs
+        id: vars
+        run: |
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: ⚓ Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile.arm
+          pull: true
+          push: true
+          # build-args: |
+          #   arg1=value1
+          #   arg2=value2
+          cache-from: type=registry,ref=mashirozx/php-nginx:php8-arm
+          cache-to: type=inline
+          tags: |
+            mashirozx/php-nginx:php8-arm
+            mashirozx/php-nginx:php8-arm-${{steps.vars.outputs.sha_short}}

.github/workflows/build-php8.yml

@@ -0,0 +1,43 @@
+name: Build PHP 8 Image
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔍 Checkout code
+        uses: actions/checkout@v2
+
+      - name: 🏗️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: 🔑 Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: 🎃 Set up outputs
+        id: vars
+        run: |
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: ⚓ Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          pull: true
+          push: true
+          # build-args: |
+          #   arg1=value1
+          #   arg2=value2
+          cache-from: type=registry,ref=mashirozx/php-nginx:php8
+          cache-to: type=inline
+          tags: |
+            mashirozx/php-nginx:php8
+            mashirozx/php-nginx:php8-${{steps.vars.outputs.sha_short}}

.github/workflows/build.yaml

@@ -0,0 +1,79 @@
+name: Test & build Docker image
+
+on:
+  push:
+    branches: [ master-no ]
+    tags: ['*']
+  pull_request:
+
+env:
+  IMAGE_NAME: trafex/php-nginx
+  IMAGE_TAG: ${{ github.sha }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build image
+        run: |-
+          docker build -t $IMAGE_NAME:$IMAGE_TAG .
+
+      - name: Smoke test image
+        run: |-
+          docker-compose -f docker-compose.test.yml up -d app
+          sleep 2
+          docker-compose -f docker-compose.test.yml run sut
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build multi-arch image and push latest tag
+        if: github.ref == 'refs/heads/master' && github.event_name == 'push'
+        run: |-
+          docker buildx build \
+            --cache-from=$IMAGE_NAME:latest \
+            --push \
+            -t $IMAGE_NAME:latest \
+            --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
+            .
+
+      - name: Set tag in environment
+        if: contains(github.ref, 'refs/tags/')
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Build multi-arch image and push release tag
+        if: contains(github.ref, 'refs/tags/')
+        run: |-
+          docker buildx build \
+            --cache-from=$IMAGE_NAME:latest \
+            --push \
+            -t $IMAGE_NAME:$RELEASE_VERSION \
+            --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
+            .

.github/workflows/dockerhub-description.yaml

@@ -0,0 +1,21 @@
+name: Update Docker Hub Description
+on:
+  push:
+    branches:
+      - master-no
+    paths:
+      - README.md
+      - .github/workflows/dockerhub-description.yml
+jobs:
+  dockerHubDescription:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: trafex/php-nginx
+          short-description: ${{ github.event.repository.description }}

CONTRIBUTING.md

@@ -0,0 +1,19 @@
+# Contributing to this project
+I love your input! I want to make contributing to this project as easy and transparent as possible.
+
+## Report bugs using Github's [issues](https://github.com/TrafeX/docker-php-nginx/issues)
+GitHub issues is used to track public bugs.
+Report a bug by [opening a new issue](https://github.com/TrafeX/docker-php-nginx/issues/new); it's that easy!
+
+### What to include in an issue?
+- A quick summary and/or background
+- Steps to reproduce
+    - Include what version of the image you are using
+    - Add the `Dockerfile` if you made any changes
+    - Include the command you used to run the container
+- What you expected would happen
+- What actually happens
+- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
+
+## License
+By contributing, you agree that your contributions will be licensed under its [MIT License](./LICENSE).

Dockerfile

@@ -1,20 +1,39 @@
-FROM alpine:3.11
-LABEL Maintainer="Tim de Pater <code@trafex.nl>" \
-      Description="Lightweight container with Nginx 1.16 & PHP-FPM 7.3 based on Alpine Linux."
+FROM alpine:3.14
+LABEL Maintainer="Tim de Pater <code@trafex.nl>"
+LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
 
-# Install packages
-RUN apk --no-cache add php7 php7-fpm php7-mysqli php7-json php7-openssl php7-curl \
-    php7-zlib php7-xml php7-phar php7-intl php7-dom php7-xmlreader php7-ctype php7-session \
-    php7-mbstring php7-gd nginx supervisor curl
+# Install packages and remove default server definition
+RUN apk --no-cache add \
+  curl \
+  nginx \
+  php8 \
+  php8-ctype \
+  php8-curl \
+  php8-dom \
+  php8-fpm \
+  php8-gd \
+  php8-intl \
+  php8-json \
+  php8-mbstring \
+  php8-mysqli \
+  php8-opcache \
+  php8-openssl \
+  php8-phar \
+  php8-session \
+  php8-xml \
+  php8-xmlreader \
+  php8-zlib \
+  supervisor
+
+# Create symlink so programs depending on `php` still function
+RUN ln -s /usr/bin/php8 /usr/bin/php
 
 # Configure nginx
 COPY config/nginx.conf /etc/nginx/nginx.conf
-# Remove default server definition
-RUN rm /etc/nginx/conf.d/default.conf
 
 # Configure PHP-FPM
-COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
-COPY config/php.ini /etc/php7/conf.d/custom.ini
+COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
+COPY config/php.ini /etc/php8/conf.d/custom.ini
 
 # Configure supervisord
 COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

Dockerfile.arm

@@ -0,0 +1,64 @@
+FROM arm64v8/alpine:3.14
+LABEL Maintainer="Tim de Pater <code@trafex.nl>"
+LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
+
+# Install packages and remove default server definition
+RUN apk --no-cache add \
+  curl \
+  nginx \
+  php8 \
+  php8-ctype \
+  php8-curl \
+  php8-dom \
+  php8-fpm \
+  php8-gd \
+  php8-intl \
+  php8-json \
+  php8-mbstring \
+  php8-mysqli \
+  php8-opcache \
+  php8-openssl \
+  php8-phar \
+  php8-session \
+  php8-xml \
+  php8-xmlreader \
+  php8-zlib \
+  supervisor
+
+# Create symlink so programs depending on `php` still function
+RUN ln -s /usr/bin/php8 /usr/bin/php
+
+# Configure nginx
+COPY config/nginx.conf /etc/nginx/nginx.conf
+
+# Configure PHP-FPM
+COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
+COPY config/php.ini /etc/php8/conf.d/custom.ini
+
+# Configure supervisord
+COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Setup document root
+RUN mkdir -p /var/www/html
+
+# Make sure files/folders needed by the processes are accessable when they run under the nobody user
+RUN chown -R nobody.nobody /var/www/html && \
+  chown -R nobody.nobody /run && \
+  chown -R nobody.nobody /var/lib/nginx && \
+  chown -R nobody.nobody /var/log/nginx
+
+# Switch to use a non-root user from here on
+USER nobody
+
+# Add application
+WORKDIR /var/www/html
+COPY --chown=nobody src/ /var/www/html/
+
+# Expose the port nginx is reachable on
+EXPOSE 8080
+
+# Let supervisord start nginx & php-fpm
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+
+# Configure a healthcheck to validate that everything is up&running
+HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

Dockerfile.php7

@@ -0,0 +1,64 @@
+FROM alpine:3.14
+LABEL Maintainer="Tim de Pater <code@trafex.nl>"
+LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
+
+# Install packages and remove default server definition
+RUN apk --no-cache add \
+  curl \
+  nginx \
+  php7 \
+  php7-ctype \
+  php7-curl \
+  php7-dom \
+  php7-fpm \
+  php7-gd \
+  php7-intl \
+  php7-json \
+  php7-mbstring \
+  php7-mysqli \
+  php7-opcache \
+  php7-openssl \
+  php7-phar \
+  php7-session \
+  php7-xml \
+  php7-xmlreader \
+  php7-zlib \
+  supervisor
+
+# Create symlink so programs depending on `php` still function
+# RUN ln -s /usr/bin/php7 /usr/bin/php
+
+# Configure nginx
+COPY config/nginx.conf /etc/nginx/nginx.conf
+
+# Configure PHP-FPM
+COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
+COPY config/php.ini /etc/php7/conf.d/custom.ini
+
+# Configure supervisord
+COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Setup document root
+RUN mkdir -p /var/www/html
+
+# Make sure files/folders needed by the processes are accessable when they run under the nobody user
+RUN chown -R nobody.nobody /var/www/html && \
+  chown -R nobody.nobody /run && \
+  chown -R nobody.nobody /var/lib/nginx && \
+  chown -R nobody.nobody /var/log/nginx
+
+# Switch to use a non-root user from here on
+USER nobody
+
+# Add application
+WORKDIR /var/www/html
+COPY --chown=nobody src/ /var/www/html/
+
+# Expose the port nginx is reachable on
+EXPOSE 8080
+
+# Let supervisord start nginx & php-fpm
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+
+# Configure a healthcheck to validate that everything is up&running
+HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

Dockerfile.php7.arm

@@ -0,0 +1,64 @@
+FROM arm64v8/alpine:3.14
+LABEL Maintainer="Tim de Pater <code@trafex.nl>"
+LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
+
+# Install packages and remove default server definition
+RUN apk --no-cache add \
+  curl \
+  nginx \
+  php7 \
+  php7-ctype \
+  php7-curl \
+  php7-dom \
+  php7-fpm \
+  php7-gd \
+  php7-intl \
+  php7-json \
+  php7-mbstring \
+  php7-mysqli \
+  php7-opcache \
+  php7-openssl \
+  php7-phar \
+  php7-session \
+  php7-xml \
+  php7-xmlreader \
+  php7-zlib \
+  supervisor
+
+# Create symlink so programs depending on `php` still function
+# RUN ln -s /usr/bin/php7 /usr/bin/php
+
+# Configure nginx
+COPY config/nginx.conf /etc/nginx/nginx.conf
+
+# Configure PHP-FPM
+COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
+COPY config/php.ini /etc/php7/conf.d/custom.ini
+
+# Configure supervisord
+COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Setup document root
+RUN mkdir -p /var/www/html
+
+# Make sure files/folders needed by the processes are accessable when they run under the nobody user
+RUN chown -R nobody.nobody /var/www/html && \
+  chown -R nobody.nobody /run && \
+  chown -R nobody.nobody /var/lib/nginx && \
+  chown -R nobody.nobody /var/log/nginx
+
+# Switch to use a non-root user from here on
+USER nobody
+
+# Add application
+WORKDIR /var/www/html
+COPY --chown=nobody src/ /var/www/html/
+
+# Expose the port nginx is reachable on
+EXPOSE 8080
+
+# Let supervisord start nginx & php-fpm
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+
+# Configure a healthcheck to validate that everything is up&running
+HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

README.md

@@ -1,45 +1,45 @@
-# Docker PHP-FPM 7.3 & Nginx 1.16 on Alpine Linux
-Example PHP-FPM 7.3 & Nginx 1.16 setup for Docker, build on [Alpine Linux](http://www.alpinelinux.org/).
-The image is only +/- 35MB large.
+# Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux
+Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
 
 Repository: https://github.com/TrafeX/docker-php-nginx
 
 
 * Built on the lightweight and secure Alpine Linux distribution
-* Very small Docker image size (+/-35MB)
-* Uses PHP 7.3 for better performance, lower cpu usage & memory footprint
+* Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64
+* Very small Docker image size (+/-40MB)
+* Uses PHP 8.0 for better performance, lower CPU usage & memory footprint
 * Optimized for 100 concurrent users
-* Optimized to only use resources when there's traffic (by using PHP-FPM's ondemand PM)
-* The servers Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
+* Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager)
+* The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
 * The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f <container name>`)
 * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs
 
-
-[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/alpine-nginx-php7.svg)](https://hub.docker.com/r/trafex/alpine-nginx-php7/)
-[![Docker image layers](https://images.microbadger.com/badges/image/trafex/alpine-nginx-php7.svg)](https://microbadger.com/images/trafex/alpine-nginx-php7)
-![nginx 1.16.1](https://img.shields.io/badge/nginx-1.16-brightgreen.svg)
-![php 7.3](https://img.shields.io/badge/php-7.3-brightgreen.svg)
+[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/)
+![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg)
+![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg)
 ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
 
-### Breaking changes (26/01/2019)
-
-Please note that the new builds since 26/01/2019 are exposing a different port to access Nginx.
-To be able to run Nginx as a non-privileged user, the port it's running on needed
-to change to a non-privileged port (above 1024).
-
-The last build of the old version that exposed port 80 was `trafex/alpine-nginx-php7:ba1dd422`
+## Goal of this project
+The goal of this container image is to provide an example for running Nginx and PHP-FPM in a container which follows
+the best practices and is easy to understand and modify to your needs.
 
 ## Usage
 
 Start the Docker container:
 
-    docker run -p 80:8080 trafex/alpine-nginx-php7
+    docker run -p 80:8080 trafex/php-nginx
 
 See the PHP info on http://localhost, or the static html page on http://localhost/test.html
 
 Or mount your own code to be served by PHP-FPM & Nginx
 
-    docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/alpine-nginx-php7
+    docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx
+
+### Docker Hub repository name change
+Since we switched to PHP8 the repository name [trafex/alpine-nginx-php7](https://hub.docker.com/r/trafex/alpine-nginx-php7) didn't make sense anymore.
+Because you can't change the name of the repository on Docker Hub I created a new one.
+
+From now on this image can be pulled from Docker Hub under the name [trafex/php-nginx](https://hub.docker.com/r/trafex/php-nginx).
 
 ## Configuration
 In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.
@@ -47,25 +47,25 @@ If you want to extend or customize that you can do so by mounting a configuratio
 
 Nginx configuration:
 
-    docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/alpine-nginx-php7
+    docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/php-nginx
 
 PHP configuration:
 
-    docker run -v "`pwd`/php-setting.ini:/etc/php7/conf.d/settings.ini" trafex/alpine-nginx-php7
+    docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx
 
 PHP-FPM configuration:
 
-    docker run -v "`pwd`/php-fpm-settings.conf:/etc/php7/php-fpm.d/server.conf" trafex/alpine-nginx-php7
+    docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx
 
-_Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_ 
+_Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_
 
 
 ## Adding composer
 
-If you need composer in your project, here's an easy way to add it;
+If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it.
 
-```dockerfile
-FROM trafex/alpine-nginx-php7:latest
+```Dockerfile
+FROM trafex/php-nginx:latest
 
 # Install composer from the official image
 COPY --from=composer /usr/bin/composer /usr/bin/composer
@@ -73,3 +73,26 @@ COPY --from=composer /usr/bin/composer /usr/bin/composer
 # Run composer install to install the dependencies
 RUN composer install --optimize-autoloader --no-interaction --no-progress
 ```
+
+### Building with composer
+
+If you are building an image with source code in it and dependencies managed by composer then the definition can be improved.
+The dependencies should be retrieved by the composer but the composer itself (`/usr/bin/composer`) is not necessary to be included in the image.
+
+```Dockerfile
+FROM composer AS composer
+
+# copying the source directory and install the dependencies with composer
+COPY <your_directory>/ /app
+
+# run composer install to install the dependencies
+RUN composer install \
+  --optimize-autoloader \
+  --no-interaction \
+  --no-progress
+
+# continue stage build with the desired image and copy the source including the
+# dependencies downloaded by composer
+FROM trafex/php-nginx
+COPY --chown=nginx --from=composer /app /var/www/html
+```

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+Only the latest version will be supported and receive security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x.x   | :white_check_mark: |
+| 1.x.x   | :x:                |
+
+## Reporting a Vulnerability
+Found a potential vulnerability? Report it by e-mail on security@trafex.nl.
+

config/nginx.conf

@@ -1,4 +1,4 @@
-worker_processes 1;
+worker_processes auto;
 error_log stderr warn;
 pid /run/nginx.pid;
 
@@ -82,7 +82,13 @@ http {
             fastcgi_pass 127.0.0.1:9000;
         }
     }
-
+    
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
+    gzip_vary on;
+    gzip_disable "msie6";
+    
     # Include other server configs
     include /etc/nginx/conf.d/*.conf;
 }

config/supervisord.conf

@@ -5,7 +5,7 @@ logfile_maxbytes=0
 pidfile=/run/supervisord.pid
 
 [program:php-fpm]
-command=php-fpm7 -F
+command=php-fpm8 -F
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr

config/supervisord.php7.conf

@@ -0,0 +1,23 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/run/supervisord.pid
+
+[program:php-fpm]
+command=php-fpm7 -F
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=false
+startretries=0
+
+[program:nginx]
+command=nginx -g 'daemon off;'
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=false
+startretries=0

docker-compose.test.yml

@@ -1,9 +1,10 @@
 version: '3.5'
 services:
   app:
+    image: ${IMAGE_NAME}:${IMAGE_TAG}
     build: .
   sut:
-    image: alpine:3.10
+    image: alpine:3.13
     depends_on:
       - app
     command: /tmp/run_tests.sh

run_tests.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env sh
 apk --no-cache add curl
-curl --silent --fail http://app:8080 | grep 'PHP 7.3'
+curl --silent --fail http://app:8080 | grep 'PHP 8.0'