Upgrade Docker image (#202)

* Use packaging work done in Self Service Password to rewrite Dockerfile

* Update packaging instructions

* Add instructions to run Docker image

* Docker Alpine image

Dockerfile.alpine

@@ -0,0 +1 @@
+packaging/docker/Dockerfile.alpine

README.md

@@ -10,3 +10,31 @@ See [list of features](https://service-desk.readthedocs.io/en/stable/presentatio
 ![Screenshot](https://raw.githubusercontent.com/ltb-project/service-desk/master/ltb_sd_screenshot.jpg)
 
 :exclamation: With great power comes great responsibility: this application allows to reset password of any user, you must protect it and allow access only to trusted users.
+
+## Documentation
+
+Documentation is available on https://service-desk.readthedocs.io/en/latest/
+
+## Docker
+
+We provide an [official Docker image](https://hub.docker.com/r/ltbproject/service-desk).
+
+Create a minimal configuration file:
+```
+vi sd.conf.php
+```
+```php
+<?php // My Service Desk configuration
+$ldap_url = "ldap://ldap.example.com";
+$ldap_binddn = "cn=admin,dc=example,dc=com";
+$ldap_bindpw = 'secret';
+$debug = true;
+?>
+```
+
+And run:
+```
+docker run -p 80:80 \
+    -v $PWD/sd.conf.php:/var/www/conf/config.inc.local.php \
+    -it docker.io/ltbproject/service-desk:latest
+```

packaging/README.md

@@ -103,8 +103,38 @@ rpm --addsign RPMS/noarch/service-desk*
 
 ## 4 - Docker
 
-From current directory, do:
+Pre-requisites:
+
+* docker / podman
+* if docker: a version with buildkit (included by default in Docker Engine
+  as of version 23.0, but can be enabled in previous versions with
+  DOCKER_BUILDKIT=1 in build command line)
+
+From "packaging" directory, do:
+
+```
+DOCKER_BUILDKIT=1 docker build -t service-desk -f ./docker/Dockerfile ../
+```
+
+You can also build with podman:
+
+```
+podman build --no-cache -t service-desk -f ./docker/Dockerfile ../
+```
+
+For Alpine linux image :
+
+```
+DOCKER_BUILDKIT=1 docker build -t service-desk-alpine -f ./docker/Dockerfile.alpine ../
+```
+
+Tag the defautl and alpine images with the major and minor version, for example:
 
 ```
-docker build -t service-desk -f ./docker/Dockerfile ../
+docker tag service-desk:latest ltbproject/service-desk:1.6.1
+docker tag service-desk:latest ltbproject/service-desk:1.6
+docker tag service-desk:latest ltbproject/service-desk:latest
+docker tag service-desk-alpine:latest ltbproject/service-desk:alpine-1.6.1
+docker tag service-desk-alpine:latest ltbproject/service-desk:alpine-1.6
+docker tag service-desk-alpine:latest ltbproject/service-desk:alpine-latest
 ```

packaging/docker/Dockerfile

@@ -1,43 +1,149 @@
-FROM php:8.1-apache
-# Install PHP extensions and PECL modules.
-ENV BUILDDEP=" \
-        libbz2-dev \
-        libsasl2-dev \
-        libonig-dev \
-        git \
-        zip \
+ARG VERSION=latest
+
+ARG SMARTY_VERSION=4.4.1
+ARG SMARTY_URL=https://github.com/smarty-php/smarty/archive/refs/tags/v${SMARTY_VERSION}.tar.gz
+
+ARG COMPOSER_VERSION=lts
+ARG COMPOSER_IMAGE=composer/composer:${COMPOSER_VERSION}-bin
+
+ARG BASE_IMAGE=php:8.3-apache
+
+FROM ${COMPOSER_IMAGE} AS composer
+FROM ${BASE_IMAGE} AS base
+
+ARG MIRROR=
+ARG DEBIAN_MIRROR=${MIRROR:+${MIRROR}/debian}
+
+RUN [ -z "${DEBIAN_MIRROR}" ] || \
+    sed -e "s#https\?://\(:\?\(:\?deb\)\|\(:\?security\)\)\.debian\.org/debian#${DEBIAN_MIRROR}#g" \
+        -i \
+        $([ -e "/etc/apt/sources.list.d/debian.sources" ] && \
+            echo -n /etc/apt/sources.list.d/debian.sources || \
+            echo -n /etc/apt/sources.list)
+
+ARG RUNTIME_DEPS=" \
+        locales \
+        locales-all \
     "
-RUN buildDeps="${BUILDDEP}" \
-    runtimeDeps=" \
+RUN --mount=type=cache,target=/var/lib/apt/lists \
+    set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends ${RUNTIME_DEPS}; \
+    :;
+
+ARG LC_CTYPE=en_US.UTF-8
+ENV LC_CTYPE=${LC_CTYPE}
+
+ARG ADD_LOCALE_GEN="en_US.UTF-8 UTF-8"
+RUN [ -z "$ADD_LOCALE_GEN" ] || \
+    grep -x "$ADD_LOCALE_GEN" /etc/locale.gen || \
+        { echo "$ADD_LOCALE_GEN" >> /etc/locale.gen && /usr/sbin/locale-gen; }
+
+ARG BUILD_DEPS=" \
+        libbz2-dev \
         libicu-dev \
-        libldap-common \
+        libfreetype6-dev \
+        libpng-dev \
+        libjpeg62-turbo-dev \
+        libwebp-dev \
         libldap2-dev \
-        libzip-dev \
-	locales \
-	locales-all \
-    " \
-    && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y $buildDeps $runtimeDeps \
-    && docker-php-ext-install bcmath bz2 iconv intl opcache \
-    && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
-    && docker-php-ext-install ldap \
-    && echo en_US.UTF-8 UTF-8 >/etc/locale.gen \
-    && /usr/sbin/locale-gen \
-    && a2enmod rewrite
-RUN mkdir -p /usr/share/php/smarty4/ && \
-    curl -Lqs https://github.com/smarty-php/smarty/archive/v4.2.0.tar.gz | \
-    tar xzf - -C /usr/share/php/smarty4/ --strip-components=2
-RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-COPY . /var/www
-RUN rmdir /var/www/html && \
-    mv /var/www/htdocs /var/www/html && \
-    mkdir -p /var/www/templates_c && \
-    chown -R www-data: /var/www/templates_c && \
-    sed -i 's/smarty3/smarty4/' /var/www/conf/config.inc.php
-COPY --from=composer/composer:latest-bin /composer /usr/bin/composer
-RUN cd /var/www && /usr/bin/composer install
-RUN buildDeps="${BUILDDEP}" \
-    && apt-get purge -y --auto-remove $buildDeps \
-    && rm -r /var/lib/apt/lists/*
-ENV LC_CTYPE=en_US.UTF-8
+    "
+RUN --mount=type=cache,target=/var/lib/apt/lists \
+    set -ex; \
+    \
+    savedAptMark="$(apt-mark showmanual)"; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends ${BUILD_DEPS}; \
+    \
+    docker-php-source extract; \
+    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
+    docker-php-ext-configure ldap --with-libdir=lib/$(uname -m)-linux-gnu/; \
+    docker-php-ext-install -j "$(nproc)" \
+        bcmath \
+        bz2 \
+        intl \
+        opcache \
+        ldap \
+        gd \
+        ; \
+    docker-php-source delete; \
+    a2enmod rewrite; \
+    \
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+    apt-mark auto '.*' > /dev/null; \
+    apt-mark manual $savedAptMark; \
+    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
+        | sort -u \
+        | xargs -r dpkg-query --search \
+        | cut -d: -f1 \
+        | sort -u \
+        | xargs -rt apt-mark manual; \
+    \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+    apt-get purge -y linux-libc-dev gcc-12 cpp-12; \
+    ln -s "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"; \
+    :;
+
+FROM base AS build
+
+WORKDIR /build
+
+ARG SMARTY_VERSION
+ARG SMARTY_URL
+ARG COMPOSER_IMAGE
+
+COPY --from=composer /composer /usr/bin/composer
+
+ADD $SMARTY_URL ./
+RUN set -ex; \
+    \
+    SMARTY_DIR=/usr/share/php/smarty${SMARTY_VERSION%%.*}; \
+    install --owner www-data --group www-data --directory -D "/rootfs${SMARTY_DIR}"; \
+    tar xzf *.tar.gz -C "/rootfs${SMARTY_DIR}" --strip-components=2 --verbose --owner www-data --group www-data;
+
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends git unzip;
+
+ARG INSTALL_PATHS=
+ARG EXCLUDE_PATHS=
+
+WORKDIR /build/ssp
+RUN --mount=type=cache,target=/root/.composer \
+    --mount=type=bind,target=/build/ssp,rw \
+    packaging/docker/install; \
+    find /etc/apache2/sites-available/ -type f -name \*.conf -exec install -p -m 644 -D {} /rootfs{} \; ; \
+    sed -e "s#/var/www/html#/var/www/htdocs#g" -i /rootfs/etc/apache2/sites-available/*; \
+    :;
+
+FROM base
+
+ARG VERSION
+ARG BASE_IMAGE
+
+LABEL org.opencontainers.image.authors='LTB-project.org, ltb-dev@ow2.org' \
+      org.opencontainers.image.base.name="${BASE_IMAGE}" \
+      org.opencontainers.image.description='Service Desk is a web application to edit LDAP account passwords and status for administrators and support teams' \
+      org.opencontainers.image.url='https://ltb-project.org/documentation/service-desk.html' \
+      org.opencontainers.image.ref.name='service-desk' \
+      org.opencontainers.image.documentation='https://service-desk.readthedocs.io/' \
+      org.opencontainers.image.title='service-desk docker image' \
+      org.opencontainers.image.source='https://github.com/ltb-project/service-desk/' \
+      org.opencontainers.image.vendor='LTB-project.org' \
+      org.opencontainers.image.version="${VERSION}" \
+      org.opencontainers.image.licenses='GPL-2+'
+
+COPY --from=build /rootfs /
+
+WORKDIR /var/www/htdocs
+
+VOLUME [ "/var/www/templates_c", "/var/www/conf", "/var/www/cache" ]
+
 EXPOSE 80
 
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD [ "apache2-foreground" ]