From 9f8beb45b85152e7a4a94eb08cbfd4bd208d73f1 Mon Sep 17 00:00:00 2001
From: jknapp <jknapp85@gmail.com>
Date: Wed, 16 Jul 2025 07:55:03 -0700
Subject: [PATCH] Switching builds to include PHP version to limit memory
 requirements on deploy. improve build size and speed for images.

---
 .dockerignore                    | 39 +++++++++++++++++++++++++++++
 .gitea/workflows/build-push.yaml | 16 ++++++++----
 Dockerfile                       | 43 +++++++++++++++++++++-----------
 README.md                        | 14 ++++++++++-
 scripts/entrypoint.sh            |  7 +++++-
 scripts/install-php74.sh         |  4 +--
 scripts/install-php80.sh         |  4 +--
 scripts/install-php81.sh         |  4 +--
 scripts/install-php82.sh         |  4 +--
 scripts/install-php83.sh         |  4 +--
 scripts/install-php84.sh         |  4 +--
 11 files changed, 109 insertions(+), 34 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..5cb68a9
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,39 @@
+# Ignore version control
+.git
+.gitignore
+
+# Ignore CI/CD and workflow files
+.gitea/
+.github/
+.gitlab/
+
+# Ignore local development files
+*.swp
+*.swo
+*.bak
+*.tmp
+*.log
+
+# Ignore OS and editor files
+.DS_Store
+Thumbs.db
+.vscode/
+.idea/
+
+# Ignore test and documentation files
+tests/
+docs/
+README*
+
+# Ignore node and Python artifacts (if present)
+node_modules/
+__pycache__/
+
+# Ignore build output
+dist/
+build/
+
+# Ignore secrets and configs
+*.env
+.env.*
+secrets/ 
\ No newline at end of file
diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml
index 48ec958..e33fce3 100644
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -8,6 +8,9 @@ on:
 jobs:
   Build-and-Push:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        phpver: [74, 80, 81, 82, 83, 84]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -16,19 +19,22 @@ jobs:
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: https://github.com/docker/setup-buildx-action@v3
-      
+        uses: docker/setup-buildx-action@v3
+
       - name: Login to Gitea
         uses: docker/login-action@v3
         with:
           registry: repo.anhonesthost.net
           username: ${{ secrets.CI_USER }}
           password: ${{ secrets.CI_TOKEN }}
-      
-      - name: Build Image
+
+      - name: Build and Push Image
         uses: docker/build-push-action@v6
         with:
           platforms: linux/amd64
           push: true
+          build-args: |
+            PHPVER=${{ matrix.phpver }}
           tags: |
-            repo.anhonesthost.net/cloud-hosting-platform/cac:latest
+            repo.anhonesthost.net/cloud-hosting-platform/cac:php${{ matrix.phpver }}
+            ${{ matrix.phpver == '84' && 'repo.anhonesthost.net/cloud-hosting-platform/cac:latest' || '' }}
diff --git a/Dockerfile b/Dockerfile
index 60744a0..a9ec2f7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,26 +1,39 @@
 FROM almalinux/9-base
 ARG PHPVER=83
-RUN dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
-RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm
-RUN dnf update -y && dnf upgrade -y
-RUN dnf install -y httpd mod_ssl wget procps cronie iproute microdnf
-RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt
-RUN mkdir /run/php-fpm/
-RUN mkdir /scripts
-COPY ./scripts/* /scripts/
-RUN chmod +x /scripts/*
-#RUN /scripts/install-php$PHPVER.sh
-RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
-RUN chmod +x wp-cli.phar
-RUN mv wp-cli.phar /usr/local/bin/wp
+
+# Install repos, update, install only needed packages, clean up in one layer
+RUN dnf install -y \
+      https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
+      https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \
+    dnf update -y && \
+    dnf install -y httpd mod_ssl wget procps cronie iproute && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/*
+
+# Generate self-signed cert, create needed dirs, copy scripts, set permissions, install PHP, clean up
+RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt && \
+    mkdir -p /run/php-fpm/ /scripts && \
+    cp -r /scripts/* /scripts/ && \
+    chmod +x /scripts/* && \
+    /scripts/install-php$PHPVER.sh && \
+    rm -rf /tmp/*
+
+# Download and install wp-cli (consider pinning version for reproducibility)
+RUN curl -L -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
+    chmod +x /usr/local/bin/wp
+
+# Copy configs and web files
 COPY ./configs/default-index.conf /etc/httpd/conf.d/
 COPY ./configs/prod-php.ini /etc/php.ini
 COPY ./configs/phpinfo.php /var/www/html/
 COPY ./configs/mariadb.repo /etc/yum.repos.d/
 COPY ./configs/index.php /var/www/html/
 COPY ./configs/remote_ip.conf /etc/httpd/conf.d/
-RUN    echo "15 */12 * * * root /scripts/log-rotate.sh"  >>  /etc/crontab
-RUN yum clean all
+
+# Set up cron job in a single layer
+RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab
+
 HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
   CMD curl -f http://localhost/ || exit 1
+
 ENTRYPOINT [ "/scripts/entrypoint.sh" ]
diff --git a/README.md b/README.md
index 2dc1ca4..531432b 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,14 @@ This is a base container for running PHP-based applications, supporting multiple
 
 ---
 
+## What's New?
+
+- **Optimized Image:** The Dockerfile has been refactored for smaller size, faster builds, and improved security. Unnecessary files and caches are removed during build.
+- **Pre-built Images for Each PHP Version:** On every push, images for all supported PHP versions are built and pushed to the registry. You can pull the exact version you need (e.g., `cac:php74`, `cac:php84`, or `cac:latest`).
+- **.dockerignore Added:** The build context is now minimized, making builds faster and more secure.
+
+---
+
 ## Quick Start: Local Development with `local-dev.sh`
 
 The easiest way to start a local development environment is with the provided `local-dev.sh` script. This script automates container setup, volume creation, log directories, and WordPress installation.
@@ -79,6 +87,8 @@ Then visit https://localhost (accept the SSL warning) to complete setup.
 ## Features
 
 - **Multiple PHP Versions:** 7.4, 8.0, 8.1, 8.2, 8.3, 8.4 (set with `PHPVER` or `-a` flag)
+- **Pre-built Images:** Pull the image for your desired PHP version directly from the registry. No need to build locally unless customizing.
+- **Optimized Build:** Smaller, faster, and more secure images thanks to the improved Dockerfile and `.dockerignore`.
 - **Automatic Database Setup:** MariaDB is started in DEV mode, credentials are auto-generated and stored in `/home/$user/mysql_creds`.
 - **Database Backups:** Cron job backs up the database every 15 minutes to `/home/$user/_db_backups`.
 - **Log Management:** Log rotation compresses logs older than 3 days and deletes those older than 7 days.
@@ -119,4 +129,6 @@ Then visit https://localhost (accept the SSL warning) to complete setup.
 ## Troubleshooting
 - The first run may take several minutes as dependencies are installed.
 - If you need to change PHP version, stop and remove the container, then recreate with the desired version.
-- For advanced configuration, see the scripts in the `scripts/` directory.
\ No newline at end of file
+- For advanced configuration, see the scripts in the `scripts/` directory.
+- The image is optimized for size and speed, but local development in DEV mode may install additional packages (MariaDB, memcached) at runtime using microdnf.
+- The build context is minimized by the included `.dockerignore` file.
\ No newline at end of file
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
index d90a1f1..e15aeb1 100644
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -17,7 +17,7 @@ ln -s /home/$user/logs/php-fpm /var/log/php-fpm
 rm -f /etc/httpd/conf.d/userdir.conf
 docker_network=$(ip addr show |grep eth0 |grep inet |awk -F " " {'print $2'})
 echo "RemoteIPInternalProxy $docker_network" >> /etc/httpd/conf.d/remoteip.conf
-/scripts/install-php$PHPVER.sh
+# /scripts/install-php$PHPVER.sh
 
 /scripts/create-vhost.sh
 /scripts/create-php-config.sh
@@ -34,6 +34,11 @@ chmod -R 755 /home/$user
 if [[ $environment == 'DEV' ]]; then
   echo "Starting Dev Deployment"
   mkdir -p /home/$user/_db_backups
+  # Ensure microdnf is available for installing MariaDB and memcached in DEV mode
+  if ! command -v microdnf &> /dev/null; then
+    echo "microdnf not found, installing with dnf..."
+    dnf install -y microdnf && dnf clean all
+  fi
   microdnf install -y MariaDB-server MariaDB-client memcached
   nohup mysqld -umysql &
   if [ ! -f /home/$user/mysql_creds ]; then
diff --git a/scripts/install-php74.sh b/scripts/install-php74.sh
index f5fee07..f3a2da9 100644
--- a/scripts/install-php74.sh
+++ b/scripts/install-php74.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-microdnf module enable php:remi-7.4 -y
-microdnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-xmlrpc \
+dnf module enable php:remi-7.4 -y
+dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-xmlrpc \
 php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
 php-mysqlnd php-mbstring php-ioncube-loader php-intl php-gd libzip php-cli
 exit 0
\ No newline at end of file
diff --git a/scripts/install-php80.sh b/scripts/install-php80.sh
index 224f880..b57f3aa 100644
--- a/scripts/install-php80.sh
+++ b/scripts/install-php80.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-microdnf module enable php:remi-8.0 -y
-microdnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
+dnf module enable php:remi-8.0 -y
+dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
 php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
 php-mysqlnd php-mbstring php-ioncube-loader php-intl php-gd libzip php-cli
 exit 0
\ No newline at end of file
diff --git a/scripts/install-php81.sh b/scripts/install-php81.sh
index 88a8d7b..69f3ef6 100644
--- a/scripts/install-php81.sh
+++ b/scripts/install-php81.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-microdnf module enable php:remi-8.1 -y
-microdnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
+dnf module enable php:remi-8.1 -y
+dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
 php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
 php-mysqlnd php-mbstring php-ioncube-loader php-intl php-gd libzip php-cli
 exit 0
\ No newline at end of file
diff --git a/scripts/install-php82.sh b/scripts/install-php82.sh
index 97d691c..9200760 100644
--- a/scripts/install-php82.sh
+++ b/scripts/install-php82.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-microdnf module enable php:remi-8.2 -y
-microdnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
+dnf module enable php:remi-8.2 -y
+dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
 php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
 php-mysqlnd php-mbstring php-intl php-gd libzip php-cli
 exit 0
\ No newline at end of file
diff --git a/scripts/install-php83.sh b/scripts/install-php83.sh
index 597a55c..f63a756 100644
--- a/scripts/install-php83.sh
+++ b/scripts/install-php83.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-microdnf module enable php:remi-8.3 -y
-microdnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
+dnf module enable php:remi-8.3 -y
+dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
 php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
 php-mysqlnd php-mbstring php-intl php-gd libzip php-cli
 exit 0
\ No newline at end of file
diff --git a/scripts/install-php84.sh b/scripts/install-php84.sh
index 795a962..afd5a5c 100644
--- a/scripts/install-php84.sh
+++ b/scripts/install-php84.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-microdnf module enable php:remi-8.4 -y
-microdnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
+dnf module enable php:remi-8.4 -y
+dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
 php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
 php-mysqlnd php-mbstring php-intl php-gd libzip php-cli
 exit 0
\ No newline at end of file