Removed the entrypoint.sh from the versioned images (#297)

builder/gen-dockerfile/src/templates/Dockerfile.twig

@@ -20,4 +20,7 @@ FROM {{ base_image }}
 
 COPY . $APP_DIR
 RUN chown -R www-data.www-data $APP_DIR
-RUN /composer.sh
+RUN /build-scripts/composer.sh
+
+RUN /bin/bash /build-scripts/move-config-files.sh
+RUN /bin/bash /build-scripts/lockdown.sh

cloudbuild.yaml

@@ -91,15 +91,15 @@ steps:
 
   # php56 test
   - name: gcr.io/cloud-builders/docker
-    args: ['build', '-t', 'gcr.io/${_GOOGLE_PROJECT_ID}/php56:$_TAG', '.']
+    args: ['build', '-t', 'gcr.io/${_GOOGLE_PROJECT_ID}/php56-test:$_TAG', '.']
     dir: testapps/php56
     waitFor: ['php-onbuild']
     id: php56-build
   - name: gcr.io/gcp-runtimes/structure_test
-    args: ['-i', 'gcr.io/${_GOOGLE_PROJECT_ID}/php56:$_TAG', '--config', 'php56.yaml', '-v']
+    args: ['-i', 'gcr.io/${_GOOGLE_PROJECT_ID}/php56-test:$_TAG', '--config', 'php56.yaml', '-v']
     waitFor: ['php56-build']
   - name: gcr.io/cloud-builders/docker
-    args: ['run', '--net=nw_$_TAG', '--name=php56', '-d', 'gcr.io/${_GOOGLE_PROJECT_ID}/php56:$_TAG']
+    args: ['run', '--net=nw_$_TAG', '--name=php56-test', '-d', 'gcr.io/${_GOOGLE_PROJECT_ID}/php56-test:$_TAG']
     waitFor: ['php56-build', 'test-network']
     id: php56-app
   - name: gcr.io/cloud-builders/docker

php-base/Dockerfile

@@ -61,6 +61,7 @@ ENV NGINX_DIR=/etc/nginx \
 
 # Install build scripts - composer, nginx, php
 COPY build-scripts /build-scripts
+RUN chown www-data /build-scripts
 
 ARG RUNTIME_DISTRIBUTION="gcp-php-runtime-jessie"
 
@@ -91,15 +92,9 @@ RUN mkdir -p $APP_DIR $UPLOAD_DIR $SESSION_SAVE_PATH \
 COPY nginx.conf fastcgi_params gzip_params "${NGINX_DIR}/"
 COPY nginx-app.conf nginx-http.conf "${NGINX_USER_CONF_DIR}/"
 COPY supervisord.conf /etc/supervisor/supervisord.conf
-COPY entrypoint.sh composer.sh whitelist_functions.php /
 
-RUN chgrp www-data composer.sh && \
-    chmod +x /entrypoint.sh /composer.sh
-
-# A script for extracting PHP version from composer.json.
-COPY detect_php_version.php install_extensions.php /tmp/
+RUN chmod +x /build-scripts/entrypoint.sh /build-scripts/composer.sh
 
 WORKDIR $APP_DIR
 
-ENTRYPOINT ["/entrypoint.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

php-base/README.md

@@ -6,19 +6,8 @@ for internal use only. Please look at the derived image in the
 
 ## Directories and Files in this directory
 
-- build-scripts: Bash scripts to build dependancies from source. By
-  isolating builds into multiple pieces we can develop
-  quickly. Consider combine them again to minimize the image size when
-  we go GA.
-- composer.sh: Bash script to dynamically change the runtime PHP
-  version and run composer to install app's dependencies.
-- detect_php_version.php: PHP script to parse user supplied
-  composer.json and detect which PHP version to use.
+- build-scripts: scripts for building the image
 - Dockerfile: the docker build file.
-- entrypoint.sh: a script for entrypoint which will rewrite the
-  document root in php.ini and nginx.conf according to the environment
-  variable "DOCUMENT_ROOT". It also moves user supplied nginx config
-  files to appropriate directory.
 - fastcgi_params: the nginx config for processing PHP scripts using a php-fpm
   process.
 - gzip_params: the nginx config for gzip compression.

php-base/composer.sh → php-base/build-scripts/composer.sh

@@ -25,13 +25,9 @@ if [ -f ${APP_DIR}/composer.json ]; then
         PHP_VERSION="${DETECTED_PHP_VERSION}"
     else
         # Extract php version from the composer.json.
-        CMD="php /tmp/detect_php_version.php ${APP_DIR}/composer.json"
+        CMD="php /build-scripts/detect_php_version.php ${APP_DIR}/composer.json"
         PHP_VERSION=`su www-data -c "${CMD}"`
 
-        # Remove files and directories for detecting PHP version.
-        # These files are created in Dockerfile.
-        rm -rf /tmp/vendor /tmp/detect_php_version.php /tmp/composer.*
-
         if [ "${PHP_VERSION}" != "5.6" ] && [ "${PHP_VERSION}" != "7.0" ] && [ "${PHP_VERSION}" != "7.1" ]; then
             cat<<EOF
 There is no PHP runtime version specified in composer.json, or we don't support the version you specified. Google App Engine uses the latest 7.1.x version. We recommend pinning your PHP version by running:
@@ -77,7 +73,7 @@ EOF
     rm -rf ${APP_DIR}/vendor
 
     # Auto install extensions
-    php -d auto_prepend_file='' /tmp/install_extensions.php ${APP_DIR}/composer.json ${PHP_DIR}/lib/conf.d/extensions.ini ${PHP_VERSION}
+    php -d auto_prepend_file='' /build-scripts/install_extensions.php ${APP_DIR}/composer.json ${PHP_DIR}/lib/conf.d/extensions.ini ${PHP_VERSION}
 
     # Run Composer.
     if [ -n "${GOOGLE_RUNTIME_RUN_COMPOSER_SCRIPT}" ]; then

php-base/build-scripts/entrypoint.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Copyright 2015 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This file configure the runtime dynamically based on the contents
+# and environment variables that user provides.
+
+set -xe
+
+/bin/bash /build-scripts/move-config-files.sh
+
+# Configure memcached based session.
+if [ -n "${MEMCACHE_PORT_11211_TCP_ADDR}" ] && [ -n "${MEMCACHE_PORT_11211_TCP_PORT}" ]; then
+    cat <<EOF > ${PHP_DIR}/lib/conf.d/memcached-session.ini
+session.save_handler=memcached
+session.save_path="${MEMCACHE_PORT_11211_TCP_ADDR}:${MEMCACHE_PORT_11211_TCP_PORT}"
+EOF
+fi
+
+if [ -f "${APP_DIR}/composer.json" ]; then
+    # run the composer scripts for post-deploy
+    if su www-data -c "php /usr/local/bin/composer --no-ansi run-script -l" \
+        | grep -q "post-deploy-cmd"; then
+        su www-data -c \
+            "php /usr/local/bin/composer run-script post-deploy-cmd \
+            --no-ansi \
+            --no-interaction" \
+            || (echo 'Failed to execute post-deploy-cmd'; exit 1)
+    fi
+fi
+
+/bin/bash /build-scripts/lockdown.sh
+
+exec "$@"

php-base/build-scripts/lockdown.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -xe
+
+# Lock down the DOCUMENT_ROOT
+chown -R root.www-data ${DOCUMENT_ROOT}
+chmod -R 550 ${DOCUMENT_ROOT}
+
+# Change the www-data's shell back to /usr/sbin/nologin
+chsh -s /usr/sbin/nologin www-data
+
+# Enable suhosin for PHP 5.6.x
+if [ -x "${PHP56_DIR}/bin/php56-enmod" ]; then
+    ${PHP56_DIR}/bin/php56-enmod suhosin
+fi
+
+# Whitelist functions
+${PHP_DIR}/bin/php -d auto_prepend_file='' \
+          /build-scripts/whitelist_functions.php
+
+# Remove loose php-cli.ini
+rm /opt/php/lib/php-cli.ini

php-base/entrypoint.sh → php-base/build-scripts/move-config-files.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2015 Google Inc.
+# Copyright 2017 Google Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,10 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
-# This file configure the runtime dynamically based on the contents
-# and environment variables that user provides.
-
 set -xe
 
 # App specific piece of the nginx config file included in the http section.
@@ -101,43 +97,3 @@ fi
 if [ -f "${SUPERVISORD_CONF_OVERRIDE}" ]; then
     mv "${SUPERVISORD_CONF_OVERRIDE}" /etc/supervisor/supervisord.conf
 fi
-
-# Configure memcached based session.
-if [ -n "${MEMCACHE_PORT_11211_TCP_ADDR}" ] && [ -n "${MEMCACHE_PORT_11211_TCP_PORT}" ]; then
-    cat <<EOF > ${PHP_DIR}/lib/conf.d/memcached-session.ini
-session.save_handler=memcached
-session.save_path="${MEMCACHE_PORT_11211_TCP_ADDR}:${MEMCACHE_PORT_11211_TCP_PORT}"
-EOF
-fi
-
-if [ -f "${APP_DIR}/composer.json" ]; then
-    # run the composer scripts for post-deploy
-    if su www-data -c "php /usr/local/bin/composer --no-ansi run-script -l" \
-        | grep -q "post-deploy-cmd"; then
-        su www-data -c \
-            "php /usr/local/bin/composer run-script post-deploy-cmd \
-            --no-ansi \
-            --no-interaction" \
-            || (echo 'Failed to execute post-deploy-cmd'; exit 1)
-    fi
-fi
-
-# Lock down the DOCUMENT_ROOT
-chown -R root.www-data ${DOCUMENT_ROOT}
-chmod -R 550 ${DOCUMENT_ROOT}
-
-# Change the www-data's shell back to /usr/sbin/nologin
-chsh -s /usr/sbin/nologin www-data
-
-# Enable suhosin for PHP 5.6.x
-if [ -x "${PHP56_DIR}/bin/php56-enmod" ]; then
-    ${PHP56_DIR}/bin/php56-enmod suhosin
-fi
-
-# Whitelist functions
-${PHP_DIR}/bin/php -d auto_prepend_file='' /whitelist_functions.php
-
-# Remove loose php-cli.ini
-rm /opt/php/lib/php-cli.ini
-
-exec "$@"

php-base/tests/DetectPhpVersionTest.php

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-require_once(__DIR__ . "/../detect_php_version.php");
+require_once(__DIR__ . "/../build-scripts/detect_php_version.php");
 
 class DetectPhpVersionTest extends \PHPUnit_Framework_TestCase
 {

php-base/tests/InstallExtensionsTest.php

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-require_once(__DIR__ . "/../install_extensions.php");
+require_once(__DIR__ . "/../build-scripts/install_extensions.php");
 
 class InstallExtensionsTest extends \PHPUnit_Framework_TestCase
 {

php-onbuild/Dockerfile.in

@@ -20,4 +20,7 @@ FROM ${PHP_71_IMAGE}
 ONBUILD COPY . $APP_DIR
 ONBUILD RUN chown -R www-data.www-data $APP_DIR
 
-ONBUILD RUN /composer.sh
+ONBUILD RUN /build-scripts/composer.sh
+
+ENTRYPOINT ["/build-scripts/entrypoint.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

php-versioned/Dockerfile.in

@@ -20,9 +20,9 @@ ARG PHP_VERSION=7.1
 
 RUN /bin/bash /build-scripts/install_php.sh && \
     /bin/bash /build-scripts/install_composer.sh && \
-    chgrp www-data /tmp/detect_php_version.php && \
+    chgrp www-data /build-scripts/detect_php_version.php && \
     # Temporary enable the shell for www-data
-    # We will disable it in entrypoint.sh
+    # We will disable it in lockdown.sh
     chsh -s /bin/bash www-data && \
-      cd /tmp && \
+      cd /build-scripts && \
       su www-data -c "php /usr/local/bin/composer require composer/semver"

testapps/php56/tests/PHP56Test.php

@@ -29,7 +29,7 @@ public static function setUpBeforeClass()
 
     public function setUp()
     {
-        $this->client = new Client(['base_uri' => 'http://php56:8080/']);
+        $this->client = new Client(['base_uri' => 'http://php56-test:8080/']);
     }
 
     public function testIndex()