├── .gitignore ├── .github └── workflows │ ├── test.yml │ ├── build-and-push.yml │ └── trivy.yml ├── LICENSE ├── tests.yaml ├── README.md └── Dockerfile /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Test container structure 2 | 3 | on: [pull_request] 4 | 5 | env: 6 | REGISTRY: docker.io 7 | IMAGE_NAME: appwrite/base 8 | TAG: ${{ github.event.release.tag_name }} 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout the repo 15 | uses: actions/checkout@v3 16 | 17 | - name: Setup container structure test 18 | run: | 19 | curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 20 | chmod +x container-structure-test-linux-amd64 21 | sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test 22 | 23 | - name: Run container structure test 24 | run: | 25 | docker build -t appwrite-base-test . 26 | container-structure-test test --image appwrite-base-test --config tests.yaml 27 | -------------------------------------------------------------------------------- /.github/workflows/build-and-push.yml: -------------------------------------------------------------------------------- 1 | name: Build and Push to DockerHub 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | env: 8 | REGISTRY: docker.io 9 | IMAGE_NAME: appwrite/base 10 | TAG: ${{ github.event.release.tag_name }} 11 | 12 | jobs: 13 | build: 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout the repo 17 | uses: actions/checkout@v3 18 | 19 | - name: Login to DockerHub 20 | uses: docker/login-action@v2 21 | with: 22 | username: ${{ secrets.DOCKERHUB_USERNAME }} 23 | password: ${{ secrets.DOCKERHUB_TOKEN }} 24 | 25 | - name: Set up QEMU 26 | uses: docker/setup-qemu-action@v2 27 | 28 | - name: Set up Docker Buildx 29 | uses: docker/setup-buildx-action@v2 30 | 31 | - name: Build and push 32 | uses: docker/build-push-action@v4 33 | with: 34 | context: . 35 | platforms: linux/amd64,linux/arm64 36 | push: true 37 | tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG }} 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Appwrite 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.github/workflows/trivy.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | name: trivy 7 | 8 | on: 9 | push: 10 | branches: [ "main" ] 11 | pull_request: 12 | # The branches below must be a subset of the branches above 13 | branches: [ "main" ] 14 | schedule: 15 | - cron: '43 11 * * 6' 16 | 17 | permissions: 18 | contents: read 19 | 20 | jobs: 21 | build: 22 | permissions: 23 | contents: read # for actions/checkout to fetch code 24 | security-events: write # for github/codeql-action/upload-sarif to upload SARIF results 25 | actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status 26 | name: Build 27 | runs-on: ubuntu-latest 28 | steps: 29 | - name: Checkout code 30 | uses: actions/checkout@v4 31 | 32 | - name: Build an image from Dockerfile 33 | run: | 34 | docker build -t appwrite/docker-base:${{ github.sha }} . 35 | 36 | - name: Run Trivy vulnerability scanner 37 | uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe 38 | with: 39 | image-ref: 'appwrite/docker-base:${{ github.sha }}' 40 | format: 'template' 41 | template: '@/contrib/sarif.tpl' 42 | output: 'trivy-results.sarif' 43 | severity: 'CRITICAL,HIGH' 44 | 45 | - name: Upload Trivy scan results to GitHub Security tab 46 | uses: github/codeql-action/upload-sarif@v3 47 | with: 48 | sarif_file: 'trivy-results.sarif' 49 | -------------------------------------------------------------------------------- /tests.yaml: -------------------------------------------------------------------------------- 1 | schemaVersion: '2.0.0' 2 | 3 | commandTests: 4 | - name: 'Imagemagick command' 5 | command: "magick" 6 | args: ["--version"] 7 | expectedOutput: [".*ImageMagick 7.1.*"] 8 | - name: 'rsync command' 9 | command: "rsync" 10 | args: ["--version"] 11 | expectedOutput: ["rsync version 3.*"] 12 | - name: 'Certbot command' 13 | command: "certbot" 14 | args: ["--version"] 15 | expectedOutput: ["certbot 4.*"] 16 | - name: 'Docker command' 17 | command: "docker" 18 | args: ["--version"] 19 | expectedOutput: ["Docker version 28.*"] 20 | - name: 'Docker Compose command' 21 | command: "docker" 22 | args: ["compose", "version"] 23 | expectedOutput: ["Docker Compose version v.*"] 24 | - name: 'PHP modules' 25 | command: "php" 26 | args: ["-m"] 27 | expectedOutput: 28 | - brotli 29 | - Core 30 | - ctype 31 | - curl 32 | - date 33 | - dom 34 | - fileinfo 35 | - filter 36 | - gd 37 | - hash 38 | - iconv 39 | - imagick 40 | - intl 41 | - json 42 | - libxml 43 | - lz4 44 | - maxminddb 45 | - mbstring 46 | - mysqlnd 47 | - openssl 48 | - opentelemetry 49 | - pcre 50 | - PDO 51 | - pdo_mysql 52 | - pdo_pgsql 53 | - pdo_sqlite 54 | - Phar 55 | - posix 56 | - protobuf 57 | - random 58 | - readline 59 | - redis 60 | - Reflection 61 | - scrypt 62 | - session 63 | - SimpleXML 64 | - snappy 65 | - sockets 66 | - sodium 67 | - SPL 68 | - sqlite3 69 | - standard 70 | - swoole 71 | - tokenizer 72 | - xml 73 | - xmlreader 74 | - xmlwriter 75 | - yaml 76 | - zlib 77 | - zstd 78 | - name: 'ImageMagick supported formats' 79 | command: "php" 80 | args: ["-i"] 81 | expectedOutput: 82 | - "ImageMagick supported formats .*WEBP.*" 83 | - name: 'PHP intl' 84 | command: "php" 85 | args: ["-r", 'print(\Normalizer::FORM_D);'] 86 | expectedOutput: 87 | - "4" 88 | - name: 'ZIP' 89 | command: "zip" 90 | args: ["-v"] 91 | expectedOutput: 92 | - "Zip 3.0 \\(July 5th 2008\\)" 93 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker Base 2 | 3 | [![Discord](https://img.shields.io/discord/564160730845151244?label=discord&style=flat-square)](https://appwrite.io/discord) 4 | [![Docker Pulls](https://img.shields.io/docker/pulls/appwrite/base?color=f02e65&style=flat-square)](https://hub.docker.com/r/appwrite/base) 5 | [![Build Status](https://img.shields.io/travis/com/appwrite/docker-base?style=flat-square)](https://travis-ci.com/appwrite/docker-base) 6 | [![Twitter Account](https://img.shields.io/twitter/follow/appwrite?color=00acee&label=twitter&style=flat-square)](https://twitter.com/appwrite) 7 | [![Follow Appwrite on StackShare](https://img.shields.io/badge/follow%20on-stackshare-blue?style=flat-square)](https://stackshare.io/appwrite) 8 | 9 | [Appwrite](https://appwrite.io) base docker image with applications and extensions built and installed. 10 | 11 | ## Getting Started 12 | 13 | These instructions will cover usage information to help your run Appwrite's base docker container. 14 | 15 | ### Prerequisites 16 | 17 | In order to run this container you'll need docker installed. 18 | 19 | * [Windows](https://docs.docker.com/windows/started) 20 | * [OS X](https://docs.docker.com/mac/started/) 21 | * [Linux](https://docs.docker.com/linux/started/) 22 | 23 | ### Usage 24 | 25 | ```shell 26 | docker run appwrite/base 27 | ``` 28 | 29 | ### Testing 30 | 31 | We use [Container Structure Test](https://github.com/GoogleContainerTools/container-structure-test) to run test for the docker image. In order to run test first install Container strucutre test using the following command. 32 | 33 | ```bash 34 | curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test 35 | ``` 36 | 37 | ### Run Test 38 | 39 | First build and tag the docker image and then run the test using the configuration file. 40 | 41 | ```bash 42 | docker build -t appwrite-base-test . 43 | container-structure-test test --config tests.yaml --image appwrite-base-test 44 | ``` 45 | 46 | ### Build 47 | 48 | ```bash 49 | docker build --tag appwrite/base:1.0.0 . 50 | 51 | docker push appwrite/base:1.0.0 52 | ``` 53 | 54 | Multi-arch build (using [buildx](https://github.com/docker/buildx)): 55 | 56 | ``` 57 | docker buildx build --platform linux/amd64,linux/arm64/v8,linux/ppc64le --tag appwrite/base:1.0.0 --push . 58 | ``` 59 | 60 | ## Find Us 61 | 62 | * [GitHub](https://github.com/appwrite) 63 | * [Discord](https://appwrite.io/discord) 64 | * [Twitter](https://twitter.com/appwrite) 65 | 66 | ## Copyright and license 67 | 68 | The MIT License (MIT) [http://www.opensource.org/licenses/mit-license.php](http://www.opensource.org/licenses/mit-license.php) 69 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | ARG BASEIMAGE="php:8.4.11-cli-alpine3.22" 2 | 3 | FROM $BASEIMAGE AS compile 4 | 5 | ENV PHP_REDIS_VERSION="6.2.0" \ 6 | PHP_SWOOLE_VERSION="v6.0.2" \ 7 | PHP_IMAGICK_VERSION="3.8.0" \ 8 | PHP_MONGODB_VERSION="2.1.1" \ 9 | PHP_YAML_VERSION="2.2.4" \ 10 | PHP_MAXMINDDB_VERSION="v1.12.0" \ 11 | PHP_SCRYPT_VERSION="2.0.1" \ 12 | PHP_ZSTD_VERSION="0.14.0" \ 13 | PHP_BROTLI_VERSION="0.15.2" \ 14 | PHP_SNAPPY_VERSION="0.2.2" \ 15 | PHP_LZ4_VERSION="0.4.4" \ 16 | PHP_XDEBUG_VERSION="3.4.3" \ 17 | PHP_OPENTELEMETRY_VERSION="1.1.3" \ 18 | PHP_PROTOBUF_VERSION="4.29.3" 19 | 20 | RUN apk update && apk upgrade && apk add --no-cache --virtual .deps \ 21 | linux-headers \ 22 | make \ 23 | automake \ 24 | autoconf \ 25 | gcc \ 26 | g++ \ 27 | git \ 28 | zlib-dev \ 29 | openssl-dev \ 30 | yaml-dev \ 31 | imagemagick \ 32 | imagemagick-dev \ 33 | libjpeg-turbo-dev \ 34 | jpeg-dev \ 35 | libpng-dev \ 36 | libjxl-dev \ 37 | libmaxminddb-dev \ 38 | zstd-dev \ 39 | brotli-dev \ 40 | lz4-dev \ 41 | curl-dev 42 | 43 | RUN docker-php-ext-install sockets 44 | 45 | FROM compile AS redis 46 | RUN \ 47 | # Redis Extension 48 | git clone --depth 1 --branch $PHP_REDIS_VERSION https://github.com/phpredis/phpredis.git && \ 49 | cd phpredis && \ 50 | phpize && \ 51 | ./configure && \ 52 | make && make install 53 | 54 | ## Swoole Extension 55 | FROM compile AS swoole 56 | RUN \ 57 | git clone --depth 1 --branch $PHP_SWOOLE_VERSION https://github.com/swoole/swoole-src.git && \ 58 | cd swoole-src && \ 59 | phpize && \ 60 | ./configure --enable-sockets --enable-http2 --enable-openssl --enable-swoole-curl && \ 61 | make && make install && \ 62 | cd .. 63 | 64 | ## Imagick Extension 65 | FROM compile AS imagick 66 | RUN \ 67 | git clone --depth 1 --branch $PHP_IMAGICK_VERSION https://github.com/imagick/imagick && \ 68 | cd imagick && \ 69 | phpize && \ 70 | ./configure && \ 71 | make && make install 72 | 73 | ## YAML Extension 74 | FROM compile AS yaml 75 | RUN \ 76 | git clone --depth 1 --branch $PHP_YAML_VERSION https://github.com/php/pecl-file_formats-yaml && \ 77 | cd pecl-file_formats-yaml && \ 78 | phpize && \ 79 | ./configure && \ 80 | make && make install 81 | 82 | ## Maxminddb extension 83 | FROM compile AS maxmind 84 | RUN \ 85 | git clone --depth 1 --branch $PHP_MAXMINDDB_VERSION https://github.com/maxmind/MaxMind-DB-Reader-php.git && \ 86 | cd MaxMind-DB-Reader-php && \ 87 | cd ext && \ 88 | phpize && \ 89 | ./configure && \ 90 | make && make install 91 | 92 | # Mongodb Extension 93 | FROM compile AS mongodb 94 | RUN \ 95 | git clone --depth 1 --branch $PHP_MONGODB_VERSION https://github.com/mongodb/mongo-php-driver.git && \ 96 | cd mongo-php-driver && \ 97 | git submodule update --init && \ 98 | phpize && \ 99 | ./configure && \ 100 | make && make install 101 | 102 | # Zstd Compression 103 | FROM compile AS zstd 104 | RUN git clone --recursive -n https://github.com/kjdev/php-ext-zstd.git \ 105 | && cd php-ext-zstd \ 106 | && git checkout $PHP_ZSTD_VERSION \ 107 | && phpize \ 108 | && ./configure --with-libzstd \ 109 | && make && make install 110 | 111 | ## Brotli Extension 112 | FROM compile AS brotli 113 | RUN git clone https://github.com/kjdev/php-ext-brotli.git \ 114 | && cd php-ext-brotli \ 115 | && git reset --hard $PHP_BROTLI_VERSION \ 116 | && phpize \ 117 | && ./configure --with-libbrotli \ 118 | && make && make install 119 | 120 | ## LZ4 Extension 121 | FROM compile AS lz4 122 | RUN git clone --recursive https://github.com/kjdev/php-ext-lz4.git \ 123 | && cd php-ext-lz4 \ 124 | && git reset --hard $PHP_LZ4_VERSION \ 125 | && phpize \ 126 | && ./configure --with-lz4-includedir=/usr \ 127 | && make && make install 128 | 129 | ## Snappy Extension 130 | FROM compile AS snappy 131 | RUN git clone --recursive https://github.com/kjdev/php-ext-snappy.git \ 132 | && cd php-ext-snappy \ 133 | && git reset --hard $PHP_SNAPPY_VERSION \ 134 | && phpize \ 135 | && ./configure \ 136 | && make && make install 137 | 138 | ## Scrypt Extension 139 | FROM compile AS scrypt 140 | RUN git clone --depth 1 https://github.com/DomBlack/php-scrypt.git \ 141 | && cd php-scrypt \ 142 | && git reset --hard $PHP_SCRYPT_VERSION \ 143 | && phpize \ 144 | && ./configure --enable-scrypt \ 145 | && make && make install 146 | 147 | ## XDebug Extension 148 | FROM compile AS xdebug 149 | RUN \ 150 | git clone --depth 1 --branch $PHP_XDEBUG_VERSION https://github.com/xdebug/xdebug && \ 151 | cd xdebug && \ 152 | phpize && \ 153 | ./configure && \ 154 | make && make install 155 | 156 | FROM compile AS opentelemetry 157 | RUN pecl install opentelemetry-${PHP_OPENTELEMETRY_VERSION} 158 | 159 | FROM compile AS protobuf 160 | RUN pecl install protobuf-${PHP_PROTOBUF_VERSION} 161 | 162 | FROM compile AS gd 163 | RUN docker-php-ext-install gd 164 | 165 | FROM $BASEIMAGE AS final 166 | 167 | LABEL maintainer="team@appwrite.io" 168 | 169 | RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone 170 | 171 | RUN \ 172 | apk update \ 173 | && apk upgrade \ 174 | && apk add --no-cache --virtual .deps \ 175 | linux-headers \ 176 | make \ 177 | automake \ 178 | autoconf \ 179 | gcc \ 180 | g++ \ 181 | curl-dev \ 182 | && apk add --no-cache \ 183 | libstdc++ \ 184 | rsync \ 185 | brotli-dev \ 186 | lz4-dev \ 187 | yaml-dev \ 188 | imagemagick \ 189 | imagemagick-dev \ 190 | libjpeg-turbo-dev \ 191 | jpeg-dev \ 192 | libjxl-dev \ 193 | libavif \ 194 | libheif \ 195 | libwebp \ 196 | imagemagick-heic \ 197 | zlib-dev \ 198 | libpng-dev \ 199 | libmaxminddb-dev \ 200 | certbot \ 201 | docker-cli \ 202 | docker-cli-compose \ 203 | libgomp \ 204 | git \ 205 | zip \ 206 | postgresql-dev \ 207 | && docker-php-ext-install sockets pdo_mysql pdo_pgsql intl \ 208 | && apk del .deps \ 209 | && rm -rf /var/cache/apk/* 210 | 211 | WORKDIR /usr/src/code 212 | 213 | COPY --from=swoole /usr/local/lib/php/extensions/no-debug-non-zts-20240924/swoole.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 214 | COPY --from=redis /usr/local/lib/php/extensions/no-debug-non-zts-20240924/redis.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 215 | COPY --from=imagick /usr/local/lib/php/extensions/no-debug-non-zts-20240924/imagick.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 216 | COPY --from=yaml /usr/local/lib/php/extensions/no-debug-non-zts-20240924/yaml.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 217 | COPY --from=maxmind /usr/local/lib/php/extensions/no-debug-non-zts-20240924/maxminddb.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 218 | COPY --from=scrypt /usr/local/lib/php/extensions/no-debug-non-zts-20240924/scrypt.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 219 | COPY --from=zstd /usr/local/lib/php/extensions/no-debug-non-zts-20240924/zstd.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 220 | COPY --from=brotli /usr/local/lib/php/extensions/no-debug-non-zts-20240924/brotli.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 221 | COPY --from=lz4 /usr/local/lib/php/extensions/no-debug-non-zts-20240924/lz4.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 222 | COPY --from=snappy /usr/local/lib/php/extensions/no-debug-non-zts-20240924/snappy.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 223 | COPY --from=xdebug /usr/local/lib/php/extensions/no-debug-non-zts-20240924/xdebug.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 224 | COPY --from=opentelemetry /usr/local/lib/php/extensions/no-debug-non-zts-20240924/opentelemetry.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 225 | COPY --from=protobuf /usr/local/lib/php/extensions/no-debug-non-zts-20240924/protobuf.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 226 | COPY --from=gd /usr/local/lib/php/extensions/no-debug-non-zts-20240924/gd.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 227 | COPY --from=mongodb /usr/local/lib/php/extensions/no-debug-non-zts-20240924/mongodb.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ 228 | 229 | # Enable Extensions 230 | RUN docker-php-ext-enable swoole redis imagick yaml maxminddb scrypt zstd brotli lz4 snappy opentelemetry protobuf gd mongodb 231 | 232 | EXPOSE 80 233 | 234 | CMD [ "tail", "-f", "/dev/null" ] 235 | --------------------------------------------------------------------------------