mxr576/Dockerfile

## docker-entrypoint.sh
#!/bin/sh
# DO NOT forget flagging this as executable after download.
#
# Source: https://github.com/composer/docker/blob/cc32c94811040536eb15e46c251a5ee36d5da1ea/2.5/docker-entrypoint.sh

isCommand() {
  # Retain backwards compatibility with common CI providers,
  # see: https://github.com/composer/docker/issues/107
  if [ "$1" = "sh" ]; then
    return 1
  fi

  composer help --no-interaction "$1" > /dev/null 2>&1
}

# check if the first argument passed in looks like a flag
if [ "${1#-}" != "$1" ]; then
  set -- /sbin/tini -- composer "$@"
# check if the first argument passed in is composer
elif [ "$1" = 'composer' ]; then
  set -- /sbin/tini -- "$@"
# check if the first argument passed in matches a known command
elif isCommand "$1"; then
  set -- /sbin/tini -- composer "$@"
fi

exec "$@"

## Dockerfile
################################################################################
# DDQG Composer Audit Docker image with Composer Audit Changes plugin.
#
# Usage:
# - docker buildx build --tag mxr576/ddqg_composer_audit:latest .
# - docker run --rm -ti -v [PATH_TO_COMPOSER_PROJECT_ROOT]:/app -v ${COMPOSER_HOME:-$HOME/.composer}/cache:/tmp/composer/cache mxr576/ddqg_composer_audit:latest audit -d /app 2>/dev/null # Ignore STDERR that constains the #StandWithUkraine message and leads to malformed JSON output
#
# See further ideas at https://hub.docker.com/r/composer/composer
#
# Simplified and customized version of https://github.com/composer/docker/blob/cc32c94811040536eb15e46c251a5ee36d5da1ea/2.5/Dockerfile
################################################################################

FROM php:8.2-cli-alpine

ARG COMPOSER_AUDIT_CHANGES_VERSION="^1.0@dev"
ARG DDQG_COMPOSER_AUDIT_VERSION="^1.0@dev"
ENV COMPOSER_ALLOW_SUPERUSER 1
ENV COMPOSER_HOME /tmp

RUN set -eux ; \
  apk add --no-cache --virtual .composer-rundeps \
    bash \
    coreutils \
    git \
    make \
    openssh-client \
    patch \
    tini \
    unzip \
    zip \
    $([ "$(apk --print-arch)" != "armhf" ] && echo p7zip)

RUN printf "# \n\
date.timezone=Europe/Budapest\n\
memory_limit=-1\n\
" > $PHP_INI_DIR/php-cli.ini

RUN set -eux ; \
  # Install https://github.com/mlocati/docker-php-extension-installer.
  curl \
    --silent \
    --fail \
    --location \
    --retry 3 \
    --output /usr/local/bin/install-php-extensions \
    --url https://github.com/mlocati/docker-php-extension-installer/releases/download/2.1.26/install-php-extensions \
  ; \
  echo 0f2aaaf0372c71ec7d7b009efa69d43142058f6433b5fb868a05ea8cc487c34ce4bb93aff52a3c26a1eb32d93e2d5d8f8eb1ef44cc6fe07a5410bcf8e55a9a4e /usr/local/bin/install-php-extensions | sha512sum --strict --check ; \
  chmod +x /usr/local/bin/install-php-extensions ; \
  # Install necessary/useful extensions not included in base image.
  install-php-extensions \
    bz2 \
    zip \
  ; \
  # Install public keys for snapshot and tag validation, see https://composer.github.io/pubkeys.html, to make "composer diagnose" happy. \
  curl \
    --silent \
    --fail \
    --location \
    --retry 3 \
    --output /tmp/keys.dev.pub \
    --url https://raw.githubusercontent.com/composer/composer.github.io/e7f28b7200249f8e5bc912b42837d4598c74153a/snapshots.pub \
  ; \
  echo 572b963c4b7512a7de3c71a788772440b1996d918b1d2b5354bf8ba2bb057fadec6f7ac4852f2f8a8c01ab94c18141ce0422aec3619354b057216e0597db5ac2 /tmp/keys.dev.pub | sha512sum --strict --check ; \
  curl \
    --silent \
    --fail \
    --location \
    --retry 3 \
    --output /tmp/keys.tags.pub \
    --url https://raw.githubusercontent.com/composer/composer.github.io/e7f28b7200249f8e5bc912b42837d4598c74153a/releases.pub \
  ; \
  echo 47f374b8840dcb0aa7b2327f13d24ab5f6ae9e58aa630af0d62b3d0ea114f4a315c5d97b21dcad3c7ffe2f0a95db2edec267adaba3f4f5a262abebe39aed3a28 /tmp/keys.tags.pub | sha512sum --strict --check

COPY docker-entrypoint.sh /docker-entrypoint.sh

COPY --link --from=composer/composer:2-bin composer /usr/bin/composer

RUN set -eux ; \
    composer diagnose ; \
    composer global config --no-plugins allow-plugins false; \
    composer global req mxr576/ddqg-composer-audit:${DDQG_COMPOSER_AUDIT_VERSION} -n ; \
    composer global req mxr576/composer-audit-changes:${COMPOSER_AUDIT_CHANGES_VERSION} -n ; \
    composer global config --no-plugins allow-plugins.mxr576/ddqg-composer-audit true; \
    composer global config --no-plugins allow-plugins.mxr576/composer-audit-changes true; \
    composer clear-cache

VOLUME /app
WORKDIR /app
# Required by "composer audit-changes".
RUN git config --global --add safe.directory /app

ENTRYPOINT ["/docker-entrypoint.sh"]

CMD ["composer"]
	#!/bin/sh
	# DO NOT forget flagging this as executable after download.
	#
	# Source: https://github.com/composer/docker/blob/cc32c94811040536eb15e46c251a5ee36d5da1ea/2.5/docker-entrypoint.sh

	isCommand() {
	# Retain backwards compatibility with common CI providers,
	# see: https://github.com/composer/docker/issues/107
	if [ "$1" = "sh" ]; then
	return 1
	fi

	composer help --no-interaction "$1" > /dev/null 2>&1
	}

	# check if the first argument passed in looks like a flag
	if [ "${1#-}" != "$1" ]; then
	set -- /sbin/tini -- composer "$@"
	# check if the first argument passed in is composer
	elif [ "$1" = 'composer' ]; then
	set -- /sbin/tini -- "$@"
	# check if the first argument passed in matches a known command
	elif isCommand "$1"; then
	set -- /sbin/tini -- composer "$@"
	fi

	exec "$@"
	################################################################################
	# DDQG Composer Audit Docker image with Composer Audit Changes plugin.
	#
	# Usage:
	# - docker buildx build --tag mxr576/ddqg_composer_audit:latest .
	# - docker run --rm -ti -v [PATH_TO_COMPOSER_PROJECT_ROOT]:/app -v ${COMPOSER_HOME:-$HOME/.composer}/cache:/tmp/composer/cache mxr576/ddqg_composer_audit:latest audit -d /app 2>/dev/null # Ignore STDERR that constains the #StandWithUkraine message and leads to malformed JSON output
	#
	# See further ideas at https://hub.docker.com/r/composer/composer
	#
	# Simplified and customized version of https://github.com/composer/docker/blob/cc32c94811040536eb15e46c251a5ee36d5da1ea/2.5/Dockerfile
	################################################################################

	FROM php:8.2-cli-alpine

	ARG COMPOSER_AUDIT_CHANGES_VERSION="^1.0@dev"
	ARG DDQG_COMPOSER_AUDIT_VERSION="^1.0@dev"
	ENV COMPOSER_ALLOW_SUPERUSER 1
	ENV COMPOSER_HOME /tmp

	RUN set -eux ; \
	apk add --no-cache --virtual .composer-rundeps \
	bash \
	coreutils \
	git \
	make \
	openssh-client \
	patch \
	tini \
	unzip \
	zip \
	$([ "$(apk --print-arch)" != "armhf" ] && echo p7zip)

	RUN printf "# \n\
	date.timezone=Europe/Budapest\n\
	memory_limit=-1\n\
	" > $PHP_INI_DIR/php-cli.ini

	RUN set -eux ; \
	# Install https://github.com/mlocati/docker-php-extension-installer.
	curl \
	--silent \
	--fail \
	--location \
	--retry 3 \
	--output /usr/local/bin/install-php-extensions \
	--url https://github.com/mlocati/docker-php-extension-installer/releases/download/2.1.26/install-php-extensions \
	; \
	echo 0f2aaaf0372c71ec7d7b009efa69d43142058f6433b5fb868a05ea8cc487c34ce4bb93aff52a3c26a1eb32d93e2d5d8f8eb1ef44cc6fe07a5410bcf8e55a9a4e /usr/local/bin/install-php-extensions \| sha512sum --strict --check ; \
	chmod +x /usr/local/bin/install-php-extensions ; \
	# Install necessary/useful extensions not included in base image.
	install-php-extensions \
	bz2 \
	zip \
	; \
	# Install public keys for snapshot and tag validation, see https://composer.github.io/pubkeys.html, to make "composer diagnose" happy. \
	curl \
	--silent \
	--fail \
	--location \
	--retry 3 \
	--output /tmp/keys.dev.pub \
	--url https://raw.githubusercontent.com/composer/composer.github.io/e7f28b7200249f8e5bc912b42837d4598c74153a/snapshots.pub \
	; \
	echo 572b963c4b7512a7de3c71a788772440b1996d918b1d2b5354bf8ba2bb057fadec6f7ac4852f2f8a8c01ab94c18141ce0422aec3619354b057216e0597db5ac2 /tmp/keys.dev.pub \| sha512sum --strict --check ; \
	curl \
	--silent \
	--fail \
	--location \
	--retry 3 \
	--output /tmp/keys.tags.pub \
	--url https://raw.githubusercontent.com/composer/composer.github.io/e7f28b7200249f8e5bc912b42837d4598c74153a/releases.pub \
	; \
	echo 47f374b8840dcb0aa7b2327f13d24ab5f6ae9e58aa630af0d62b3d0ea114f4a315c5d97b21dcad3c7ffe2f0a95db2edec267adaba3f4f5a262abebe39aed3a28 /tmp/keys.tags.pub \| sha512sum --strict --check

	COPY docker-entrypoint.sh /docker-entrypoint.sh

	COPY --link --from=composer/composer:2-bin composer /usr/bin/composer

	RUN set -eux ; \
	composer diagnose ; \
	composer global config --no-plugins allow-plugins false; \
	composer global req mxr576/ddqg-composer-audit:${DDQG_COMPOSER_AUDIT_VERSION} -n ; \
	composer global req mxr576/composer-audit-changes:${COMPOSER_AUDIT_CHANGES_VERSION} -n ; \
	composer global config --no-plugins allow-plugins.mxr576/ddqg-composer-audit true; \
	composer global config --no-plugins allow-plugins.mxr576/composer-audit-changes true; \
	composer clear-cache

	VOLUME /app
	WORKDIR /app
	# Required by "composer audit-changes".
	RUN git config --global --add safe.directory /app

	ENTRYPOINT ["/docker-entrypoint.sh"]

	CMD ["composer"]