LAB-linuxserver/docker-phpmyadmin
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-phpmyadmin.git synced 2026-02-20 08:40:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #41 from linuxserver/3.21

Browse Source
This commit is contained in:
Adam 2024-12-20 16:16:38 +00:00 committed by GitHub
commit 00c74772c6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 113 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/external_trigger.yml vendored
View File

@ -48,13 +48,30 @@ jobs:
--header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${tag}")
multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}" \
| jq -r '.config.digest')
if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
# If there's a layer element it's a single-arch manifest so just get that digest
digest=$(jq -r '.config.digest' <<< "${multidigest}")
else
# Otherwise it's multi-arch or has manifest annotations
if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
# Check for manifest annotations and delete if found
multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
fi
if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
# If there's still more than one digest, it's multi-arch
multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
else
# Otherwise it's single arch
multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
fi
if digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
digest=$(jq -r '.config.digest' <<< "${digest}");
fi
fi
image_info=$(curl -sL \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/blobs/${digest}")
@ -92,7 +109,7 @@ jobs:
else
printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
echo "New version \`${EXT_RELEASE}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
if "${artifacts_found}" == "true" ]]; then
if [[ "${artifacts_found}" == "true" ]]; then
echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
fi
response=$(curl -iX POST \

27
.github/workflows/package_trigger_scheduler.yml vendored
View File

@ -27,9 +27,18 @@ jobs:
fi
printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/jenkins-vars.yml)
if [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/Jenkinsfile >/dev/null 2>&1; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
if [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-phpmyadmin/${br}/readme-vars.yml)
if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
@ -37,7 +46,7 @@ jobs:
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`phpmyadmin_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/${br}/lastBuild/api/json | jq -r '.building') == "true" ]; then
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
skipped_branches="${skipped_branches}${br} "
@ -49,6 +58,11 @@ jobs:
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-phpmyadmin/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
if [[ -z "${response}" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Jenkins build could not be triggered. Skipping branch."
continue
fi
echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10
@ -56,11 +70,14 @@ jobs:
buildurl="${buildurl%$'\r'}"
echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
if ! curl -ifX POST \
"${buildurl}submitDescription" \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
--data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--data-urlencode "Submit=Submit"
--data-urlencode "Submit=Submit"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Unable to change the Jenkins job description."
fi
sleep 20
fi
else

8
Dockerfile
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.21
# set version label
ARG BUILD_DATE
@ -11,9 +11,9 @@ LABEL maintainer="thespad"
# environment settings
ARG PHPMYADMIN_RELEASE_GPG_KEY="3D06A59ECE730EB71B511C17CE752F178259BD92"
ENV MAX_EXECUTION_TIME 600
ENV MEMORY_LIMIT 512M
ENV UPLOAD_LIMIT 8192K
ENV MAX_EXECUTION_TIME=600
ENV MEMORY_LIMIT=512M
ENV UPLOAD_LIMIT=8192K
RUN \
apk add --no-cache --virtual=build-dependencies \

8
Dockerfile.aarch64
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20
FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.21
# set version label
ARG BUILD_DATE
@ -11,9 +11,9 @@ LABEL maintainer="thespad"
# environment settings
ARG PHPMYADMIN_RELEASE_GPG_KEY="3D06A59ECE730EB71B511C17CE752F178259BD92"
ENV MAX_EXECUTION_TIME 600
ENV MEMORY_LIMIT 512M
ENV UPLOAD_LIMIT 8192K
ENV MAX_EXECUTION_TIME=600
ENV MEMORY_LIMIT=512M
ENV UPLOAD_LIMIT=8192K
RUN \
apk add --no-cache --virtual=build-dependencies \

18
Jenkinsfile vendored
View File

@ -578,7 +578,7 @@ pipeline {
--label \"org.opencontainers.image.title=Phpmyadmin\" \
--label \"org.opencontainers.image.description=[Phpmyadmin](https://github.com/phpmyadmin/phpmyadmin/) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. \" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false --builder=container --load \
--provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash
set -e
@ -607,7 +607,9 @@ pipeline {
for i in "${CACHE[@]}"; do
docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
done
wait
for p in $(jobs -p); do
wait "$p" || { echo "job $p failed" >&2; exit 1; }
done
fi
'''
}
@ -642,7 +644,7 @@ pipeline {
--label \"org.opencontainers.image.title=Phpmyadmin\" \
--label \"org.opencontainers.image.description=[Phpmyadmin](https://github.com/phpmyadmin/phpmyadmin/) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. \" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false --builder=container --load \
--provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash
set -e
@ -671,7 +673,9 @@ pipeline {
for i in "${CACHE[@]}"; do
docker push ${i}:amd64-${COMMIT_SHA}-${BUILD_NUMBER} &
done
wait
for p in $(jobs -p); do
wait "$p" || { echo "job $p failed" >&2; exit 1; }
done
fi
'''
}
@ -699,7 +703,7 @@ pipeline {
--label \"org.opencontainers.image.title=Phpmyadmin\" \
--label \"org.opencontainers.image.description=[Phpmyadmin](https://github.com/phpmyadmin/phpmyadmin/) is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. \" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--provenance=false --sbom=false --builder=container --load \
--provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash
set -e
@ -728,7 +732,9 @@ pipeline {
for i in "${CACHE[@]}"; do
docker push ${i}:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} &
done
wait
for p in $(jobs -p); do
wait "$p" || { echo "job $p failed" >&2; exit 1; }
done
fi
'''
}

20
README.md
View File

@ -65,6 +65,23 @@ We support all of the official [environment variables](https://docs.phpmyadmin.n
For more information check out the [phpmyadmin documentation](https://www.phpmyadmin.net/docs/).
## Read-Only Operation
This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/).
### Caveats
* Custom themes are not supported
## Non-Root Operation
This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/).
### Caveats
* `/tmp` must be mounted to tmpfs
* Custom themes are not supported
## Usage
To help you get started creating a container from this image you can either use docker-compose or the docker cli.
@ -122,6 +139,8 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e PMA_ARBITRARY=1` | Set to `1` to allow you to connect to any server. Setting to `0` will only allow you to connect to specified hosts (See Application Setup) |
| `-e PMA_ABSOLUTE_URI=https://phpmyadmin.example.com` | Set the URL you will use to access the web frontend |
| `-v /config` | Persistent config files |
| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). |
## Environment variables from files (Docker secrets)
@ -285,6 +304,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **19.12.24:** - Rebase to Alpine 3.21.
* **27.05.24:** - Existing users should update their nginx confs to avoid http2 deprecation warnings.
* **24.05.24:** - Rebase to Alpine 3.20.
* **28.12.23:** - Rebase to Alpine 3.19 with php 8.3.

8
readme-vars.yml
View File

@ -26,6 +26,13 @@ param_usage_include_vols: true
param_volumes:
- {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files"}
# application setup block
readonly_supported: true
readonly_message: |
* Custom themes are not supported
nonroot_supported: true
nonroot_message: |
* `/tmp` must be mounted to tmpfs
* Custom themes are not supported
app_setup_block_enabled: true
app_setup_block: |
This image uses nginx, in contrast to the official images which offer fpm-only or Apache variants.
@ -90,6 +97,7 @@ init_diagram: |
"phpmyadmin:latest" <- Base Images
# changelog
changelogs:
- {date: "19.12.24:", desc: "Rebase to Alpine 3.21."}
- {date: "27.05.24:", desc: "Existing users should update their nginx confs to avoid http2 deprecation warnings."}
- {date: "24.05.24:", desc: "Rebase to Alpine 3.20."}
- {date: "28.12.23:", desc: "Rebase to Alpine 3.19 with php 8.3."}

1
root/defaults/config.inc.php
View File

@ -139,6 +139,7 @@ $i--;
/* Uploads setup */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['TempDir'] = '/tmp';
if (isset($_ENV['MAX_EXECUTION_TIME'])) {
$cfg['ExecTimeLimit'] = $_ENV['MAX_EXECUTION_TIME'];

33
root/etc/s6-overlay/s6-rc.d/init-phpmyadmin-config/run
View File

@ -2,8 +2,7 @@
# shellcheck shell=bash
mkdir -p \
/config/phpmyadmin \
/app/www/public/tmp
/config/phpmyadmin
if [[ ! -f /config/phpmyadmin/config.secret.inc.php ]]; then
cat >/config/phpmyadmin/config.secret.inc.php <<EOT
@ -28,19 +27,21 @@ if [[ ! -f /config/phpmyadmin/config.inc.php ]]; then
cp /defaults/config.inc.php /config/phpmyadmin/config.inc.php
fi
# Set up themes
if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
cp -R /app/www/public/themes/* /config/themes
rm -rf "/app/www/public/themes"
fi
if [[ ! -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
mv "/app/www/public/themes" /config/themes
fi
if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
ln -s "/config/themes" "/app/www/public/themes"
if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then
# Set up themes
if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
cp -R /app/www/public/themes/* /config/themes
rm -rf "/app/www/public/themes"
fi
if [[ ! -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
mv "/app/www/public/themes" /config/themes
fi
if [[ -d "/config/themes" && ! -L "/app/www/public/themes" ]]; then
ln -s "/config/themes" "/app/www/public/themes"
fi
fi
# permissions
lsiown -R abc:abc \
/config \
/app/www/public/tmp
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
lsiown -R abc:abc \
/config
fi