[major] Converted all of the PHP base images to distroless, saving 500 MB per image.

hopeseekr · hopeseekr · commit 0d934d4b84e4 · 2025-08-17T19:11:13.000-05:00
diff --git a/docker/build-distroless.sh b/docker/build-distroless.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+#####################################################################
+#   The Dockerize PHP Project                                       #
+#   https://github.com/PHPExpertsInc/docker-php                     #
+#   License: MIT                                                    #
+#                                                                   #
+#   Copyright © 2020-2025 PHP Experts, Inc. <sales@phpexperts.pro>  #
+#       Author: Theodore R. Smith <theodore@phpexperts.pro>         #
+#      PGP Sig: 4BF826131C3487ACD28F2AD8EB24A91DD6125690            #
+#####################################################################
+
+set -o pipefail
+
+PHP_VERSIONS="5.6 7.0 7.1 7.2 7.3 7.4 8.0 8.1 8.2 8.3 8.4"
+#PHP_VERSIONS="7.4 8.0 8.1 8.2 8.3 8.4"
+#PHP_VERSIONS="8.0 8.1 8.2 8.3 8.4"
+
+# Create the apt cache volume
+docker volume create apt-cache
+
+export BUILDKIT_STEP_LOG_MAX_SIZE=104857600
+
+# Build the base linux image first.
+export DOCKER_BUILDKIT=1
+
+
+for VERSION in ${PHP_VERSIONS}; do
+    # Check if the base image exists and get its size
+    if ! docker image inspect "phpexperts/php:${VERSION}" >/dev/null 2>&1; then
+        echo "Docker image phpexperts/php:${VERSION} does not exist. Skipping..."
+        continue
+    fi
+    
+    # Get image size in bytes and convert to MB
+    IMAGE_SIZE_BYTES=$(docker image inspect "phpexperts/php:${VERSION}" --format='{{.Size}}')
+    IMAGE_SIZE_MB=$((IMAGE_SIZE_BYTES / 1024 / 1024))
+    
+    if [ $IMAGE_SIZE_MB -le 200 ]; then
+        echo "Docker image phpexperts/php:${VERSION} is ${IMAGE_SIZE_MB}MB (≤200MB). Skipping..."
+        continue
+    fi
+    
+    echo "Building distroless image for PHP ${VERSION} (base image size: ${IMAGE_SIZE_MB}MB)..."
+    
+    # Build the distroless image
+    if docker build distroless --tag="phpexperts/php:${VERSION}-distroless" --build-arg VOLUME="apt-cache:/var/lib/apt" --build-arg PHP_VERSION=$VERSION --no-cache --progress=plain; then
+        echo "Successfully built distroless image for PHP ${VERSION}"
+        
+        # Remove the existing image (force)
+        docker rmi -f "phpexperts/php:${VERSION}"
+        
+        # Tag the distroless image as the main version
+        docker tag "phpexperts/php:${VERSION}-distroless" "phpexperts/php:${VERSION}"
+        
+        # Remove the distroless tagged image
+        docker rmi "phpexperts/php:${VERSION}-distroless"
+        
+        echo "Successfully replaced phpexperts/php:${VERSION} with distroless version"
+    else
+        echo "Failed to build distroless image for PHP ${VERSION}"
+    fi
+done
diff --git a/docker/distroless/Dockerfile b/docker/distroless/Dockerfile
@@ -0,0 +1,32 @@
+# PROMPT: Create an intermediary Dockerfile from phpexperts/php:8.3 that copies the "grab_files.sh" bash script
+#         created previously. RUN the /grab_files.sh multiple times with the args /usr/bin/bash, /usr/bin/env, /usr/bin/php,
+#         /usr/bin/composer /usr/bin/ls and /etc/php/8.3, /usr/share/zoneinfo, /etc/ssl/certs, each on its own line.
+#
+#         Then using a FROM scratch final image, COPY the path /tmp/distroless to / of the final image.
+#         Also COPY /usr/local/bin/entrypoint-php.sh to the final image.
+#         Set the CMD to /usr/bin/php and the ENTRYPOINT to /usr/local/bin/entrypoint-php.sh.
+ARG PHP_VERSION
+
+FROM phpexperts/php:$PHP_VERSION AS intermediate
+
+COPY grab_files.sh /grab_files.sh
+
+RUN /grab_files.sh "/usr/bin/bash" || true
+RUN /grab_files.sh "/usr/bin/env"; \
+    /grab_files.sh "/usr/bin/ldd"; \
+    /grab_files.sh "/usr/bin/php"; \
+    /grab_files.sh "/usr/local/bin/composer"; \
+    /grab_files.sh "/usr/bin/ls"; \
+    /grab_files.sh "/usr/lib/php"; \
+    /grab_files.sh "/etc/php/$PHP_VERSION"; \
+    /grab_files.sh "/usr/share/zoneinfo"; \
+    /grab_files.sh "/etc/ca-certificates/" || true
+
+FROM scratch
+
+COPY --from=intermediate /tmp/distroless /
+COPY --from=intermediate /usr/local/bin/entrypoint-php.sh /usr/bin/entrypoint-php.sh
+
+WORKDIR /workdir
+
+ENTRYPOINT ["/usr/bin/entrypoint-php.sh"]
diff --git a/docker/distroless/grab_files.sh b/docker/distroless/grab_files.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# PROMPT: Create a bash script with the following:
+#  If a CLI arg is not passed, fail with the mesage "Error: Pass the full path of the file/executable you want to include."
+#
+# If the CLI arg is neither a file nor a directory, fail with the message "Error: File not found."
+#
+# If the /tmp/distroless directory does not exist, create it. Then
+#     cd into /tmp/distroless and create the POSIX standard Linux directories, using Ubuntu 22.04 as the exact model to copy.
+#     set chmod 0777 for tmp var/{cache,log,tmp}
+#     set chmod 0750 for root
+#     Create ln -s for /bin /sbin from /usr/bin
+#     Create ln -s for /lib /lib64 from /usr/lib
+#
+# Then if the CLI arg is a directory, use the following prompt:
+#     If the SOURCE directory (via the CLI arg) is "/etc/php/8.3", 
+#         Copy this to /tmp/distroless/ while maintaining the relative directory path: 
+#             Example: /etc/php/8.3 -> /tmp/distroless/etc/php/8.3/
+#
+# If it is not a directory:
+#     cp -v "$1" "/tmp/distroless$1"
+#     Test if the file is an executable (via bash's -x).
+#     If it is an executable:
+#     Then run `ldd "$1" | awk '{print $1}'` and use `cp` to copy the files to /usr/lib
+#         Ignore any errors from the `cp` command, as they are likely false-positives.
+#
+# Include this exact prompt as a source code comment at the beginning of the Bash script.
+# Do not bother with inline comments.
+if [ -x "$1" ]; then
+    cd /usr/lib/x86_64-linux-gnu
+    cp -vf $(ldd "$1" | awk '{print $1}') /tmp/distroless/usr/lib/
+fi
+
+
+
+if [ -z "$1" ]; then
+    echo "Error: Pass the full path of the file/executable you want to include."
+    exit 1;
+fi
+
+if [ ! -f "$1" ] && [ ! -d "$1" ]; then
+    echo "Error: File not found."
+    exit 2;
+fi
+
+if [ ! -d /tmp/distroless ]; then
+    mkdir -p /tmp/distroless
+    cd /tmp/distroless
+    mkdir -p dev etc home/user media mnt opt proc root run sys tmp usr var/{cache,lib,log,spool,tmp}
+    mkdir -p /tmp/distroless/usr/{bin,lib,local/bin}
+
+    chmod 0777 tmp var/{cache,log,tmp}
+    chmod 0750 root
+
+    ln -s usr/bin bin
+    ln -s usr/bin sbin
+    ln -s usr/lib lib
+    ln -s usr/lib lib64
+fi
+
+if [ -d "$1" ]; then
+
+    cp -avf --parents "$1" /tmp/distroless
+
+    for each in $(find "$1" -name \*.so\* -type f); do 
+        cd /usr/lib/x86_64-linux-gnu
+        cp -v $(ldd $each | awk '{print $1}') /tmp/distroless/usr/lib
+    done
+
+    exit 0
+fi
+
+cp -v "$1" "/tmp/distroless$1"
+if [ -x "$1" ]; then
+    cd /usr/lib/x86_64-linux-gnu
+    cp -vf $(ldd "$1" | awk '{print $1}') /tmp/distroless/usr/lib/
+fi
