From 7305bfe7b6a44dcd2add0f2f1a633728edb09fa0 Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Tue, 11 Mar 2025 13:50:46 +0800 Subject: [PATCH 01/23] Add gnu static binary build support --- build-static.sh | 146 ++++++++++++++++++++++++++++-------------- gnu-static.Dockerfile | 134 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 231 insertions(+), 49 deletions(-) create mode 100644 gnu-static.Dockerfile diff --git a/build-static.sh b/build-static.sh index 517a82988d..3238aebc02 100755 --- a/build-static.sh +++ b/build-static.sh @@ -10,8 +10,51 @@ fi arch="$(uname -m)" os="$(uname -s | tr '[:upper:]' '[:lower:]')" -# FIXME: re-enable PHP errors when SPC will be compatible with PHP 8.4 -spcCommand="php -ddisplay_errors=Off ./bin/spc" + +# Supported variables: +# - PHP_VERSION: PHP version to build (default: "8.4") +# - PHP_EXTENSIONS: PHP extensions to build (default: ${defaultExtensions} set below) +# - PHP_EXTENSION_LIBS: PHP extension libraries to build (default: ${defaultExtensionLibs} set below) +# - FRANKENPHP_VERSION: FrankenPHP version (default: current Git commit) +# - EMBED: Path to the PHP app to embed (default: none) +# - DEBUG_SYMBOLS: Enable debug symbols if set to 1 (default: none) +# - MIMALLOC: Use mimalloc as the allocator if set to 1 (default: none) +# - XCADDY_ARGS: Additional arguments to pass to xcaddy +# - RELEASE: [maintainer only] Create a GitHub release if set to 1 (default: none) + +# - SPC_REL_TYPE: Release type to download (accept "source" and "binary", default: "source") +# - SPC_OPT_BUILD_ARGS: Additional arguments to pass to spc build +# - SPC_OPT_DOWNLOAD_ARGS: Additional arguments to pass to spc download +# - SPC_BUILD_GNU: Set to 1 to build with GNU toolchain (default: musl toolchain) + +# init spc command, if we use spc binary, just use it instead of fetching source +if [ -z "${SPC_REL_TYPE}" ]; then + SPC_REL_TYPE="source" +fi +# init spc build additional args +if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then + SPC_OPT_BUILD_ARGS="--debug" +fi +# init spc download additional args +if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then + SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" +fi +# linux build need to disable opcache jit +if [ "${os}" = "linux" ]; then + SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --disable-opcache-jit" +fi +# if we need debug symbols, disable strip +if [ -n "${DEBUG_SYMBOLS}" ]; then + SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --no-strip" +fi +# php version to build +if [ -z "${PHP_VERSION}" ]; then + export PHP_VERSION="8.4" +fi +# default extension set +defaultExtensions="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" +defaultExtensionLibs="bzip2,freetype,libavif,libjpeg,liblz4,libwebp,libzip,nghttp2" + md5binary="md5sum" if [ "${os}" = "darwin" ]; then os="mac" @@ -35,32 +78,6 @@ else fpie="-fpie" fi -if [ -z "${PHP_EXTENSIONS}" ]; then - if [ -n "${EMBED}" ] && [ -f "${EMBED}/composer.json" ]; then - cd "${EMBED}" - # read the composer.json file and extract the required PHP extensions - # remove internal extensions from the list: https://github.com/crazywhalecc/static-php-cli/blob/4b16631d45a57370b4747df15c8f105130e96d03/src/globals/defines.php#L26-L34 - PHP_EXTENSIONS="$(composer check-platform-reqs --no-dev 2>/dev/null | grep ^ext | sed -e 's/^ext-core//' -e 's/^ext-hash//' -e 's/^ext-json//' -e 's/^ext-pcre//' -e 's/^ext-reflection//' -e 's/^ext-spl//' -e 's/^ext-standard//' -e 's/^ext-//' -e 's/ .*//' | xargs | tr ' ' ',')" - export PHP_EXTENSIONS - cd - - else - export PHP_EXTENSIONS="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" - fi -fi - -if [ -z "${PHP_EXTENSION_LIBS}" ]; then - export PHP_EXTENSION_LIBS="bzip2,freetype,libavif,libjpeg,liblz4,libwebp,libzip,nghttp2" -fi - -# The Brotli library must always be built as it is required by http://github.com/dunglas/caddy-cbrotli -if ! echo "${PHP_EXTENSION_LIBS}" | grep -q "\bbrotli\b"; then - export PHP_EXTENSION_LIBS="${PHP_EXTENSION_LIBS},brotli" -fi - -if [ -z "${PHP_VERSION}" ]; then - export PHP_VERSION="8.4" -fi - if [ -z "${FRANKENPHP_VERSION}" ]; then FRANKENPHP_VERSION="$(git rev-parse --verify HEAD)" export FRANKENPHP_VERSION @@ -98,14 +115,6 @@ else cd dist/ echo -n "${cache_key}" >cache_key - if [ -d "static-php-cli/" ]; then - cd static-php-cli/ - git pull - else - git clone --depth 1 https://github.com/crazywhalecc/static-php-cli - cd static-php-cli/ - fi - if type "brew" >/dev/null 2>&1; then if ! type "composer" >/dev/null; then packages="composer" @@ -123,20 +132,48 @@ else fi fi - composer install --no-dev -a - - if [ "${os}" = "linux" ]; then - extraOpts="--disable-opcache-jit" - fi - - if [ -n "${DEBUG_SYMBOLS}" ]; then - extraOpts="${extraOpts} --no-strip" - fi + if [ "${SPC_REL_TYPE}" = "binary" ]; then + mkdir static-php-cli/ + cd static-php-cli/ + curl -o spc -fsSL https://dl.static-php.dev/static-php-cli/spc-bin/nightly/spc-linux-$(uname -m) + chmod +x spc + spcCommand="./spc" + elif [ -d "static-php-cli/src" ]; then + cd static-php-cli/ + git pull + composer install --no-dev -a + spcCommand="./bin/spc" + else + git clone --depth 1 https://github.com/crazywhalecc/static-php-cli --branch main + cd static-php-cli/ + composer install --no-dev -a + spcCommand="./bin/spc" + fi + + # extensions to build + if [ -z "${PHP_EXTENSIONS}" ]; then + # enable EMBED mode, first check if project has dumped extensions + if [ -n "${EMBED}" ] && [ -f "${EMBED}/composer.json" ] && [ -f "${EMBED}/composer.lock" ] && [ -f "${EMBED}/vendor/installed.json" ]; then + cd "${EMBED}" + # read the extensions using spc dump-extensions + PHP_EXTENSIONS=$(${spcCommand} dump-extensions "${EMBED}" --format=text --no-dev --no-ext-output="${defaultExtensions}") + else + PHP_EXTENSIONS="${defaultExtensions}" + fi + fi + # additional libs to build + if [ -z "${PHP_EXTENSION_LIBS}" ]; then + PHP_EXTENSION_LIBS="${defaultExtensionLibs}" + fi + # The Brotli library must always be built as it is required by http://github.com/dunglas/caddy-cbrotli + if ! echo "${PHP_EXTENSION_LIBS}" | grep -q "\bbrotli\b"; then + PHP_EXTENSION_LIBS="${PHP_EXTENSION_LIBS},brotli" + fi ${spcCommand} doctor --auto-fix - ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" --ignore-cache-sources=php-src --prefer-pre-built + ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" ${SPC_OPT_DOWNLOAD_ARGS} # shellcheck disable=SC2086 - ${spcCommand} build --debug --enable-zts --build-embed ${extraOpts} "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" + ${spcCommand} build --enable-zts --build-embed ${SPC_OPT_BUILD_ARGS} "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" fi if ! type "go" >/dev/null 2>&1; then @@ -166,7 +203,12 @@ curl -f --retry 5 "${curlGitHubHeaders[@]}" https://api.github.com/repos/e-dant/ xargs curl -fL --retry 5 "${curlGitHubHeaders[@]}" | tar xz --strip-components 1 cd watcher-c -cc -c -o libwatcher-c.o ./src/watcher-c.cpp -I ./include -I ../include -std=c++17 -Wall -Wextra "${fpic}" +if [ -z "${CC}" ]; then + watcherCC=cc +else + watcherCC="${CC}" +fi +${watcherCC} -c -o libwatcher-c.o ./src/watcher-c.cpp -I ./include -I ../include -std=c++17 -Wall -Wextra "${fpic}" ar rcs libwatcher-c.a libwatcher-c.o cp libwatcher-c.a ../../buildroot/lib/libwatcher-c.a mkdir -p ../../buildroot/include/wtr @@ -302,9 +344,15 @@ fi go env cd caddy/ +if [ -z "${SPC_BUILD_GNU}" ]; then + xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,static_build,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-static-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" +else + xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" +fi + # shellcheck disable=SC2086 CGO_ENABLED=1 \ - XCADDY_GO_BUILD_FLAGS="-buildmode=pie -tags cgo,netgo,osusergo,static_build,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-static-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" \ + XCADDY_GO_BUILD_FLAGS=${xcaddyGoBuildFlags} \ XCADDY_DEBUG="${XCADDY_DEBUG}" \ ${XCADDY_COMMAND} build \ --output "../dist/${bin}" \ diff --git a/gnu-static.Dockerfile b/gnu-static.Dockerfile new file mode 100644 index 0000000000..ff5e29fe3f --- /dev/null +++ b/gnu-static.Dockerfile @@ -0,0 +1,134 @@ +FROM centos:7 + +ARG FRANKENPHP_VERSION='' +ENV FRANKENPHP_VERSION=${FRANKENPHP_VERSION} + +ARG PHP_VERSION='' +ENV PHP_VERSION=${PHP_VERSION} + +# args passed to static-php-cli +ARG PHP_EXTENSIONS='' +ARG PHP_EXTENSION_LIBS='' + +# args passed to xcaddy +ARG XCADDY_ARGS='' +ARG CLEAN='' +ARG EMBED='' +ARG DEBUG_SYMBOLS='' +ARG MIMALLOC='' +ARG NO_COMPRESS='' + +# go version +ENV GO_VERSION=1.24.1 + +# labels, same as static-builder.Dockerfile +LABEL org.opencontainers.image.title=FrankenPHP +LABEL org.opencontainers.image.description="The modern PHP app server" +LABEL org.opencontainers.image.url=https://frankenphp.dev +LABEL org.opencontainers.image.source=https://github.com/dunglas/frankenphp +LABEL org.opencontainers.image.licenses=MIT +LABEL org.opencontainers.image.vendor="Kévin Dunglas" + +# yum update +RUN sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \ + sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && \ + sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo && \ + yum clean all && \ + yum makecache && \ + yum update -y && \ + yum install -y centos-release-scl + +# different arch for different scl repo +RUN if [ "$(uname -m)" = "aarch64" ]; then \ + sed -i 's|mirror.centos.org/centos|vault.centos.org/altarch|g' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo ; \ + sed -i 's|mirror.centos.org/centos|vault.centos.org/altarch|g' /etc/yum.repos.d/CentOS-SCLo-scl.repo ; \ + sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo ; \ + sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo ; \ + else \ + sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo ; \ + sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo ; \ + sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo ; \ + fi ; \ + yum update -y && \ + yum install -y devtoolset-10-gcc-* && \ + echo "source scl_source enable devtoolset-10" >> /etc/bashrc && \ + source /etc/bashrc + +# install newer cmake to build some newer libs +RUN curl -o cmake.tgz -fsSL https://github.com/Kitware/CMake/releases/download/v3.31.4/cmake-3.31.4-linux-$(uname -m).tar.gz && \ + mkdir /cmake && \ + tar -xzf cmake.tgz -C /cmake --strip-components 1 && \ + rm cmake.tgz + +# install build essentials +RUN yum install -y \ + perl \ + make \ + bison \ + flex \ + git \ + autoconf \ + automake \ + tar \ + unzip \ + gzip \ + gcc \ + bzip2 \ + patch \ + xz \ + libtool \ + perl-IPC-Cmd ; \ + curl -o make.tgz -fsSL https://ftp.gnu.org/gnu/make/make-4.4.tar.gz && \ + tar -zxvf make.tgz && \ + rm make.tgz && \ + cd make-4.4 && \ + ./configure && \ + make && \ + make install && \ + ln -sf /usr/local/bin/make /usr/bin/make ; \ + if [ "$(uname -m)" = "aarch64" ]; then \ + GO_ARCH="arm64" ; \ + else \ + GO_ARCH="amd64" ; \ + fi ; \ + curl -o go.tgz -fsSL https://go.dev/dl/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \ + rm -rf /usr/local/go && \ + tar -C /usr/local -xzf go.tgz && \ + rm go.tgz && \ + /usr/local/go/bin/go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest + +ENV PATH="/cmake/bin:/usr/local/go/bin:$PATH" + +# Apply gnu mode +ENV SPC_SKIP_DOCTOR_CHECK_ITEMS='if musl-wrapper is installed,if musl-cross-make is installed' +ENV CC='/opt/rh/devtoolset-10/root/usr/bin/gcc' +ENV CXX='/opt/rh/devtoolset-10/root/usr/bin/g++' +ENV AR='/opt/rh/devtoolset-10/root/usr/bin/ar' +ENV LD='/opt/rh/devtoolset-10/root/usr/bin/ld' +ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC' +ENV SPC_NO_MUSL_PATH='yes' +ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O1 -pie' +ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS='-ldl -lpthread -lm -lresolv -lutil -lrt' +ENV SPC_OPT_DOWNLOAD_ARGS='--debug --ignore-cache-sources=php-src' +ENV SPC_OPT_BUILD_ARGS='--debug --libc=glibc' +ENV SPC_REL_TYPE='binary' +ENV SPC_BUILD_GNU='yes' + +# not sure if this is needed +ENV COMPOSER_ALLOW_SUPERUSER=1 + +WORKDIR /go/src/app +COPY go.mod go.sum ./ +RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get + +WORKDIR /go/src/app/caddy +COPY caddy/go.mod caddy/go.sum ./ +RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get + +WORKDIR /go/src/app +COPY --link *.* ./ +COPY --link caddy caddy +COPY --link internal internal + +RUN --mount=type=secret,id=github-token ./build-static.sh && \ + rm -Rf dist/static-php-cli/source/* From 1f3542bfa660d6ab45b77483d177a9d034b92531 Mon Sep 17 00:00:00 2001 From: crazywhalecc Date: Fri, 14 Mar 2025 19:03:33 +0800 Subject: [PATCH 02/23] Remove --libc option --- build-static.sh | 10 +++------- gnu-static.Dockerfile | 6 ++---- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/build-static.sh b/build-static.sh index 3238aebc02..12205ad43f 100755 --- a/build-static.sh +++ b/build-static.sh @@ -25,7 +25,7 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')" # - SPC_REL_TYPE: Release type to download (accept "source" and "binary", default: "source") # - SPC_OPT_BUILD_ARGS: Additional arguments to pass to spc build # - SPC_OPT_DOWNLOAD_ARGS: Additional arguments to pass to spc download -# - SPC_BUILD_GNU: Set to 1 to build with GNU toolchain (default: musl toolchain) +# - SPC_LIBC: Set to glibc to build with GNU toolchain (default: musl) # init spc command, if we use spc binary, just use it instead of fetching source if [ -z "${SPC_REL_TYPE}" ]; then @@ -39,10 +39,6 @@ fi if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" fi -# linux build need to disable opcache jit -if [ "${os}" = "linux" ]; then - SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --disable-opcache-jit" -fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --no-strip" @@ -344,9 +340,9 @@ fi go env cd caddy/ -if [ -z "${SPC_BUILD_GNU}" ]; then +if [ -z "${SPC_LIBC}" ] || [ "${SPC_LIBC}" = "musl" ]; then xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,static_build,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-static-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" -else +elif [ "${SPC_LIBC}" = "glibc" ]; then xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" fi diff --git a/gnu-static.Dockerfile b/gnu-static.Dockerfile index ff5e29fe3f..97898d62aa 100644 --- a/gnu-static.Dockerfile +++ b/gnu-static.Dockerfile @@ -100,19 +100,17 @@ RUN yum install -y \ ENV PATH="/cmake/bin:/usr/local/go/bin:$PATH" # Apply gnu mode -ENV SPC_SKIP_DOCTOR_CHECK_ITEMS='if musl-wrapper is installed,if musl-cross-make is installed' ENV CC='/opt/rh/devtoolset-10/root/usr/bin/gcc' ENV CXX='/opt/rh/devtoolset-10/root/usr/bin/g++' ENV AR='/opt/rh/devtoolset-10/root/usr/bin/ar' ENV LD='/opt/rh/devtoolset-10/root/usr/bin/ld' ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC' -ENV SPC_NO_MUSL_PATH='yes' +ENV SPC_LIBC='glibc' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O1 -pie' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS='-ldl -lpthread -lm -lresolv -lutil -lrt' ENV SPC_OPT_DOWNLOAD_ARGS='--debug --ignore-cache-sources=php-src' -ENV SPC_OPT_BUILD_ARGS='--debug --libc=glibc' +ENV SPC_OPT_BUILD_ARGS='--debug' ENV SPC_REL_TYPE='binary' -ENV SPC_BUILD_GNU='yes' # not sure if this is needed ENV COMPOSER_ALLOW_SUPERUSER=1 From f3d9e3a9f9b6ac98aa58dd20ae5a0c0e99b55bce Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 08:51:04 +0700 Subject: [PATCH 03/23] configure ./build-static.sh to allow extension loading with glibc --- build-static.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/build-static.sh b/build-static.sh index 12205ad43f..1086844c57 100755 --- a/build-static.sh +++ b/build-static.sh @@ -48,7 +48,7 @@ if [ -z "${PHP_VERSION}" ]; then export PHP_VERSION="8.4" fi # default extension set -defaultExtensions="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" +defaultExtensions="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,ffi,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" defaultExtensionLibs="bzip2,freetype,libavif,libjpeg,liblz4,libwebp,libzip,nghttp2" md5binary="md5sum" @@ -226,12 +226,19 @@ if [ "${os}" = "mac" ]; then elif [ "${os}" = "linux" ] && [ -z "${DEBUG_SYMBOLS}" ]; then CGO_LDFLAGS="-Wl,-O1 -pie" fi +if [ "${os}" = "linux" ] && [ "${SPC_LIBC}" = "glibc" ]; then + CGO_LDFLAGS="${CGO_LDFLAGS} -Wl,--allow-multiple-definition -Wl,--export-dynamic" +fi CGO_LDFLAGS="${CGO_LDFLAGS} ${PWD}/buildroot/lib/libbrotlicommon.a ${PWD}/buildroot/lib/libbrotlienc.a ${PWD}/buildroot/lib/libbrotlidec.a ${PWD}/buildroot/lib/libwatcher-c.a $(${spcCommand} spc-config "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" --libs)" if [ "${os}" = "linux" ]; then if echo "${PHP_EXTENSIONS}" | grep -qE "\b(intl|imagick|grpc|v8js|protobuf|mongodb|tbb)\b"; then CGO_LDFLAGS="${CGO_LDFLAGS} -lstdc++" fi + if [ "${SPC_LIBC}" = "glibc" ]; then + CGO_LDFLAGS=$(echo "$CGO_LDFLAGS" | sed 's|-lphp|-Wl,--whole-archive -lphp -Wl,--no-whole-archive|g') + ar d ${PWD}/buildroot/lib/libphp.a $(ar t ${PWD}/buildroot/lib/libphp.a | grep '\.a$') + fi fi export CGO_LDFLAGS From 8ed15126f1203abbfc4e8278f350cba61c3f1c4b Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 09:03:46 +0700 Subject: [PATCH 04/23] use tabs everywhere --- build-static.sh | 112 ++++++++++++++++++++++++------------------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/build-static.sh b/build-static.sh index 1086844c57..7eec4d3ee1 100755 --- a/build-static.sh +++ b/build-static.sh @@ -29,19 +29,19 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')" # init spc command, if we use spc binary, just use it instead of fetching source if [ -z "${SPC_REL_TYPE}" ]; then - SPC_REL_TYPE="source" + SPC_REL_TYPE="source" fi # init spc build additional args if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then - SPC_OPT_BUILD_ARGS="--debug" + SPC_OPT_BUILD_ARGS="--debug" fi # init spc download additional args if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then - SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" + SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then - SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --no-strip" + SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --no-strip" fi # php version to build if [ -z "${PHP_VERSION}" ]; then @@ -83,11 +83,11 @@ elif [ -d ".git/" ]; then if echo "${FRANKENPHP_VERSION}" | grep -F -q "."; then # Tag - + # Trim "v" prefix if any FRANKENPHP_VERSION=${FRANKENPHP_VERSION#v} export FRANKENPHP_VERSION - + git checkout "v${FRANKENPHP_VERSION}" else git checkout "${FRANKENPHP_VERSION}" @@ -129,42 +129,42 @@ else fi if [ "${SPC_REL_TYPE}" = "binary" ]; then - mkdir static-php-cli/ - cd static-php-cli/ - curl -o spc -fsSL https://dl.static-php.dev/static-php-cli/spc-bin/nightly/spc-linux-$(uname -m) - chmod +x spc - spcCommand="./spc" - elif [ -d "static-php-cli/src" ]; then - cd static-php-cli/ - git pull - composer install --no-dev -a - spcCommand="./bin/spc" - else - git clone --depth 1 https://github.com/crazywhalecc/static-php-cli --branch main - cd static-php-cli/ - composer install --no-dev -a - spcCommand="./bin/spc" - fi - - # extensions to build - if [ -z "${PHP_EXTENSIONS}" ]; then - # enable EMBED mode, first check if project has dumped extensions - if [ -n "${EMBED}" ] && [ -f "${EMBED}/composer.json" ] && [ -f "${EMBED}/composer.lock" ] && [ -f "${EMBED}/vendor/installed.json" ]; then - cd "${EMBED}" - # read the extensions using spc dump-extensions - PHP_EXTENSIONS=$(${spcCommand} dump-extensions "${EMBED}" --format=text --no-dev --no-ext-output="${defaultExtensions}") - else - PHP_EXTENSIONS="${defaultExtensions}" - fi - fi - # additional libs to build - if [ -z "${PHP_EXTENSION_LIBS}" ]; then - PHP_EXTENSION_LIBS="${defaultExtensionLibs}" - fi - # The Brotli library must always be built as it is required by http://github.com/dunglas/caddy-cbrotli - if ! echo "${PHP_EXTENSION_LIBS}" | grep -q "\bbrotli\b"; then - PHP_EXTENSION_LIBS="${PHP_EXTENSION_LIBS},brotli" - fi + mkdir static-php-cli/ + cd static-php-cli/ + curl -o spc -fsSL https://dl.static-php.dev/static-php-cli/spc-bin/nightly/spc-linux-$(uname -m) + chmod +x spc + spcCommand="./spc" + elif [ -d "static-php-cli/src" ]; then + cd static-php-cli/ + git pull + composer install --no-dev -a + spcCommand="./bin/spc" + else + git clone --depth 1 https://github.com/crazywhalecc/static-php-cli --branch main + cd static-php-cli/ + composer install --no-dev -a + spcCommand="./bin/spc" + fi + + # extensions to build + if [ -z "${PHP_EXTENSIONS}" ]; then + # enable EMBED mode, first check if project has dumped extensions + if [ -n "${EMBED}" ] && [ -f "${EMBED}/composer.json" ] && [ -f "${EMBED}/composer.lock" ] && [ -f "${EMBED}/vendor/installed.json" ]; then + cd "${EMBED}" + # read the extensions using spc dump-extensions + PHP_EXTENSIONS=$(${spcCommand} dump-extensions "${EMBED}" --format=text --no-dev --no-ext-output="${defaultExtensions}") + else + PHP_EXTENSIONS="${defaultExtensions}" + fi + fi + # additional libs to build + if [ -z "${PHP_EXTENSION_LIBS}" ]; then + PHP_EXTENSION_LIBS="${defaultExtensionLibs}" + fi + # The Brotli library must always be built as it is required by http://github.com/dunglas/caddy-cbrotli + if ! echo "${PHP_EXTENSION_LIBS}" | grep -q "\bbrotli\b"; then + PHP_EXTENSION_LIBS="${PHP_EXTENSION_LIBS},brotli" + fi ${spcCommand} doctor --auto-fix ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" ${SPC_OPT_DOWNLOAD_ARGS} @@ -192,17 +192,17 @@ fi mkdir -p watcher cd watcher curl -f --retry 5 "${curlGitHubHeaders[@]}" https://api.github.com/repos/e-dant/watcher/releases/latest | - grep tarball_url | - awk '{ print $2 }' | - sed 's/,$//' | - sed 's/"//g' | - xargs curl -fL --retry 5 "${curlGitHubHeaders[@]}" | - tar xz --strip-components 1 +grep tarball_url | +awk '{ print $2 }' | +sed 's/,$//' | +sed 's/"//g' | +xargs curl -fL --retry 5 "${curlGitHubHeaders[@]}" | +tar xz --strip-components 1 cd watcher-c if [ -z "${CC}" ]; then - watcherCC=cc + watcherCC=cc else - watcherCC="${CC}" + watcherCC="${CC}" fi ${watcherCC} -c -o libwatcher-c.o ./src/watcher-c.cpp -I ./include -I ../include -std=c++17 -Wall -Wextra "${fpic}" ar rcs libwatcher-c.a libwatcher-c.o @@ -227,7 +227,7 @@ elif [ "${os}" = "linux" ] && [ -z "${DEBUG_SYMBOLS}" ]; then CGO_LDFLAGS="-Wl,-O1 -pie" fi if [ "${os}" = "linux" ] && [ "${SPC_LIBC}" = "glibc" ]; then - CGO_LDFLAGS="${CGO_LDFLAGS} -Wl,--allow-multiple-definition -Wl,--export-dynamic" + CGO_LDFLAGS="${CGO_LDFLAGS} -Wl,--allow-multiple-definition -Wl,--export-dynamic" fi CGO_LDFLAGS="${CGO_LDFLAGS} ${PWD}/buildroot/lib/libbrotlicommon.a ${PWD}/buildroot/lib/libbrotlienc.a ${PWD}/buildroot/lib/libbrotlidec.a ${PWD}/buildroot/lib/libwatcher-c.a $(${spcCommand} spc-config "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" --libs)" @@ -236,9 +236,9 @@ if [ "${os}" = "linux" ]; then CGO_LDFLAGS="${CGO_LDFLAGS} -lstdc++" fi if [ "${SPC_LIBC}" = "glibc" ]; then - CGO_LDFLAGS=$(echo "$CGO_LDFLAGS" | sed 's|-lphp|-Wl,--whole-archive -lphp -Wl,--no-whole-archive|g') - ar d ${PWD}/buildroot/lib/libphp.a $(ar t ${PWD}/buildroot/lib/libphp.a | grep '\.a$') - fi + CGO_LDFLAGS=$(echo "$CGO_LDFLAGS" | sed 's|-lphp|-Wl,--whole-archive -lphp -Wl,--no-whole-archive|g') + ar d ${PWD}/buildroot/lib/libphp.a $(ar t ${PWD}/buildroot/lib/libphp.a | grep '\.a$') + fi fi export CGO_LDFLAGS @@ -348,9 +348,9 @@ fi go env cd caddy/ if [ -z "${SPC_LIBC}" ] || [ "${SPC_LIBC}" = "musl" ]; then - xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,static_build,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-static-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" + xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,static_build,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-static-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" elif [ "${SPC_LIBC}" = "glibc" ]; then - xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" + xcaddyGoBuildFlags="-buildmode=pie -tags cgo,netgo,osusergo,nobadger,nomysql,nopgx -ldflags \"-linkmode=external -extldflags '-pie ${extraExtldflags}' ${extraLdflags} -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP ${FRANKENPHP_VERSION} PHP ${LIBPHP_VERSION} Caddy'\"" fi # shellcheck disable=SC2086 From 0ac220f75f4cf4b1b984c62db31efdabb3d4cb76 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 09:07:57 +0700 Subject: [PATCH 05/23] do not use prebuilt sources for glibc build --- build-static.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/build-static.sh b/build-static.sh index 7eec4d3ee1..4ca8ae6f7f 100755 --- a/build-static.sh +++ b/build-static.sh @@ -29,15 +29,19 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')" # init spc command, if we use spc binary, just use it instead of fetching source if [ -z "${SPC_REL_TYPE}" ]; then - SPC_REL_TYPE="source" + SPC_REL_TYPE="source" fi # init spc build additional args if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then - SPC_OPT_BUILD_ARGS="--debug" + SPC_OPT_BUILD_ARGS="--debug" fi # init spc download additional args if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then + if [ "${os}" = "linux" ] && [ "${SPC_LIBC}" = "glibc" ]; then + SPC_OPT_DOWNLOAD_ARGS="--debug --ignore-cache-sources=php-src" + else SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" + fi fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then From 99f3d8c6189221eb820999aafd5d19002f59442d Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 09:29:56 +0700 Subject: [PATCH 06/23] ffi does not work with musl builds --- build-static.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build-static.sh b/build-static.sh index 4ca8ae6f7f..a9d5d65d7c 100755 --- a/build-static.sh +++ b/build-static.sh @@ -52,7 +52,10 @@ if [ -z "${PHP_VERSION}" ]; then export PHP_VERSION="8.4" fi # default extension set -defaultExtensions="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,ffi,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" +defaultExtensions="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" +if [ "${os}" != "linux" ] || [ "${SPC_LIBC}" = "glibc" ]; then + defaultExtensions="${defaultExtensions},ffi" +fi defaultExtensionLibs="bzip2,freetype,libavif,libjpeg,liblz4,libwebp,libzip,nghttp2" md5binary="md5sum" From 7576d814b46f911f46f5d2bb00912fbb11da1ca5 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 09:32:12 +0700 Subject: [PATCH 07/23] remove unnecessary tabs --- build-static.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build-static.sh b/build-static.sh index a9d5d65d7c..5ae54ffb4d 100755 --- a/build-static.sh +++ b/build-static.sh @@ -90,11 +90,11 @@ elif [ -d ".git/" ]; then if echo "${FRANKENPHP_VERSION}" | grep -F -q "."; then # Tag - + # Trim "v" prefix if any FRANKENPHP_VERSION=${FRANKENPHP_VERSION#v} export FRANKENPHP_VERSION - + git checkout "v${FRANKENPHP_VERSION}" else git checkout "${FRANKENPHP_VERSION}" From 0aa0779a1de016cfa38cb8b35005650f486206b1 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 10:58:30 +0700 Subject: [PATCH 08/23] disable opcache jit on musl --- build-static.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build-static.sh b/build-static.sh index 5ae54ffb4d..3fc1cdbd23 100755 --- a/build-static.sh +++ b/build-static.sh @@ -42,6 +42,9 @@ if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then else SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" fi + if [ "${SPC_LIBC}" = "musl" ]; then + SPC_OPT_DOWNLOAD_ARGS="${SPC_OPT_DOWNLOAD_ARGS} --disable-opcache-jit" + fi fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then From 2ac9e3150aff4f5d5bf247d974a650b0f7cd62b5 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 11:03:17 +0700 Subject: [PATCH 09/23] disable opcache jit on musl again --- build-static.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/build-static.sh b/build-static.sh index 3fc1cdbd23..c770757422 100755 --- a/build-static.sh +++ b/build-static.sh @@ -35,16 +35,22 @@ fi if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then SPC_OPT_BUILD_ARGS="--debug" fi +# init spc libc +if [ -z "${SPC_LIBC}" ]; then + if [ "${os}" = "linux" ]; then + SPC_LIBC="musl" + fi +fi # init spc download additional args if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then - if [ "${os}" = "linux" ] && [ "${SPC_LIBC}" = "glibc" ]; then + if [ "${SPC_LIBC}" = "glibc" ]; then SPC_OPT_DOWNLOAD_ARGS="--debug --ignore-cache-sources=php-src" else SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" fi if [ "${SPC_LIBC}" = "musl" ]; then SPC_OPT_DOWNLOAD_ARGS="${SPC_OPT_DOWNLOAD_ARGS} --disable-opcache-jit" - fi + fi fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then From 6159703082ab18e94969cf0254a7edf1d2854a05 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 11:05:57 +0700 Subject: [PATCH 10/23] err, build command, not download command --- build-static.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/build-static.sh b/build-static.sh index c770757422..8425167b5d 100755 --- a/build-static.sh +++ b/build-static.sh @@ -31,16 +31,19 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')" if [ -z "${SPC_REL_TYPE}" ]; then SPC_REL_TYPE="source" fi -# init spc build additional args -if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then - SPC_OPT_BUILD_ARGS="--debug" -fi # init spc libc if [ -z "${SPC_LIBC}" ]; then if [ "${os}" = "linux" ]; then SPC_LIBC="musl" fi fi +# init spc build additional args +if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then + SPC_OPT_BUILD_ARGS="--debug" + if [ "${SPC_LIBC}" = "musl" ]; then + SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --disable-opcache-jit" + fi +fi # init spc download additional args if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then if [ "${SPC_LIBC}" = "glibc" ]; then @@ -48,9 +51,6 @@ if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then else SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" fi - if [ "${SPC_LIBC}" = "musl" ]; then - SPC_OPT_DOWNLOAD_ARGS="${SPC_OPT_DOWNLOAD_ARGS} --disable-opcache-jit" - fi fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then From b2d956d3f132645ac2dbe1a3a54353c009768e30 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 11:51:45 +0700 Subject: [PATCH 11/23] cs fixes --- build-static.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/build-static.sh b/build-static.sh index 8425167b5d..170255dbd3 100755 --- a/build-static.sh +++ b/build-static.sh @@ -147,7 +147,7 @@ else if [ "${SPC_REL_TYPE}" = "binary" ]; then mkdir static-php-cli/ cd static-php-cli/ - curl -o spc -fsSL https://dl.static-php.dev/static-php-cli/spc-bin/nightly/spc-linux-$(uname -m) + curl -o spc -fsSL "https://dl.static-php.dev/static-php-cli/spc-bin/nightly/spc-linux-$(uname -m)" chmod +x spc spcCommand="./spc" elif [ -d "static-php-cli/src" ]; then @@ -183,9 +183,9 @@ else fi ${spcCommand} doctor --auto-fix - ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" ${SPC_OPT_DOWNLOAD_ARGS} + ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" "${SPC_OPT_DOWNLOAD_ARGS}" # shellcheck disable=SC2086 - ${spcCommand} build --enable-zts --build-embed ${SPC_OPT_BUILD_ARGS} "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" + ${spcCommand} build --enable-zts --build-embed "${SPC_OPT_BUILD_ARGS}" "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" fi if ! type "go" >/dev/null 2>&1; then @@ -252,8 +252,8 @@ if [ "${os}" = "linux" ]; then CGO_LDFLAGS="${CGO_LDFLAGS} -lstdc++" fi if [ "${SPC_LIBC}" = "glibc" ]; then - CGO_LDFLAGS=$(echo "$CGO_LDFLAGS" | sed 's|-lphp|-Wl,--whole-archive -lphp -Wl,--no-whole-archive|g') - ar d ${PWD}/buildroot/lib/libphp.a $(ar t ${PWD}/buildroot/lib/libphp.a | grep '\.a$') + CGO_LDFLAGS="${CGO_LDFLAGS//-lphp/-Wl,--whole-archive -lphp -Wl,--no-whole-archive}" + ar d "${PWD}/buildroot/lib/libphp.a" "$(ar t "${PWD}/buildroot/lib/libphp.a" | grep '\.a$')" fi fi From 81c09e5dd90d9dcf0dacff78e1d9efa8683c8174 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 12:03:26 +0700 Subject: [PATCH 12/23] spellcheck --- build-static.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/build-static.sh b/build-static.sh index 170255dbd3..afbb49cf30 100755 --- a/build-static.sh +++ b/build-static.sh @@ -183,9 +183,10 @@ else fi ${spcCommand} doctor --auto-fix - ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" "${SPC_OPT_DOWNLOAD_ARGS}" # shellcheck disable=SC2086 - ${spcCommand} build --enable-zts --build-embed "${SPC_OPT_BUILD_ARGS}" "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" + ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" ${SPC_OPT_DOWNLOAD_ARGS} + # shellcheck disable=SC2086 + ${spcCommand} build --enable-zts --build-embed ${SPC_OPT_BUILD_ARGS} "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" fi if ! type "go" >/dev/null 2>&1; then From a3bb46b88022ffd48c2b4e5c88146860a69ea355 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 12:42:07 +0700 Subject: [PATCH 13/23] even more cs fixes --- build-static.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/build-static.sh b/build-static.sh index afbb49cf30..bee17682b4 100755 --- a/build-static.sh +++ b/build-static.sh @@ -54,7 +54,7 @@ if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then fi # if we need debug symbols, disable strip if [ -n "${DEBUG_SYMBOLS}" ]; then - SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --no-strip" + SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --no-strip" fi # php version to build if [ -z "${PHP_VERSION}" ]; then @@ -184,7 +184,7 @@ else ${spcCommand} doctor --auto-fix # shellcheck disable=SC2086 - ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" ${SPC_OPT_DOWNLOAD_ARGS} + ${spcCommand} download --with-php="${PHP_VERSION}" --for-extensions="${PHP_EXTENSIONS}" --for-libs="${PHP_EXTENSION_LIBS}" ${SPC_OPT_DOWNLOAD_ARGS} # shellcheck disable=SC2086 ${spcCommand} build --enable-zts --build-embed ${SPC_OPT_BUILD_ARGS} "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" fi @@ -209,17 +209,17 @@ fi mkdir -p watcher cd watcher curl -f --retry 5 "${curlGitHubHeaders[@]}" https://api.github.com/repos/e-dant/watcher/releases/latest | -grep tarball_url | -awk '{ print $2 }' | -sed 's/,$//' | -sed 's/"//g' | -xargs curl -fL --retry 5 "${curlGitHubHeaders[@]}" | -tar xz --strip-components 1 + grep tarball_url | + awk '{ print $2 }' | + sed 's/,$//' | + sed 's/"//g' | + xargs curl -fL --retry 5 "${curlGitHubHeaders[@]}" | + tar xz --strip-components 1 cd watcher-c if [ -z "${CC}" ]; then - watcherCC=cc + watcherCC=cc else - watcherCC="${CC}" + watcherCC="${CC}" fi ${watcherCC} -c -o libwatcher-c.o ./src/watcher-c.cpp -I ./include -I ../include -std=c++17 -Wall -Wextra "${fpic}" ar rcs libwatcher-c.a libwatcher-c.o From fb63d5e70910c3c5e511dd615378ba9a70b3f25e Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 16:56:20 +0700 Subject: [PATCH 14/23] fix ar removing .a libs --- build-static.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/build-static.sh b/build-static.sh index bee17682b4..991775b590 100755 --- a/build-static.sh +++ b/build-static.sh @@ -248,14 +248,10 @@ if [ "${os}" = "linux" ] && [ "${SPC_LIBC}" = "glibc" ]; then fi CGO_LDFLAGS="${CGO_LDFLAGS} ${PWD}/buildroot/lib/libbrotlicommon.a ${PWD}/buildroot/lib/libbrotlienc.a ${PWD}/buildroot/lib/libbrotlidec.a ${PWD}/buildroot/lib/libwatcher-c.a $(${spcCommand} spc-config "${PHP_EXTENSIONS}" --with-libs="${PHP_EXTENSION_LIBS}" --libs)" -if [ "${os}" = "linux" ]; then - if echo "${PHP_EXTENSIONS}" | grep -qE "\b(intl|imagick|grpc|v8js|protobuf|mongodb|tbb)\b"; then - CGO_LDFLAGS="${CGO_LDFLAGS} -lstdc++" - fi - if [ "${SPC_LIBC}" = "glibc" ]; then - CGO_LDFLAGS="${CGO_LDFLAGS//-lphp/-Wl,--whole-archive -lphp -Wl,--no-whole-archive}" - ar d "${PWD}/buildroot/lib/libphp.a" "$(ar t "${PWD}/buildroot/lib/libphp.a" | grep '\.a$')" - fi +if [ "${os}" = "linux" ] && [ "${SPC_LIBC}" = "glibc" ]; then + CGO_LDFLAGS="${CGO_LDFLAGS//-lphp/-Wl,--whole-archive -lphp -Wl,--no-whole-archive}" + # shellcheck disable=SC2046 + ar d "${PWD}/buildroot/lib/libphp.a" $(ar t "${PWD}/buildroot/lib/libphp.a" | grep '\.a$') fi export CGO_LDFLAGS From 4558e2aee66eb5f768581f2d27528689796fd31b Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Thu, 20 Mar 2025 23:20:46 +0700 Subject: [PATCH 15/23] disable ffi extension for now --- build-static.sh | 14 +++++++------- gnu-static.Dockerfile | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/build-static.sh b/build-static.sh index 991775b590..15945c6d77 100755 --- a/build-static.sh +++ b/build-static.sh @@ -39,17 +39,17 @@ if [ -z "${SPC_LIBC}" ]; then fi # init spc build additional args if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then - SPC_OPT_BUILD_ARGS="--debug" + SPC_OPT_BUILD_ARGS="" if [ "${SPC_LIBC}" = "musl" ]; then SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --disable-opcache-jit" fi fi # init spc download additional args if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then - if [ "${SPC_LIBC}" = "glibc" ]; then - SPC_OPT_DOWNLOAD_ARGS="--debug --ignore-cache-sources=php-src" + if [ "${SPC_LIBC}" = "musl" ]; then + SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --ignore-cache-sources=php-src" else - SPC_OPT_DOWNLOAD_ARGS="--prefer-pre-built --debug --ignore-cache-sources=php-src" + SPC_OPT_DOWNLOAD_ARGS="--ignore-cache-sources=php-src" fi fi # if we need debug symbols, disable strip @@ -62,9 +62,9 @@ if [ -z "${PHP_VERSION}" ]; then fi # default extension set defaultExtensions="apcu,bcmath,bz2,calendar,ctype,curl,dba,dom,exif,fileinfo,filter,ftp,gd,gmp,gettext,iconv,igbinary,imagick,intl,ldap,mbregex,mbstring,mysqli,mysqlnd,opcache,openssl,parallel,pcntl,pdo,pdo_mysql,pdo_pgsql,pdo_sqlite,pgsql,phar,posix,protobuf,readline,redis,session,shmop,simplexml,soap,sockets,sodium,sqlite3,ssh2,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,xlswriter,xml,xmlreader,xmlwriter,zip,zlib,yaml,zstd" -if [ "${os}" != "linux" ] || [ "${SPC_LIBC}" = "glibc" ]; then - defaultExtensions="${defaultExtensions},ffi" -fi +# if [ "${os}" != "linux" ] || [ "${SPC_LIBC}" = "glibc" ]; then +# defaultExtensions="${defaultExtensions},ffi" +# fi defaultExtensionLibs="bzip2,freetype,libavif,libjpeg,liblz4,libwebp,libzip,nghttp2" md5binary="md5sum" diff --git a/gnu-static.Dockerfile b/gnu-static.Dockerfile index 97898d62aa..0b8c130f25 100644 --- a/gnu-static.Dockerfile +++ b/gnu-static.Dockerfile @@ -108,8 +108,8 @@ ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC' ENV SPC_LIBC='glibc' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O1 -pie' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS='-ldl -lpthread -lm -lresolv -lutil -lrt' -ENV SPC_OPT_DOWNLOAD_ARGS='--debug --ignore-cache-sources=php-src' -ENV SPC_OPT_BUILD_ARGS='--debug' +ENV SPC_OPT_DOWNLOAD_ARGS='--ignore-cache-sources=php-src' +ENV SPC_OPT_BUILD_ARGS='' ENV SPC_REL_TYPE='binary' # not sure if this is needed From e01f5955bb9e83442e724c621e52eff96572179c Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 08:58:34 +0700 Subject: [PATCH 16/23] add gnu static action --- .github/workflows/static.yaml | 124 ++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index 8b32cc9b6e..cf816b3da0 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -36,6 +36,7 @@ jobs: push: ${{ toJson((steps.check.outputs.ref || (github.event_name == 'workflow_dispatch' && inputs.version) || startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main' && github.event_name != 'pull_request')) && true || false) }} platforms: ${{ steps.matrix.outputs.platforms }} metadata: ${{ steps.matrix.outputs.metadata }} + gnu_metadata: ${{ steps.matrix.outputs.gnu_metadata }} ref: ${{ steps.check.outputs.ref }} steps: - name: Get version @@ -59,9 +60,11 @@ jobs: id: matrix run: | METADATA="$(docker buildx bake --print static-builder | jq -c)" + GNU_METADATA="$(docker buildx bake --print gnu-static | jq -c)" { echo metadata="${METADATA}" echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")" + echo gnu_metadata="${GNU_METADATA}" } >> "${GITHUB_OUTPUT}" env: SHA: ${{ github.sha }} @@ -177,12 +180,113 @@ jobs: env: BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} + build-linux-gnu: + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.prepare.outputs.platforms) }} + name: Build ${{ matrix.platform }} GNU static binary + runs-on: ubuntu-24.04 + needs: [prepare] + steps: + - name: Prepare + id: prepare + run: | + platform=${{ matrix.platform }} + echo "sanitized_platform=${platform//\//-}" >> "${GITHUB_OUTPUT}" + - uses: actions/checkout@v4 + with: + ref: ${{ needs.prepare.outputs.ref }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: ${{ matrix.platform }} + - name: Login to DockerHub + if: ${{ fromJson(needs.prepare.outputs.push) }} + uses: docker/login-action@v3 + with: + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Build + id: build + uses: docker/bake-action@v6 + with: + pull: true + load: ${{ !fromJson(needs.prepare.outputs.push) }} + targets: gnu-static + set: | + ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'gnu-static.args.NO_COMPRESS=1' || '' }} + *.tags= + *.platform=${{ matrix.platform }} + *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-gnu-static + *.cache-from=type=gha,scope=refs/heads/main-gnu-static + *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-gnu-static,ignore-error=true + ${{ fromJson(needs.prepare.outputs.push) && format('*.output=type=image,name={0}-gnu,push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }} + env: + SHA: ${{ github.sha }} + VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || 'dev' }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600 + name: Export metadata + if: fromJson(needs.prepare.outputs.push) + run: | + mkdir -p /tmp/metadata-gnu + + # shellcheck disable=SC2086 + digest=$(jq -r '."gnu-static"."containerimage.digest"' <<< ${METADATA}) + touch "/tmp/metadata-gnu/${digest#sha256:}" + env: + METADATA: ${{ steps.build.outputs.metadata }} + - name: Upload metadata + if: fromJson(needs.prepare.outputs.push) + uses: actions/upload-artifact@v4 + with: + name: metadata-gnu-static-${{ steps.prepare.outputs.sanitized_platform }} + path: /tmp/metadata-gnu/* + if-no-files-found: error + retention-days: 1 + - name: Copy binary + run: | + # shellcheck disable=SC2034 + digest=$(jq -r '."gnu-static"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") + docker create --platform=${{ matrix.platform }} --name gnu-static "${{ fromJson(needs.prepare.outputs.push) && format('{0}-gnu@{1}', env.IMAGE_NAME, '${digest}') || '${digest}' }}" + docker cp "gnu-static:/go/src/app/dist/${BINARY}" "${BINARY}-gnu" + env: + METADATA: ${{ steps.build.outputs.metadata }} + BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} + - name: Upload artifact + if: ${{ !fromJson(needs.prepare.outputs.push) }} + uses: actions/upload-artifact@v4 + with: + name: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu + path: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu + - name: Upload assets + if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') + run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu --repo dunglas/frankenphp --clobber + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') + uses: actions/attest-build-provenance@v2 + with: + subject-path: ${{ github.workspace }}/frankenphp-linux-*-gnu + - name: Run sanity checks + run: | + "${BINARY}" version + "${BINARY}" list-modules | grep frankenphp + "${BINARY}" list-modules | grep http.encoders.br + "${BINARY}" list-modules | grep http.handlers.mercure + "${BINARY}" list-modules | grep http.handlers.mercure + "${BINARY}" list-modules | grep http.handlers.vulcain + env: + BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu + # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ push: runs-on: ubuntu-24.04 needs: - prepare - build-linux + - build-linux-gnu if: fromJson(needs.prepare.outputs.push) steps: - name: Download metadata @@ -191,6 +295,12 @@ jobs: pattern: metadata-static-builder-* path: /tmp/metadata merge-multiple: true + - name: Download GNU metadata + uses: actions/download-artifact@v4 + with: + pattern: metadata-gnu-static-* + path: /tmp/metadata-gnu + merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to DockerHub @@ -206,12 +316,26 @@ jobs: $(printf "${IMAGE_NAME}@sha256:%s " *) env: METADATA: ${{ needs.prepare.outputs.metadata }} + - name: Create GNU manifest list and push + working-directory: /tmp/metadata-gnu + run: | + # shellcheck disable=SC2046,SC2086 + docker buildx imagetools create $(jq -cr '.target."gnu-static".tags | map("-t " + . + "-gnu") | join(" ")' <<< "${GNU_METADATA}") \ + $(printf "${IMAGE_NAME}-gnu@sha256:%s " *) + env: + GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} - name: Inspect image run: | # shellcheck disable=SC2046,SC2086 docker buildx imagetools inspect "$(jq -cr '.target."static-builder".tags | first' <<< "${METADATA}")" env: METADATA: ${{ needs.prepare.outputs.metadata }} + - name: Inspect GNU image + run: | + # shellcheck disable=SC2046,SC2086 + docker buildx imagetools inspect "$(jq -cr '.target."gnu-static".tags | first' <<< "${GNU_METADATA}")-gnu" + env: + GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} build-mac: strategy: From 2c6e6fd4be24e3f5a134905c75bca8750f13205b Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 09:30:02 +0700 Subject: [PATCH 17/23] add gnu-static target --- docker-bake.hcl | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docker-bake.hcl b/docker-bake.hcl index f7fa289335..b03d609268 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -143,3 +143,26 @@ target "static-builder" { } secret = ["id=github-token,env=GITHUB_TOKEN"] } + +target "gnu-static" { + dockerfile = "gnu-static.Dockerfile" + context = "./" + platforms = [ + "linux/amd64", + "linux/arm64" + ] + tags = distinct(flatten([ + LATEST ? "${IMAGE_NAME}:gnu-static" : "", + SHA == "" || VERSION != "dev" ? "" : "${IMAGE_NAME}:gnu-static-sha-${substr(SHA, 0, 7)}", + VERSION == "dev" ? [] : [for v in semver(VERSION) : "${IMAGE_NAME}:gnu-static-${v}"] + ])) + labels = { + "org.opencontainers.image.created" = "${timestamp()}" + "org.opencontainers.image.version" = VERSION + "org.opencontainers.image.revision" = SHA + } + args = { + FRANKENPHP_VERSION = VERSION + } + secret = ["id=github-token,env=GITHUB_TOKEN"] +} \ No newline at end of file From 5b35a969d95112c84f6cd69cb0d6821ea185ecf4 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 09:45:34 +0700 Subject: [PATCH 18/23] skip CHECKOV 2 and 3 --- gnu-static.Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gnu-static.Dockerfile b/gnu-static.Dockerfile index 0b8c130f25..176b561b40 100644 --- a/gnu-static.Dockerfile +++ b/gnu-static.Dockerfile @@ -1,3 +1,6 @@ +# syntax=docker/dockerfile:1 +#checkov:skip=CKV_DOCKER_2 +#checkov:skip=CKV_DOCKER_3 FROM centos:7 ARG FRANKENPHP_VERSION='' From 437323fa41b7fa94e69239e1a8079ad8f91578cf Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 17:30:17 +0700 Subject: [PATCH 19/23] rename static-builder to static-builder-musl, gnu-static to static-builder-gnu run arm64 gnu job on ubuntu-arm --- .github/workflows/static.yaml | 62 +++++++++---------- CONTRIBUTING.md | 2 +- docker-bake.hcl | 20 +++--- docs/cn/CONTRIBUTING.md | 2 +- docs/cn/static.md | 2 +- docs/fr/static.md | 2 +- docs/ru/CONTRIBUTING.md | 2 +- docs/ru/static.md | 2 +- docs/static.md | 2 +- docs/tr/CONTRIBUTING.md | 2 +- docs/tr/static.md | 2 +- ...ockerfile => static-builder-gnu.Dockerfile | 2 +- ...ckerfile => static-builder-musl.Dockerfile | 0 13 files changed, 51 insertions(+), 51 deletions(-) rename gnu-static.Dockerfile => static-builder-gnu.Dockerfile (98%) rename static-builder.Dockerfile => static-builder-musl.Dockerfile (100%) diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index cf816b3da0..3f2a81888d 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -59,8 +59,8 @@ jobs: - name: Create platforms matrix id: matrix run: | - METADATA="$(docker buildx bake --print static-builder | jq -c)" - GNU_METADATA="$(docker buildx bake --print gnu-static | jq -c)" + METADATA="$(docker buildx bake --print static-builder-musl | jq -c)" + GNU_METADATA="$(docker buildx bake --print static-builder-gnu | jq -c)" { echo metadata="${METADATA}" echo platforms="$(jq -c 'first(.target[]) | .platforms' <<< "${METADATA}")" @@ -110,16 +110,16 @@ jobs: with: pull: true load: ${{ !fromJson(needs.prepare.outputs.push) || matrix.debug || matrix.mimalloc }} - targets: static-builder + targets: static-builder-musl set: | - ${{ matrix.debug && 'static-builder.args.DEBUG_SYMBOLS=1' || '' }} - ${{ matrix.mimalloc && 'static-builder.args.MIMALLOC=1' || '' }} - ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'static-builder.args.NO_COMPRESS=1' || '' }} + ${{ matrix.debug && 'static-builder-musl.args.DEBUG_SYMBOLS=1' || '' }} + ${{ matrix.mimalloc && 'static-builder-musl.args.MIMALLOC=1' || '' }} + ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'static-builder-musl.args.NO_COMPRESS=1' || '' }} *.tags= *.platform=${{ matrix.platform }} - *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} - *.cache-from=type=gha,scope=refs/heads/main-static-builder${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} - *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }},ignore-error=true + *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-musl${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} + *.cache-from=type=gha,scope=refs/heads/main-static-builder-musl${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }} + *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-musl${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }},ignore-error=true ${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && format('*.output=type=image,name={0},push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }} env: SHA: ${{ github.sha }} @@ -132,7 +132,7 @@ jobs: mkdir -p /tmp/metadata # shellcheck disable=SC2086 - digest=$(jq -r '."static-builder"."containerimage.digest"' <<< ${METADATA}) + digest=$(jq -r '."static-builder-musl"."containerimage.digest"' <<< ${METADATA}) touch "/tmp/metadata/${digest#sha256:}" env: METADATA: ${{ steps.build.outputs.metadata }} @@ -140,16 +140,16 @@ jobs: if: fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc uses: actions/upload-artifact@v4 with: - name: metadata-static-builder-${{ steps.prepare.outputs.sanitized_platform }} + name: metadata-static-builder-musl-${{ steps.prepare.outputs.sanitized_platform }} path: /tmp/metadata/* if-no-files-found: error retention-days: 1 - name: Copy binary run: | # shellcheck disable=SC2034 - digest=$(jq -r '."static-builder"."${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") - docker create --platform=${{ matrix.platform }} --name static-builder "${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" - docker cp "static-builder:/go/src/app/dist/${BINARY}" "${BINARY}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}" + digest=$(jq -r '."static-builder-musl"."${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") + docker create --platform=${{ matrix.platform }} --name static-builder-musl "${{ (fromJson(needs.prepare.outputs.push) && !matrix.debug && !matrix.mimalloc) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" + docker cp "static-builder-musl:/go/src/app/dist/${BINARY}" "${BINARY}${{ matrix.debug && '-debug' || '' }}${{ matrix.mimalloc && '-mimalloc' || '' }}" env: METADATA: ${{ steps.build.outputs.metadata }} BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} @@ -186,7 +186,7 @@ jobs: matrix: platform: ${{ fromJson(needs.prepare.outputs.platforms) }} name: Build ${{ matrix.platform }} GNU static binary - runs-on: ubuntu-24.04 + runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} needs: [prepare] steps: - name: Prepare @@ -213,14 +213,14 @@ jobs: with: pull: true load: ${{ !fromJson(needs.prepare.outputs.push) }} - targets: gnu-static + targets: static-builder-gnu set: | - ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'gnu-static.args.NO_COMPRESS=1' || '' }} + ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'static-builder-gnu.args.NO_COMPRESS=1' || '' }} *.tags= *.platform=${{ matrix.platform }} - *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-gnu-static - *.cache-from=type=gha,scope=refs/heads/main-gnu-static - *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-gnu-static,ignore-error=true + *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-gnu + *.cache-from=type=gha,scope=refs/heads/main-static-builder-gnu + *.cache-to=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-gnu,ignore-error=true ${{ fromJson(needs.prepare.outputs.push) && format('*.output=type=image,name={0}-gnu,push-by-digest=true,name-canonical=true,push=true', env.IMAGE_NAME) || '' }} env: SHA: ${{ github.sha }} @@ -233,7 +233,7 @@ jobs: mkdir -p /tmp/metadata-gnu # shellcheck disable=SC2086 - digest=$(jq -r '."gnu-static"."containerimage.digest"' <<< ${METADATA}) + digest=$(jq -r '."static-builder-gnu"."containerimage.digest"' <<< ${METADATA}) touch "/tmp/metadata-gnu/${digest#sha256:}" env: METADATA: ${{ steps.build.outputs.metadata }} @@ -241,16 +241,16 @@ jobs: if: fromJson(needs.prepare.outputs.push) uses: actions/upload-artifact@v4 with: - name: metadata-gnu-static-${{ steps.prepare.outputs.sanitized_platform }} + name: metadata-static-builder-gnu-${{ steps.prepare.outputs.sanitized_platform }} path: /tmp/metadata-gnu/* if-no-files-found: error retention-days: 1 - name: Copy binary run: | # shellcheck disable=SC2034 - digest=$(jq -r '."gnu-static"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") - docker create --platform=${{ matrix.platform }} --name gnu-static "${{ fromJson(needs.prepare.outputs.push) && format('{0}-gnu@{1}', env.IMAGE_NAME, '${digest}') || '${digest}' }}" - docker cp "gnu-static:/go/src/app/dist/${BINARY}" "${BINARY}-gnu" + digest=$(jq -r '."static-builder-gnu"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") + docker create --platform=${{ matrix.platform }} --name static-builder-gnu "${{ fromJson(needs.prepare.outputs.push) && format('{0}-gnu@{1}', env.IMAGE_NAME, '${digest}') || '${digest}' }}" + docker cp "static-builder-gnu:/go/src/app/dist/${BINARY}" "${BINARY}-gnu" env: METADATA: ${{ steps.build.outputs.metadata }} BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} @@ -292,13 +292,13 @@ jobs: - name: Download metadata uses: actions/download-artifact@v4 with: - pattern: metadata-static-builder-* + pattern: metadata-static-builder-musl-* path: /tmp/metadata merge-multiple: true - name: Download GNU metadata uses: actions/download-artifact@v4 with: - pattern: metadata-gnu-static-* + pattern: metadata-static-builder-gnu-* path: /tmp/metadata-gnu merge-multiple: true - name: Set up Docker Buildx @@ -312,7 +312,7 @@ jobs: working-directory: /tmp/metadata run: | # shellcheck disable=SC2046,SC2086 - docker buildx imagetools create $(jq -cr '.target."static-builder".tags | map("-t " + .) | join(" ")' <<< "${METADATA}") \ + docker buildx imagetools create $(jq -cr '.target."static-builder-musl".tags | map("-t " + .) | join(" ")' <<< "${METADATA}") \ $(printf "${IMAGE_NAME}@sha256:%s " *) env: METADATA: ${{ needs.prepare.outputs.metadata }} @@ -320,20 +320,20 @@ jobs: working-directory: /tmp/metadata-gnu run: | # shellcheck disable=SC2046,SC2086 - docker buildx imagetools create $(jq -cr '.target."gnu-static".tags | map("-t " + . + "-gnu") | join(" ")' <<< "${GNU_METADATA}") \ + docker buildx imagetools create $(jq -cr '.target."static-builder-gnu".tags | map("-t " + . + "-gnu") | join(" ")' <<< "${GNU_METADATA}") \ $(printf "${IMAGE_NAME}-gnu@sha256:%s " *) env: GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} - name: Inspect image run: | # shellcheck disable=SC2046,SC2086 - docker buildx imagetools inspect "$(jq -cr '.target."static-builder".tags | first' <<< "${METADATA}")" + docker buildx imagetools inspect "$(jq -cr '.target."static-builder-musl".tags | first' <<< "${METADATA}")" env: METADATA: ${{ needs.prepare.outputs.metadata }} - name: Inspect GNU image run: | # shellcheck disable=SC2046,SC2086 - docker buildx imagetools inspect "$(jq -cr '.target."gnu-static".tags | first' <<< "${GNU_METADATA}")-gnu" + docker buildx imagetools inspect "$(jq -cr '.target."static-builder-gnu".tags | first' <<< "${GNU_METADATA}")-gnu" env: GNU_METADATA: ${{ needs.prepare.outputs.gnu_metadata }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b7b7796e66..a720e13f0e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -117,7 +117,7 @@ docker buildx bake -f docker-bake.hcl --pull --no-cache --push --set static-builder.args.DEBUG_SYMBOLS=1 \ --set "static-builder.platform=linux/amd64" \ static-builder - docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp + docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ``` 2. Replace your current version of `frankenphp` by the debug FrankenPHP executable diff --git a/docker-bake.hcl b/docker-bake.hcl index b03d609268..bc6b8bf471 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -118,20 +118,20 @@ target "default" { } } -target "static-builder" { +target "static-builder-musl" { contexts = { golang-base = "docker-image://golang:${GO_VERSION}-alpine" } - dockerfile = "static-builder.Dockerfile" + dockerfile = "static-builder-musl.Dockerfile" context = "./" platforms = [ "linux/amd64", "linux/arm64", ] tags = distinct(flatten([ - LATEST ? "${IMAGE_NAME}:static-builder" : "", - SHA == "" || VERSION != "dev" ? "" : "${IMAGE_NAME}:static-builder-sha-${substr(SHA, 0, 7)}", - VERSION == "dev" ? [] : [for v in semver(VERSION) : "${IMAGE_NAME}:static-builder-${v}"] + LATEST ? "${IMAGE_NAME}:static-builder-musl" : "", + SHA == "" || VERSION != "dev" ? "" : "${IMAGE_NAME}:static-builder-musl-sha-${substr(SHA, 0, 7)}", + VERSION == "dev" ? [] : [for v in semver(VERSION) : "${IMAGE_NAME}:static-builder-musl-${v}"] ])) labels = { "org.opencontainers.image.created" = "${timestamp()}" @@ -144,17 +144,17 @@ target "static-builder" { secret = ["id=github-token,env=GITHUB_TOKEN"] } -target "gnu-static" { - dockerfile = "gnu-static.Dockerfile" +target "static-builder-gnu" { + dockerfile = "static-builder-gnu.Dockerfile" context = "./" platforms = [ "linux/amd64", "linux/arm64" ] tags = distinct(flatten([ - LATEST ? "${IMAGE_NAME}:gnu-static" : "", - SHA == "" || VERSION != "dev" ? "" : "${IMAGE_NAME}:gnu-static-sha-${substr(SHA, 0, 7)}", - VERSION == "dev" ? [] : [for v in semver(VERSION) : "${IMAGE_NAME}:gnu-static-${v}"] + LATEST ? "${IMAGE_NAME}:static-builder-gnu" : "", + SHA == "" || VERSION != "dev" ? "" : "${IMAGE_NAME}:static-builder-gnu-sha-${substr(SHA, 0, 7)}", + VERSION == "dev" ? [] : [for v in semver(VERSION) : "${IMAGE_NAME}:static-builder-gnu-${v}"] ])) labels = { "org.opencontainers.image.created" = "${timestamp()}" diff --git a/docs/cn/CONTRIBUTING.md b/docs/cn/CONTRIBUTING.md index 66be9ab26d..957fd99176 100644 --- a/docs/cn/CONTRIBUTING.md +++ b/docs/cn/CONTRIBUTING.md @@ -114,7 +114,7 @@ docker buildx bake -f docker-bake.hcl --pull --no-cache --push --set static-builder.args.DEBUG_SYMBOLS=1 \ --set "static-builder.platform=linux/amd64" \ static-builder - docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp + docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ``` 2. 将当前版本的 `frankenphp` 替换为 debug FrankenPHP 可执行文件 diff --git a/docs/cn/static.md b/docs/cn/static.md index 7353784906..daf3d5c7c1 100644 --- a/docs/cn/static.md +++ b/docs/cn/static.md @@ -13,7 +13,7 @@ FrankenPHP 还支持 [将 PHP 应用程序嵌入到静态二进制文件中](emb ```console docker buildx bake --load static-builder -docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder +docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder ``` 生成的静态二进制文件名为 `frankenphp`,可在当前目录中找到。 diff --git a/docs/fr/static.md b/docs/fr/static.md index e28c5c2db6..3fce5f74f2 100644 --- a/docs/fr/static.md +++ b/docs/fr/static.md @@ -12,7 +12,7 @@ Nous fournissons une image Docker pour créer un binaire statique pour Linux : ```console docker buildx bake --load static-builder -docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder +docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder ``` Le binaire statique résultant est nommé `frankenphp`, et il est disponible dans le répertoire courant. diff --git a/docs/ru/CONTRIBUTING.md b/docs/ru/CONTRIBUTING.md index d3e4e6f591..564e95d5c2 100644 --- a/docs/ru/CONTRIBUTING.md +++ b/docs/ru/CONTRIBUTING.md @@ -114,7 +114,7 @@ docker buildx bake -f docker-bake.hcl --pull --no-cache --push --set static-builder.args.DEBUG_SYMBOLS=1 \ --set "static-builder.platform=linux/amd64" \ static-builder - docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp + docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ``` 2. Замените текущую версию `frankenphp` на бинарный файл с включенным отладочным режимом. diff --git a/docs/ru/static.md b/docs/ru/static.md index e03b1ce8b8..a898c40d68 100644 --- a/docs/ru/static.md +++ b/docs/ru/static.md @@ -12,7 +12,7 @@ FrankenPHP также поддерживает [встраивание PHP-пр ```console docker buildx bake --load static-builder -docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder +docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder ``` Созданный статический бинарный файл называется `frankenphp` и будет доступен в текущей директории. diff --git a/docs/static.md b/docs/static.md index 4df6734755..2aa768c35d 100644 --- a/docs/static.md +++ b/docs/static.md @@ -13,7 +13,7 @@ We provide a Docker image to build a Linux static binary: ```console docker buildx bake --load static-builder -docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder +docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder ``` The resulting static binary is named `frankenphp` and is available in the current directory. diff --git a/docs/tr/CONTRIBUTING.md b/docs/tr/CONTRIBUTING.md index 4f6e33c89a..8962548d11 100644 --- a/docs/tr/CONTRIBUTING.md +++ b/docs/tr/CONTRIBUTING.md @@ -114,7 +114,7 @@ docker buildx bake -f docker-bake.hcl --pull --no-cache --push --set static-builder.args.DEBUG_SYMBOLS=1 \ --set "static-builder.platform=linux/amd64" \ static-builder - docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp + docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ``` 2. Mevcut `frankenphp` sürümünüzü hata ayıklama FrankenPHP çalıştırılabilir dosyasıyla değiştirin diff --git a/docs/tr/static.md b/docs/tr/static.md index f07572b603..89095b3ca9 100644 --- a/docs/tr/static.md +++ b/docs/tr/static.md @@ -13,7 +13,7 @@ Linux statik binary dosyası oluşturmak için bir Docker imajı sağlıyoruz: ```console docker buildx bake --load static-builder -docker cp $(docker create --name static-builder dunglas/frankenphp:static-builder):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder +docker cp $(docker create --name static-builder-musl dunglas/frankenphp:static-builder-musl):/go/src/app/dist/frankenphp-linux-$(uname -m) frankenphp ; docker rm static-builder ``` Elde edilen statik binary `frankenphp` olarak adlandırılır ve geçerli dizinde kullanılabilir. diff --git a/gnu-static.Dockerfile b/static-builder-gnu.Dockerfile similarity index 98% rename from gnu-static.Dockerfile rename to static-builder-gnu.Dockerfile index 176b561b40..410d57721f 100644 --- a/gnu-static.Dockerfile +++ b/static-builder-gnu.Dockerfile @@ -107,7 +107,7 @@ ENV CC='/opt/rh/devtoolset-10/root/usr/bin/gcc' ENV CXX='/opt/rh/devtoolset-10/root/usr/bin/g++' ENV AR='/opt/rh/devtoolset-10/root/usr/bin/ar' ENV LD='/opt/rh/devtoolset-10/root/usr/bin/ld' -ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC' +ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC -O3 -march=native' ENV SPC_LIBC='glibc' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O1 -pie' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS='-ldl -lpthread -lm -lresolv -lutil -lrt' diff --git a/static-builder.Dockerfile b/static-builder-musl.Dockerfile similarity index 100% rename from static-builder.Dockerfile rename to static-builder-musl.Dockerfile From 0cfc9b9371062cf4e050b500a4576d944949a844 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 17:34:02 +0700 Subject: [PATCH 20/23] rename build-linux to build-linux-musl --- .github/workflows/static.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index 3f2a81888d..27fc45b157 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -69,7 +69,7 @@ jobs: env: SHA: ${{ github.sha }} VERSION: ${{ steps.check.outputs.ref || 'dev' }} - build-linux: + build-linux-musl: strategy: fail-fast: false matrix: @@ -285,7 +285,7 @@ jobs: runs-on: ubuntu-24.04 needs: - prepare - - build-linux + - build-linux-musl - build-linux-gnu if: fromJson(needs.prepare.outputs.push) steps: From 50e08c77451ea49b4b7569ce45f8bd2f4a09e6bf Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 18:37:17 +0700 Subject: [PATCH 21/23] rename job description to specify musl --- .github/workflows/static.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index 27fc45b157..7414323709 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -82,7 +82,7 @@ jobs: debug: true - platform: linux/amd64 mimalloc: true - name: Build ${{ matrix.platform }} static binary${{ matrix.debug && ' (debug)' || '' }}${{ matrix.mimalloc && ' (mimalloc)' || '' }} + name: Build ${{ matrix.platform }} static musl binary${{ matrix.debug && ' (debug)' || '' }}${{ matrix.mimalloc && ' (mimalloc)' || '' }} runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} needs: [prepare] steps: @@ -185,7 +185,7 @@ jobs: fail-fast: false matrix: platform: ${{ fromJson(needs.prepare.outputs.platforms) }} - name: Build ${{ matrix.platform }} GNU static binary + name: Build ${{ matrix.platform }} static GNU binary runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} needs: [prepare] steps: From 0a497088820edcd8a2ca2542b50029c7be09bf60 Mon Sep 17 00:00:00 2001 From: DubbleClick Date: Fri, 21 Mar 2025 18:38:55 +0700 Subject: [PATCH 22/23] higher optimisation flags --- static-builder-gnu.Dockerfile | 2 +- static-builder-musl.Dockerfile | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/static-builder-gnu.Dockerfile b/static-builder-gnu.Dockerfile index 410d57721f..120126bb0c 100644 --- a/static-builder-gnu.Dockerfile +++ b/static-builder-gnu.Dockerfile @@ -109,7 +109,7 @@ ENV AR='/opt/rh/devtoolset-10/root/usr/bin/ar' ENV LD='/opt/rh/devtoolset-10/root/usr/bin/ld' ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC -O3 -march=native' ENV SPC_LIBC='glibc' -ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O1 -pie' +ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O3 -pie' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS='-ldl -lpthread -lm -lresolv -lutil -lrt' ENV SPC_OPT_DOWNLOAD_ARGS='--ignore-cache-sources=php-src' ENV SPC_OPT_BUILD_ARGS='' diff --git a/static-builder-musl.Dockerfile b/static-builder-musl.Dockerfile index 7bc79c7293..e122862b27 100644 --- a/static-builder-musl.Dockerfile +++ b/static-builder-musl.Dockerfile @@ -90,5 +90,9 @@ RUN go mod graph | awk '{if ($1 !~ "@") print $2}' | xargs go get WORKDIR /go/src/app COPY --link . ./ +ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC -O3 -march=native' +ENV SPC_LIBC='musl' +ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O3 -pie' + RUN --mount=type=secret,id=github-token GITHUB_TOKEN=$(cat /run/secrets/github-token) ./build-static.sh && \ rm -Rf dist/static-php-cli/source/* From 267ede53d8dfb4c88c966b99cbc8437045e1d4e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Sat, 22 Mar 2025 11:41:26 +0100 Subject: [PATCH 23/23] Update docker-bake.hcl --- docker-bake.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index bc6b8bf471..d3b42a1698 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -165,4 +165,4 @@ target "static-builder-gnu" { FRANKENPHP_VERSION = VERSION } secret = ["id=github-token,env=GITHUB_TOKEN"] -} \ No newline at end of file +}