opendev
/
system-config
Code Issues Proposed changes
system-config/docker/gitea/Dockerfile

158 lines
5.6 KiB
Docker
Raw Permalink Blame History

# syntax=docker/dockerfile:1.3
# Copyright (c) 2018 Red Hat, Inc.
# Copyright (c) 2016 The Gitea Authors
# Copyright (c) 2015 The Gogs Authors
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Wed Oct 11 15:53:34 UTC 2023 - trigger rebuild
###################################
# Build stage
FROM docker.io/library/golang:1.21-bookworm AS build-env
LABEL maintainer="infra-root@openstack.org"
ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
ARG GITEA_VERSION="v1.21.11"
ENV TAGS "bindata timetzdata $TAGS"
# Build deps
RUN apt-get update \
&& apt-get -y dist-upgrade \
&& apt-get -y install build-essential git apt-transport-https curl gnupg2 \
&& curl -sS https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& echo "deb https://deb.nodesource.com/node_20.x bookworm main" | tee /etc/apt/sources.list.d/nodesource.list \
&& apt-get update \
&& apt-get -q --option "Dpkg::Options::=--force-confold" --assume-yes install nodejs \
&& mkdir -p ${GOPATH}/src/code.gitea.io/gitea
# Setup repo
RUN git clone https://github.com/go-gitea/gitea ${GOPATH}/src/code.gitea.io/gitea
WORKDIR ${GOPATH}/src/code.gitea.io/gitea
# Checkout version if set
RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
&& make clean-all build
# This is a utility the upstream image builds to translate env vars into
# the app.ini config. We primarily rely on ansible for this instead but
# build an include it anyway to stay in sync with upstream tooling.
RUN go build contrib/environment-to-ini/environment-to-ini.go
# TODO upstream performs this COPY then chmods the docker/root/ prefixed
# files below against /tmp/local. The copy fails for us due to some bad
# interaction with docker image build caching. I think due to how we clone
# the repo above. We should align better with upstream if possible.
## Copy local files
# COPY docker/root /tmp/local
# Set permissions
RUN chmod 755 docker/root/usr/bin/entrypoint \
docker/root/usr/local/bin/gitea \
docker/root/etc/s6/gitea/* \
docker/root/etc/s6/openssh/* \
docker/root/etc/s6/.s6-svscan/* \
/go/src/code.gitea.io/gitea/gitea \
/go/src/code.gitea.io/gitea/environment-to-ini
RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
###################################
# Basic system setup common to all containers in our pod
FROM docker.io/library/debian:bookworm-slim as base
RUN apt-get update \
&& apt-get -y dist-upgrade \
&& apt-get -y install \
bash \
ca-certificates \
curl \
gettext \
git \
openssh-client \
gnupg \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN addgroup --system --gid 1000 git \
&& adduser \
--system --no-create-home --disabled-login \
--home /data/git \
--shell /bin/bash \
--uid 1000 \
--gid 1000 \
git \
&& echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd \
&& mkdir /custom
# Copy the /etc config files and entrypoint script
COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root /
# Copy the app
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
# Copy our custom templates and some additional image files
COPY custom/ /custom/
# Copy our opendev logo contents to the custom location
RUN --mount=type=bind,from=opendevorg/assets,target=/tmp/assets cp -r /tmp/assets/* /custom/public/assets/img/
ENV GITEA_CUSTOM /custom
# This is used the the openssh container image to set sshd_config AllowUsers
# even though that container runs as root (due to low port selection).
# The main gitea web container also uses this USER env var for basic user
# setup in its entrypoint.
ENV USER git
###################################
# The gitea image
FROM base as gitea
RUN apt-get update && apt-get -y install pandoc \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
EXPOSE 3000
VOLUME ["/data"]
ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/usr/local/bin/gitea", "web"]
USER 1000:1000
###################################
# The openssh server image
FROM base as gitea-openssh
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confold" \
install openssh-server \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir /run/sshd
COPY sshd-entrypoint.sh /usr/bin/entrypoint
EXPOSE 22
VOLUME ["/data"]
ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/usr/sbin/sshd", "-D", "-e"]
View Git Blame Copy Permalink