ddbfa8b162
We're running v1.22.1 currently and v1.22.2 fixes a number of bugs. The full changelog can be seen here: https://github.com/go-gitea/gitea/blob/v1.22.2/CHANGELOG.md The template files we override have not changed and neither has the Dockerfile since we last upgraded. I expect this should be a fairly straightforward bugfix upgrade. Reviewers please to read the changelog to see if there is anything we should be concerned about. Change-Id: I4983865c94429c4cbcb54329f0f83b2fb0f26404
158 lines
5.6 KiB
Docker
158 lines
5.6 KiB
Docker
# syntax=docker/dockerfile:1.3
|
|
# Copyright (c) 2018 Red Hat, Inc.
|
|
# Copyright (c) 2016 The Gitea Authors
|
|
# Copyright (c) 2015 The Gogs Authors
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
# in the Software without restriction, including without limitation the rights
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in
|
|
# all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
# THE SOFTWARE.
|
|
|
|
# Wed Oct 11 15:53:34 UTC 2023 - trigger rebuild
|
|
|
|
###################################
|
|
# Build stage
|
|
FROM docker.io/library/golang:1.22-bookworm AS build-env
|
|
|
|
LABEL maintainer="infra-root@openstack.org"
|
|
|
|
ARG GOPROXY
|
|
ENV GOPROXY ${GOPROXY:-direct}
|
|
|
|
ARG GITEA_VERSION="v1.22.2"
|
|
ENV TAGS "bindata timetzdata $TAGS"
|
|
|
|
# Build deps
|
|
RUN apt-get update \
|
|
&& apt-get -y dist-upgrade \
|
|
&& apt-get -y install build-essential git apt-transport-https curl gnupg2 \
|
|
&& curl -sS https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
|
|
&& echo "deb https://deb.nodesource.com/node_20.x bookworm main" | tee /etc/apt/sources.list.d/nodesource.list \
|
|
&& apt-get update \
|
|
&& apt-get -q --option "Dpkg::Options::=--force-confold" --assume-yes install nodejs \
|
|
&& mkdir -p ${GOPATH}/src/code.gitea.io/gitea
|
|
|
|
# Setup repo
|
|
RUN git clone https://github.com/go-gitea/gitea ${GOPATH}/src/code.gitea.io/gitea
|
|
WORKDIR ${GOPATH}/src/code.gitea.io/gitea
|
|
|
|
# Checkout version if set
|
|
RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
|
|
&& make clean-all build
|
|
|
|
# This is a utility the upstream image builds to translate env vars into
|
|
# the app.ini config. We primarily rely on ansible for this instead but
|
|
# build an include it anyway to stay in sync with upstream tooling.
|
|
RUN go build contrib/environment-to-ini/environment-to-ini.go
|
|
|
|
# TODO upstream performs this COPY then chmods the docker/root/ prefixed
|
|
# files below against /tmp/local. The copy fails for us due to some bad
|
|
# interaction with docker image build caching. I think due to how we clone
|
|
# the repo above. We should align better with upstream if possible.
|
|
## Copy local files
|
|
# COPY docker/root /tmp/local
|
|
|
|
# Set permissions
|
|
RUN chmod 755 docker/root/usr/bin/entrypoint \
|
|
docker/root/usr/local/bin/gitea \
|
|
docker/root/etc/s6/gitea/* \
|
|
docker/root/etc/s6/openssh/* \
|
|
docker/root/etc/s6/.s6-svscan/* \
|
|
/go/src/code.gitea.io/gitea/gitea \
|
|
/go/src/code.gitea.io/gitea/environment-to-ini
|
|
RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
|
|
|
|
###################################
|
|
# Basic system setup common to all containers in our pod
|
|
|
|
FROM docker.io/library/debian:bookworm-slim as base
|
|
|
|
RUN apt-get update \
|
|
&& apt-get -y dist-upgrade \
|
|
&& apt-get -y install \
|
|
bash \
|
|
ca-certificates \
|
|
curl \
|
|
gettext \
|
|
git \
|
|
openssh-client \
|
|
gnupg \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN addgroup --system --gid 1000 git \
|
|
&& adduser \
|
|
--system --no-create-home --disabled-login \
|
|
--home /data/git \
|
|
--shell /bin/bash \
|
|
--uid 1000 \
|
|
--gid 1000 \
|
|
git \
|
|
&& echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd \
|
|
&& mkdir /custom
|
|
|
|
# Copy the /etc config files and entrypoint script
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root /
|
|
|
|
# Copy the app
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
|
|
|
|
# Copy our custom templates and some additional image files
|
|
COPY custom/ /custom/
|
|
# Copy our opendev logo contents to the custom location
|
|
RUN --mount=type=bind,from=opendevorg/assets,target=/tmp/assets cp -r /tmp/assets/* /custom/public/assets/img/
|
|
|
|
ENV GITEA_CUSTOM /custom
|
|
# This is used the the openssh container image to set sshd_config AllowUsers
|
|
# even though that container runs as root (due to low port selection).
|
|
# The main gitea web container also uses this USER env var for basic user
|
|
# setup in its entrypoint.
|
|
ENV USER git
|
|
|
|
###################################
|
|
# The gitea image
|
|
FROM base as gitea
|
|
|
|
RUN apt-get update && apt-get -y install pandoc \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
EXPOSE 3000
|
|
VOLUME ["/data"]
|
|
ENTRYPOINT ["/usr/bin/entrypoint"]
|
|
CMD ["/usr/local/bin/gitea", "web"]
|
|
USER 1000:1000
|
|
|
|
###################################
|
|
# The openssh server image
|
|
FROM base as gitea-openssh
|
|
|
|
RUN apt-get update \
|
|
&& DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confold" \
|
|
install openssh-server \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& mkdir /run/sshd
|
|
|
|
COPY sshd-entrypoint.sh /usr/bin/entrypoint
|
|
|
|
EXPOSE 22
|
|
VOLUME ["/data"]
|
|
ENTRYPOINT ["/usr/bin/entrypoint"]
|
|
CMD ["/usr/sbin/sshd", "-D", "-e"]
|