Backport #27757 by @nfsec - Size and layer optimization, - Maintaining consistency in definitions (comments, apk etc.), Co-authored-by: Patryk Krawaczyński <nfsec@users.noreply.github.com>
This commit is contained in:
parent
2d2a5657ef
commit
991c959110
28
Dockerfile
28
Dockerfile
|
@ -10,7 +10,12 @@ ENV TAGS "bindata timetzdata $TAGS"
|
||||||
ARG CGO_EXTRA_CFLAGS
|
ARG CGO_EXTRA_CFLAGS
|
||||||
|
|
||||||
# Build deps
|
# Build deps
|
||||||
RUN apk --no-cache add build-base git nodejs npm
|
RUN apk --no-cache add \
|
||||||
|
build-base \
|
||||||
|
git \
|
||||||
|
nodejs \
|
||||||
|
npm \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
# Setup repo
|
# Setup repo
|
||||||
COPY . ${GOPATH}/src/code.gitea.io/gitea
|
COPY . ${GOPATH}/src/code.gitea.io/gitea
|
||||||
|
@ -23,6 +28,19 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
|
||||||
# Begin env-to-ini build
|
# Begin env-to-ini build
|
||||||
RUN go build contrib/environment-to-ini/environment-to-ini.go
|
RUN go build contrib/environment-to-ini/environment-to-ini.go
|
||||||
|
|
||||||
|
# Copy local files
|
||||||
|
COPY docker/root /tmp/local
|
||||||
|
|
||||||
|
# Set permissions
|
||||||
|
RUN chmod 755 /tmp/local/usr/bin/entrypoint \
|
||||||
|
/tmp/local/usr/local/bin/gitea \
|
||||||
|
/tmp/local/etc/s6/gitea/* \
|
||||||
|
/tmp/local/etc/s6/openssh/* \
|
||||||
|
/tmp/local/etc/s6/.s6-svscan/* \
|
||||||
|
/go/src/code.gitea.io/gitea/gitea \
|
||||||
|
/go/src/code.gitea.io/gitea/environment-to-ini
|
||||||
|
RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
|
||||||
|
|
||||||
FROM docker.io/library/alpine:3.18
|
FROM docker.io/library/alpine:3.18
|
||||||
LABEL maintainer="maintainers@gitea.io"
|
LABEL maintainer="maintainers@gitea.io"
|
||||||
|
|
||||||
|
@ -39,7 +57,8 @@ RUN apk --no-cache add \
|
||||||
s6 \
|
s6 \
|
||||||
sqlite \
|
sqlite \
|
||||||
su-exec \
|
su-exec \
|
||||||
gnupg
|
gnupg \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
RUN addgroup \
|
RUN addgroup \
|
||||||
-S -g 1000 \
|
-S -g 1000 \
|
||||||
|
@ -61,10 +80,7 @@ VOLUME ["/data"]
|
||||||
ENTRYPOINT ["/usr/bin/entrypoint"]
|
ENTRYPOINT ["/usr/bin/entrypoint"]
|
||||||
CMD ["/bin/s6-svscan", "/etc/s6"]
|
CMD ["/bin/s6-svscan", "/etc/s6"]
|
||||||
|
|
||||||
COPY docker/root /
|
COPY --from=build-env /tmp/local /
|
||||||
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
|
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
|
||||||
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
|
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
|
||||||
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
|
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
|
||||||
RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
|
|
||||||
RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
|
|
||||||
RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
|
|
||||||
|
|
|
@ -10,7 +10,12 @@ ENV TAGS "bindata timetzdata $TAGS"
|
||||||
ARG CGO_EXTRA_CFLAGS
|
ARG CGO_EXTRA_CFLAGS
|
||||||
|
|
||||||
#Build deps
|
#Build deps
|
||||||
RUN apk --no-cache add build-base git nodejs npm
|
RUN apk --no-cache add \
|
||||||
|
build-base \
|
||||||
|
git \
|
||||||
|
nodejs \
|
||||||
|
npm \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
# Setup repo
|
# Setup repo
|
||||||
COPY . ${GOPATH}/src/code.gitea.io/gitea
|
COPY . ${GOPATH}/src/code.gitea.io/gitea
|
||||||
|
@ -23,6 +28,17 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
|
||||||
# Begin env-to-ini build
|
# Begin env-to-ini build
|
||||||
RUN go build contrib/environment-to-ini/environment-to-ini.go
|
RUN go build contrib/environment-to-ini/environment-to-ini.go
|
||||||
|
|
||||||
|
# Copy local files
|
||||||
|
COPY docker/rootless /tmp/local
|
||||||
|
|
||||||
|
# Set permissions
|
||||||
|
RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
|
||||||
|
/tmp/local/usr/local/bin/docker-setup.sh \
|
||||||
|
/tmp/local/usr/local/bin/gitea \
|
||||||
|
/go/src/code.gitea.io/gitea/gitea \
|
||||||
|
/go/src/code.gitea.io/gitea/environment-to-ini
|
||||||
|
RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
|
||||||
|
|
||||||
FROM docker.io/library/alpine:3.18
|
FROM docker.io/library/alpine:3.18
|
||||||
LABEL maintainer="maintainers@gitea.io"
|
LABEL maintainer="maintainers@gitea.io"
|
||||||
|
|
||||||
|
@ -35,7 +51,8 @@ RUN apk --no-cache add \
|
||||||
gettext \
|
gettext \
|
||||||
git \
|
git \
|
||||||
curl \
|
curl \
|
||||||
gnupg
|
gnupg \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
RUN addgroup \
|
RUN addgroup \
|
||||||
-S -g 1000 \
|
-S -g 1000 \
|
||||||
|
@ -51,12 +68,10 @@ RUN addgroup \
|
||||||
RUN mkdir -p /var/lib/gitea /etc/gitea
|
RUN mkdir -p /var/lib/gitea /etc/gitea
|
||||||
RUN chown git:git /var/lib/gitea /etc/gitea
|
RUN chown git:git /var/lib/gitea /etc/gitea
|
||||||
|
|
||||||
COPY docker/rootless /
|
COPY --from=build-env /tmp/local /
|
||||||
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
|
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
|
||||||
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
|
COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
|
||||||
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
|
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
|
||||||
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
|
|
||||||
RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
|
|
||||||
|
|
||||||
# git:git
|
# git:git
|
||||||
USER 1000:1000
|
USER 1000:1000
|
||||||
|
@ -73,4 +88,3 @@ WORKDIR /var/lib/gitea
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
|
ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
|
||||||
CMD []
|
CMD []
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ if [ ! -x /bin/sh ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${USER}" != "git" ]; then
|
if [ "${USER}" != "git" ]; then
|
||||||
# rename user
|
# Rename user
|
||||||
sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
|
sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -19,13 +19,13 @@ if [ -z "${USER_UID}" ]; then
|
||||||
USER_UID="`id -u ${USER}`"
|
USER_UID="`id -u ${USER}`"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Change GID for USER?
|
# Change GID for USER?
|
||||||
if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
|
if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
|
||||||
sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
|
sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
|
||||||
sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
|
sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Change UID for USER?
|
# Change UID for USER?
|
||||||
if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
|
if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
|
||||||
sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
|
sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue