diff options
author | Antoine GIRARD | 2020-11-01 01:58:22 +0100 |
---|---|---|
committer | GitHub | 2020-10-31 20:58:22 -0400 |
commit | fe458ce877f520cc7f20116db4ff2a0536ff319b (patch) | |
tree | 6bdaa11737eb1317749e11d58da34e4423880604 /Dockerfile.rootless | |
parent | f3bbd46c49fb7a2e3407d4da0db511930c957e3c (diff) |
docker: rootless image (#10154)
* docker: rootless image
* improve docs + remove check for write perm on custom
* add more info on ssh passtrough
* Add comment for internal ssh server in container config
Diffstat (limited to 'Dockerfile.rootless')
-rw-r--r-- | Dockerfile.rootless | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/Dockerfile.rootless b/Dockerfile.rootless new file mode 100644 index 000000000..6c98c099d --- /dev/null +++ b/Dockerfile.rootless @@ -0,0 +1,68 @@ + +################################### +#Build stage +FROM golang:1.15-alpine3.12 AS build-env + +ARG GOPROXY +ENV GOPROXY ${GOPROXY:-direct} + +ARG GITEA_VERSION +ARG TAGS="sqlite sqlite_unlock_notify" +ENV TAGS "bindata timetzdata $TAGS" +ARG CGO_EXTRA_CFLAGS + +#Build deps +RUN apk --no-cache add build-base git nodejs npm + +#Setup repo +COPY . ${GOPATH}/src/code.gitea.io/gitea +WORKDIR ${GOPATH}/src/code.gitea.io/gitea + +#Checkout version if set +RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ + && make clean-all build + +FROM alpine:3.12 +LABEL maintainer="maintainers@gitea.io" + +EXPOSE 2222 3000 + +RUN apk --no-cache add \ + bash \ + ca-certificates \ + gettext \ + git \ + gnupg + +RUN addgroup \ + -S -g 1000 \ + git && \ + adduser \ + -S -H -D \ + -h /var/lib/gitea/git \ + -s /bin/bash \ + -u 1000 \ + -G git \ + git && \ + echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd + +RUN mkdir -p /var/lib/gitea /etc/gitea +RUN chown git:git /var/lib/gitea /etc/gitea + +COPY docker/rootless / +COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea +RUN chown root:root /usr/local/bin/* && chmod 755 /usr/local/bin/* + +USER git:git +ENV GITEA_WORK_DIR /var/lib/gitea +ENV GITEA_CUSTOM /var/lib/gitea/custom +ENV GITEA_TEMP /tmp/gitea +#TODO add to docs the ability to define the ini to load (usefull to test and revert a config) +ENV GITEA_APP_INI /etc/gitea/app.ini +ENV HOME "/var/lib/gitea/git" +VOLUME ["/var/lib/gitea", "/etc/gitea"] +WORKDIR /var/lib/gitea + +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] +CMD [] + |