aboutsummaryrefslogtreecommitdiff
path: root/docker
diff options
context:
space:
mode:
authorAntoine GIRARD2020-11-01 01:58:22 +0100
committerGitHub2020-10-31 20:58:22 -0400
commitfe458ce877f520cc7f20116db4ff2a0536ff319b (patch)
tree6bdaa11737eb1317749e11d58da34e4423880604 /docker
parentf3bbd46c49fb7a2e3407d4da0db511930c957e3c (diff)
docker: rootless image (#10154)
* docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
Diffstat (limited to 'docker')
-rw-r--r--docker/manifest.rootless.tmpl19
-rw-r--r--docker/rootless/etc/templates/app.ini58
-rwxr-xr-xdocker/rootless/usr/local/bin/docker-entrypoint.sh11
-rwxr-xr-xdocker/rootless/usr/local/bin/docker-setup.sh48
4 files changed, 136 insertions, 0 deletions
diff --git a/docker/manifest.rootless.tmpl b/docker/manifest.rootless.tmpl
new file mode 100644
index 000000000..2951be8b2
--- /dev/null
+++ b/docker/manifest.rootless.tmpl
@@ -0,0 +1,19 @@
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-rootless
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+ - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+ -
+ image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64-rootless
+ platform:
+ architecture: amd64
+ os: linux
+ -
+ image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-rootless
+ platform:
+ architecture: arm64
+ os: linux
+ variant: v8
diff --git a/docker/rootless/etc/templates/app.ini b/docker/rootless/etc/templates/app.ini
new file mode 100644
index 000000000..e8a89cd27
--- /dev/null
+++ b/docker/rootless/etc/templates/app.ini
@@ -0,0 +1,58 @@
+APP_NAME = $APP_NAME
+RUN_USER = $RUN_USER
+RUN_MODE = $RUN_MODE
+
+[repository]
+ROOT = $GITEA_WORK_DIR/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = $GITEA_TEMP/local-repo
+
+[repository.upload]
+TEMP_PATH = $GITEA_TEMP/uploads
+
+[server]
+APP_DATA_PATH = $GITEA_WORK_DIR
+SSH_DOMAIN = $SSH_DOMAIN
+HTTP_PORT = $HTTP_PORT
+ROOT_URL = $ROOT_URL
+DISABLE_SSH = $DISABLE_SSH
+; In rootless gitea container only internal ssh server is supported
+START_SSH_SERVER = true
+SSH_PORT = $SSH_PORT
+SSH_LISTEN_PORT = $SSH_LISTEN_PORT
+BUILTIN_SSH_SERVER_USER = $RUN_USER
+LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs
+
+[database]
+PATH = $GITEA_WORK_DIR/data/gitea.db
+DB_TYPE = $DB_TYPE
+HOST = $DB_HOST
+NAME = $DB_NAME
+USER = $DB_USER
+PASSWD = $DB_PASSWD
+
+[indexer]
+ISSUE_INDEXER_PATH = $GITEA_WORK_DIR/data/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars
+
+[attachment]
+PATH = $GITEA_WORK_DIR/data/attachments
+
+[log]
+ROOT_PATH = $GITEA_WORK_DIR/data/log
+
+[security]
+INSTALL_LOCK = $INSTALL_LOCK
+SECRET_KEY = $SECRET_KEY
+
+[service]
+DISABLE_REGISTRATION = $DISABLE_REGISTRATION
+REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW
diff --git a/docker/rootless/usr/local/bin/docker-entrypoint.sh b/docker/rootless/usr/local/bin/docker-entrypoint.sh
new file mode 100755
index 000000000..d05777adc
--- /dev/null
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ -x /usr/local/bin/docker-setup.sh ]; then
+ /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
+fi
+
+if [ $# -gt 0 ]; then
+ exec "$@"
+else
+ exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
+fi
diff --git a/docker/rootless/usr/local/bin/docker-setup.sh b/docker/rootless/usr/local/bin/docker-setup.sh
new file mode 100755
index 000000000..1ee8c2c97
--- /dev/null
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Prepare git folder
+mkdir -p ${HOME} && chmod 0700 ${HOME}
+if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi
+
+# Prepare custom folder
+mkdir -p ${GITEA_CUSTOM} && chmod 0500 ${GITEA_CUSTOM}
+
+# Prepare temp folder
+mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
+if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi
+
+#Prepare config file
+if [ ! -f ${GITEA_APP_INI} ]; then
+
+ #Prepare config file folder
+ GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI})
+ mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR}
+ if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi
+
+ # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+ # INSTALL_LOCK is empty
+ if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+ INSTALL_LOCK=true
+ fi
+
+ # Substitude the environment variables in the template
+ APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+ RUN_MODE=${RUN_MODE:-"dev"} \
+ RUN_USER=${USER:-"git"} \
+ SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+ HTTP_PORT=${HTTP_PORT:-"3000"} \
+ ROOT_URL=${ROOT_URL:-""} \
+ DISABLE_SSH=${DISABLE_SSH:-"false"} \
+ SSH_PORT=${SSH_PORT:-"2222"} \
+ SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \
+ DB_TYPE=${DB_TYPE:-"sqlite3"} \
+ DB_HOST=${DB_HOST:-"localhost:3306"} \
+ DB_NAME=${DB_NAME:-"gitea"} \
+ DB_USER=${DB_USER:-"root"} \
+ DB_PASSWD=${DB_PASSWD:-""} \
+ INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+ DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+ REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+ SECRET_KEY=${SECRET_KEY:-""} \
+ envsubst < /etc/templates/app.ini > ${GITEA_APP_INI}
+fi