Jonathan Miller
7e312077e7
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Branch Policy Check / Verify merge target (pull_request) Successful in 9s
Universal: PR Check / Branch Policy (pull_request) Successful in 8s
Universal: PR Check / Validate PR (pull_request) Failing after 18s
Branch Cleanup / Delete merged branch (pull_request) Has been skipped
PR RC Release / Build RC Release (pull_request) Failing after 43s
Bake the noop script directly into the image layer so openssh never starts. We use external SSH (port 2222) via host networking, not the container's sshd. Fixes: #372 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
91 lines
2.6 KiB
Docker
91 lines
2.6 KiB
Docker
# syntax=docker/dockerfile:1
|
|
# Build frontend on the native platform to avoid QEMU-related issues with nodejs ecosystem
|
|
FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.26-alpine3.23 AS frontend-build
|
|
RUN apk --no-cache add build-base git nodejs pnpm
|
|
WORKDIR /src
|
|
COPY package.json pnpm-lock.yaml .npmrc ./
|
|
RUN --mount=type=cache,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile
|
|
COPY --exclude=.git/ . .
|
|
RUN make frontend
|
|
|
|
# Build backend for each target platform
|
|
FROM docker.io/library/golang:1.26-alpine3.23 AS build-env
|
|
|
|
ARG GITEA_VERSION
|
|
ARG TAGS=""
|
|
ENV TAGS="bindata timetzdata $TAGS"
|
|
ARG CGO_EXTRA_CFLAGS
|
|
|
|
# Build deps
|
|
RUN apk --no-cache add \
|
|
build-base \
|
|
git
|
|
|
|
WORKDIR ${GOPATH}/src/code.mokoconsulting.tech/MokoConsulting/MokoGitea
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
# Use COPY instead of bind mount as read-only one breaks makefile state tracking
|
|
COPY --exclude=.git/ . .
|
|
COPY --from=frontend-build /src/public/assets public/assets
|
|
|
|
# Build gitea, .git mount is required for version data
|
|
# GOFLAGS=-p 1 serializes compilation to prevent OOM on low-memory servers
|
|
ARG GOFLAGS="-p 1"
|
|
RUN --mount=type=cache,target="/root/.cache/go-build" \
|
|
--mount=type=bind,source=".git/",target=".git/" \
|
|
GOFLAGS="${GOFLAGS}" make backend
|
|
|
|
COPY docker/root /tmp/local
|
|
|
|
# Set permissions for builds that made under windows which strips the executable bit from file
|
|
RUN chmod 755 /tmp/local/usr/bin/entrypoint \
|
|
/tmp/local/usr/local/bin/* \
|
|
/tmp/local/etc/s6/gitea/* \
|
|
/tmp/local/etc/s6/openssh/* \
|
|
/tmp/local/etc/s6/.s6-svscan/* \
|
|
/go/src/code.mokoconsulting.tech/MokoConsulting/MokoGitea/gitea
|
|
|
|
FROM docker.io/library/alpine:3.23 AS gitea
|
|
|
|
EXPOSE 22 3000
|
|
|
|
RUN apk --no-cache add \
|
|
bash \
|
|
ca-certificates \
|
|
curl \
|
|
gettext \
|
|
git \
|
|
linux-pam \
|
|
openssh \
|
|
s6 \
|
|
sqlite \
|
|
su-exec \
|
|
gnupg
|
|
|
|
RUN addgroup \
|
|
-S -g 1000 \
|
|
git && \
|
|
adduser \
|
|
-S -H -D \
|
|
-h /data/git \
|
|
-s /bin/bash \
|
|
-u 1000 \
|
|
-G git \
|
|
git && \
|
|
echo "git:*" | chpasswd -e
|
|
|
|
COPY --from=build-env /tmp/local /
|
|
COPY --from=build-env /go/src/code.mokoconsulting.tech/MokoConsulting/MokoGitea/gitea /app/gitea/gitea
|
|
|
|
# Disable openssh s6 service — we use external SSH (port 2222 via host).
|
|
RUN printf '#!/bin/sh\nexec sleep infinity\n' > /etc/s6/openssh/run && chmod 755 /etc/s6/openssh/run
|
|
|
|
ENV USER=git
|
|
ENV GITEA_CUSTOM=/data/gitea
|
|
|
|
VOLUME ["/data"]
|
|
|
|
# HINT: HEALTH-CHECK-ENDPOINT: don't use HEALTHCHECK, search this hint keyword for more information
|
|
ENTRYPOINT ["/usr/bin/entrypoint"]
|
|
CMD ["/usr/bin/s6-svscan", "/etc/s6"]
|