Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerfile small refactor #27757

Merged
merged 14 commits into from
Oct 29, 2023
Merged

Dockerfile small refactor #27757

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
4dd1716
Update Dockerfile
nfsec Oct 23, 2023
e818d8f
Update Dockerfile
nfsec Oct 23, 2023
a06804b
Update Dockerfile.rootless
nfsec Oct 23, 2023
c63891c
Update and rename entrypoint to entrypoint.sh
nfsec Oct 23, 2023
7003919
Merge branch 'main' into main
nfsec Oct 24, 2023
5a3fd80
Merge branch 'main' into main
nfsec Oct 25, 2023
d039952
Rename entrypoint.sh to entrypoint
nfsec Oct 25, 2023
16697d4
Update Dockerfile
nfsec Oct 25, 2023
bd95b0e
Update Dockerfile
nfsec Oct 25, 2023
9498b76
Update Dockerfile.rootless
nfsec Oct 25, 2023
adbf0d6
Merge branch 'main' into main
nfsec Oct 25, 2023
cf5c5d7
Merge branch 'main' into main
nfsec Oct 27, 2023
c6e9765
Merge branch 'main' into main
GiteaBot Oct 28, 2023
59a36c1
Merge branch 'main' into main
GiteaBot Oct 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 20 additions & 9 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#Build stage
# Build stage
FROM docker.io/library/golang:1.21-alpine3.18 AS build-env

ARG GOPROXY
Expand All @@ -9,14 +9,19 @@ ARG TAGS="sqlite sqlite_unlock_notify"
ENV TAGS "bindata timetzdata $TAGS"
ARG CGO_EXTRA_CFLAGS

#Build deps
RUN apk --no-cache add build-base git nodejs npm
# Build deps
RUN apk --no-cache add \
build-base \
git \
nodejs \
npm \
&& rm -rf /var/cache/apk/*

#Setup repo
# Setup repo
COPY . ${GOPATH}/src/code.gitea.io/gitea
WORKDIR ${GOPATH}/src/code.gitea.io/gitea

#Checkout version if set
# Checkout version if set
RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
&& make clean-all build

Expand All @@ -39,7 +44,8 @@ RUN apk --no-cache add \
s6 \
sqlite \
su-exec \
gnupg
gnupg \
&& rm -rf /var/cache/apk/*

RUN addgroup \
-S -g 1000 \
Expand All @@ -58,13 +64,18 @@ ENV GITEA_CUSTOM /data/gitea

VOLUME ["/data"]

ENTRYPOINT ["/usr/bin/entrypoint"]
ENTRYPOINT ["/usr/bin/entrypoint.sh"]
CMD ["/bin/s6-svscan", "/etc/s6"]

COPY docker/root /
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
RUN chmod 755 /usr/bin/entrypoint.sh \
/app/gitea/gitea \
/usr/local/bin/gitea \
/usr/local/bin/environment-to-ini \
/etc/s6/gitea/* \
/etc/s6/openssh/* \
/etc/s6/.s6-svscan/*
Copy link
Contributor

@wxiaoguang wxiaoguang Oct 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For "Size and layer optimization":

IIRC there is a bug in the chmod step.

For example:

The problem is the RUN /bin/sh -c chmod 755 layer introduces another 44M change in "latest" image.

I think we should do chmod for the built binaries in the build-env stage, then the chmod layer won't cause so much a big change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved chmod to build-env.

RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
20 changes: 13 additions & 7 deletions Dockerfile.rootless
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#Build stage
# Build stage
FROM docker.io/library/golang:1.21-alpine3.18 AS build-env

ARG GOPROXY
Expand All @@ -10,13 +10,18 @@ ENV TAGS "bindata timetzdata $TAGS"
ARG CGO_EXTRA_CFLAGS

#Build deps
RUN apk --no-cache add build-base git nodejs npm
RUN apk --no-cache add \
build-base \
git \
nodejs \
npm \
&& rm -rf /var/cache/apk/*

#Setup repo
# Setup repo
COPY . ${GOPATH}/src/code.gitea.io/gitea
WORKDIR ${GOPATH}/src/code.gitea.io/gitea

#Checkout version if set
# Checkout version if set
RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
&& make clean-all build

Expand All @@ -35,7 +40,8 @@ RUN apk --no-cache add \
gettext \
git \
curl \
gnupg
gnupg \
&& rm -rf /var/cache/apk/*

RUN addgroup \
-S -g 1000 \
Expand All @@ -58,14 +64,14 @@ COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_au
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

#git:git
# git:git
USER 1000:1000
ENV GITEA_WORK_DIR /var/lib/gitea
ENV GITEA_CUSTOM /var/lib/gitea/custom
ENV GITEA_TEMP /tmp/gitea
ENV TMPDIR /tmp/gitea

#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
# TODO add to docs the ability to define the ini to load (useful to test and revert a config)
ENV GITEA_APP_INI /etc/gitea/app.ini
ENV HOME "/var/lib/gitea/git"
VOLUME ["/var/lib/gitea", "/etc/gitea"]
Expand Down
6 changes: 3 additions & 3 deletions docker/root/usr/bin/entrypoint → docker/root/usr/bin/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ if [ ! -x /bin/sh ]; then
fi

if [ "${USER}" != "git" ]; then
# rename user
# Rename user
sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
fi

Expand All @@ -19,13 +19,13 @@ if [ -z "${USER_UID}" ]; then
USER_UID="`id -u ${USER}`"
fi

## Change GID for USER?
# Change GID for USER?
if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
fi

## Change UID for USER?
# Change UID for USER?
if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
fi
Expand Down