2023-06-14 14:32:20 +03:00
|
|
|
FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
|
|
|
|
|
2024-08-21 12:58:16 +03:00
|
|
|
FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env
|
2018-03-12 12:59:13 +03:00
|
|
|
|
2019-08-05 00:58:16 +03:00
|
|
|
ARG GOPROXY
|
2024-06-21 18:08:42 +03:00
|
|
|
ENV GOPROXY=${GOPROXY:-direct}
|
2019-08-05 00:58:16 +03:00
|
|
|
|
2024-02-17 15:08:54 +03:00
|
|
|
ARG RELEASE_VERSION
|
2018-10-23 14:47:59 +03:00
|
|
|
ARG TAGS="sqlite sqlite_unlock_notify"
|
2024-06-21 18:08:42 +03:00
|
|
|
ENV TAGS="bindata timetzdata $TAGS"
|
2020-06-07 00:42:32 +03:00
|
|
|
ARG CGO_EXTRA_CFLAGS
|
2018-03-12 12:59:13 +03:00
|
|
|
|
2023-06-14 14:32:20 +03:00
|
|
|
#
|
|
|
|
# Transparently cross compile for the target platform
|
|
|
|
#
|
|
|
|
COPY --from=xx / /
|
|
|
|
ARG TARGETPLATFORM
|
|
|
|
RUN apk --no-cache add clang lld
|
|
|
|
RUN xx-apk --no-cache add gcc musl-dev
|
|
|
|
ENV CGO_ENABLED=1
|
|
|
|
RUN xx-go --wrap
|
|
|
|
#
|
|
|
|
# for go generate and binfmt to find
|
|
|
|
# without it the generate phase will fail with
|
|
|
|
# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1
|
|
|
|
# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory
|
|
|
|
# why exactly is it needed? where is binfmt involved?
|
|
|
|
#
|
|
|
|
RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
|
|
|
|
|
|
|
|
RUN apk --no-cache add build-base git nodejs npm
|
2018-03-12 12:59:13 +03:00
|
|
|
|
|
|
|
COPY . ${GOPATH}/src/code.gitea.io/gitea
|
|
|
|
WORKDIR ${GOPATH}/src/code.gitea.io/gitea
|
|
|
|
|
2024-02-18 23:44:42 +03:00
|
|
|
RUN make clean
|
2023-06-14 14:32:20 +03:00
|
|
|
RUN make frontend
|
|
|
|
RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
|
[CHORE] Support reproducible builds
This is a step towards making Forgejo's binaries (the one listed in the
release tab) reproducible.
In order to make the actual binary reproducible, we have to ensure that
the release workflow has the correct configuration to produce such
reproducible binaries. The release workflow currently uses the
Dockerfile to produce binaries, as this is one of the easiest ways to do
cross-compiling for Go binaries with CGO enabled (due to SQLite). In the
Dockerfile, two new arguments are being given to the build command.
`-trimpath` ensures that the workpath directory doesn't get included in
the binary; this means that file names (such as for panics) are
relative (to the workpath) and not absolute, which shouldn't impact
debugging. `-buildid=` is added to the linker flag; it sets the BuildID
of the Go linker to be empty; the `-buildid` hashes the input actions
and output content; these vary from build to build for unknown reasons,
but likely because of the involvement of temporary file names, this
doesn't have any effect on the behavior of the resulting binary.
The Makefile receives a new command, `reproduce-build#$VERSION` which
can be used by people to produce a reproducible Forgejo binary of a
particular release; it roughly does what the release workflow also does.
Build the Dockerfile and extract the Forgejo binary from it. This
doesn't allow to produce a reproducible version for every release, only
for those that include this patch, as it needs to call the makefile of
that version in order to make a reproducible binary.
There's one thing left to do: the Dockerfile pins the Go version to a
minor level and not to a patch level. This means that if a new Go patch
version is released, that will be used instead and will result in a
different binary that isn't bit to bit the same as the one that Forgejo
has released.
2024-08-15 21:53:47 +03:00
|
|
|
RUN make RELEASE_VERSION=$RELEASE_VERSION GOFLAGS="-trimpath" LDFLAGS="-buildid=" go-check generate-backend static-executable && xx-verify gitea
|
2021-02-23 22:21:44 +03:00
|
|
|
|
2023-10-29 04:44:06 +03:00
|
|
|
# Copy local files
|
|
|
|
COPY docker/root /tmp/local
|
|
|
|
|
|
|
|
# Set permissions
|
|
|
|
RUN chmod 755 /tmp/local/usr/bin/entrypoint \
|
|
|
|
/tmp/local/usr/local/bin/gitea \
|
|
|
|
/tmp/local/etc/s6/gitea/* \
|
|
|
|
/tmp/local/etc/s6/openssh/* \
|
|
|
|
/tmp/local/etc/s6/.s6-svscan/* \
|
|
|
|
/go/src/code.gitea.io/gitea/gitea \
|
|
|
|
/go/src/code.gitea.io/gitea/environment-to-ini
|
|
|
|
RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
|
|
|
|
|
2024-08-21 12:58:16 +03:00
|
|
|
FROM code.forgejo.org/oci/golang:1.23-alpine3.20
|
2024-04-17 17:36:53 +03:00
|
|
|
ARG RELEASE_VERSION
|
2024-04-16 12:10:34 +03:00
|
|
|
LABEL maintainer="contact@forgejo.org" \
|
|
|
|
org.opencontainers.image.authors="Forgejo" \
|
|
|
|
org.opencontainers.image.url="https://forgejo.org" \
|
|
|
|
org.opencontainers.image.documentation="https://forgejo.org/download/#container-image" \
|
|
|
|
org.opencontainers.image.source="https://codeberg.org/forgejo/forgejo" \
|
|
|
|
org.opencontainers.image.version="${RELEASE_VERSION}" \
|
|
|
|
org.opencontainers.image.vendor="Forgejo" \
|
|
|
|
org.opencontainers.image.licenses="MIT" \
|
|
|
|
org.opencontainers.image.title="Forgejo. Beyond coding. We forge." \
|
|
|
|
org.opencontainers.image.description="Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job."
|
2015-08-25 07:41:01 +03:00
|
|
|
|
2016-11-28 16:13:18 +03:00
|
|
|
EXPOSE 22 3000
|
2015-08-25 07:41:01 +03:00
|
|
|
|
2017-05-08 14:09:20 +03:00
|
|
|
RUN apk --no-cache add \
|
2016-11-28 16:13:18 +03:00
|
|
|
bash \
|
2018-03-12 12:59:13 +03:00
|
|
|
ca-certificates \
|
|
|
|
curl \
|
|
|
|
gettext \
|
2016-11-28 16:13:18 +03:00
|
|
|
git \
|
|
|
|
linux-pam \
|
|
|
|
openssh \
|
2018-03-12 12:59:13 +03:00
|
|
|
s6 \
|
|
|
|
sqlite \
|
|
|
|
su-exec \
|
2023-10-29 04:44:06 +03:00
|
|
|
gnupg \
|
|
|
|
&& rm -rf /var/cache/apk/*
|
2018-03-12 12:59:13 +03:00
|
|
|
|
2017-06-30 09:10:37 +03:00
|
|
|
RUN addgroup \
|
2016-11-28 19:37:31 +03:00
|
|
|
-S -g 1000 \
|
2016-11-28 16:13:18 +03:00
|
|
|
git && \
|
2016-11-28 19:22:22 +03:00
|
|
|
adduser \
|
|
|
|
-S -H -D \
|
|
|
|
-h /data/git \
|
2016-11-28 16:13:18 +03:00
|
|
|
-s /bin/bash \
|
|
|
|
-u 1000 \
|
2016-11-28 19:22:22 +03:00
|
|
|
-G git \
|
2016-12-15 12:16:55 +03:00
|
|
|
git && \
|
2021-04-29 20:48:52 +03:00
|
|
|
echo "git:*" | chpasswd -e
|
2015-08-17 10:10:23 +03:00
|
|
|
|
2024-06-21 18:08:42 +03:00
|
|
|
ENV USER=git
|
|
|
|
ENV GITEA_CUSTOM=/data/gitea
|
2016-01-25 16:07:37 +03:00
|
|
|
|
2015-10-02 12:56:36 +03:00
|
|
|
VOLUME ["/data"]
|
2016-11-28 16:13:18 +03:00
|
|
|
|
|
|
|
ENTRYPOINT ["/usr/bin/entrypoint"]
|
|
|
|
CMD ["/bin/s6-svscan", "/etc/s6"]
|
|
|
|
|
2023-10-29 04:44:06 +03:00
|
|
|
COPY --from=build-env /tmp/local /
|
2023-06-14 14:32:20 +03:00
|
|
|
RUN cd /usr/local/bin ; ln -s gitea forgejo
|
2018-03-12 12:59:13 +03:00
|
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
|
2024-08-07 16:04:05 +03:00
|
|
|
RUN ln /app/gitea/gitea /app/gitea/forgejo-cli
|
2021-02-23 22:21:44 +03:00
|
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
|
2023-02-21 20:32:24 +03:00
|
|
|
COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
|