# syntax=docker/dockerfile:1.3
# Copyright (c) 2018 Red Hat, Inc.
# Copyright (c) 2016 The Gitea Authors
# Copyright (c) 2015 The Gogs Authors
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
###################################
#Build stage
FROM docker.io/library/golang:1.16-buster AS build-env
LABEL maintainer="infra-root@openstack.org"
ARG GITEA_VERSION="v1.14.6"
ENV TAGS "bindata $TAGS"
#Build deps
RUN apt-get update && apt-get -y install build-essential git apt-transport-https curl gnupg2 \
&& curl -sS https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& echo "deb https://deb.nodesource.com/node_14.x buster main" | tee /etc/apt/sources.list.d/nodesource.list \
&& apt-get update \
&& apt-get -q --option "Dpkg::Options::=--force-confold" --assume-yes install nodejs \
&& mkdir -p ${GOPATH}/src/code.gitea.io/gitea
#Setup repo
RUN git clone https://github.com/go-gitea/gitea ${GOPATH}/src/code.gitea.io/gitea
WORKDIR ${GOPATH}/src/code.gitea.io/gitea
#Checkout version if set
RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
&& make clean-all build
###################################
# Basic system setup common to all containers in our pod
FROM docker.io/library/debian:buster-slim as base
RUN apt-get update && apt-get -y install \
bash \
ca-certificates \
curl \
gettext \
git \
openssh-client \
tzdata \
gnupg \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN addgroup --system --gid 1000 git \
&& adduser \
--system --no-create-home --disabled-login \
--home /data/git \
--shell /bin/bash \
--uid 1000 \
--gid 1000 \
git \
&& echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd \
&& mkdir /custom
# Copy the /etc config files and entrypoint script
COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root /
# Copy the app
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
# Copy our custom templates
COPY custom/ /custom/
RUN --mount=type=bind,from=opendevorg/assets,target=/tmp/assets cp /tmp/assets/* /custom/public/img/
ENV GITEA_CUSTOM /custom
###################################
# The gitea image
FROM base as gitea
RUN apt-get update && apt-get -y install pandoc \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
EXPOSE 3000
ENV USER git
VOLUME ["/data"]
ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/app/gitea/gitea", "web"]
USER 1000:1000
###################################
# The openssh server image
FROM base as gitea-openssh
# We enable backports here to install newer openssh which includes
# support for options that gitea's ssh configuration expects
RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confold" \
-t buster-backports install openssh-server \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir /run/sshd
COPY sshd-entrypoint.sh /usr/bin/entrypoint
EXPOSE 22
VOLUME ["/data"]
ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/usr/sbin/sshd", "-D", "-e"]