cosmichorror.dev
forked from
tangled.org/knot-docker
Community maintained Docker config for the knot server
1from golang:1.25-alpine as builder
2env KNOT_REPO_SCAN_PATH=/home/git/repositories
3env CGO_ENABLED=1
4
5arg TAG='v1.12.0-alpha'
6
7workdir /app
8run apk add --no-cache git gcc musl-dev
9run git clone -b ${TAG} https://tangled.org/@tangled.org/core .
10run go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot
11
12from alpine:latest
13expose 5555
14expose 22
15
16label org.opencontainers.image.title='knot'
17label org.opencontainers.image.description='data server for tangled'
18label org.opencontainers.image.source='https://tangled.org/@tangled.org/knot-docker'
19label org.opencontainers.image.url='https://tangled.org'
20label org.opencontainers.image.vendor='tangled.org'
21label org.opencontainers.image.licenses='MIT'
22
23arg UID=1000
24arg GID=1000
25
26copy rootfs .
27run chmod 755 /etc
28run chmod -R 755 /etc/s6-overlay
29run apk add --no-cache shadow s6-overlay execline openssh git curl
30run groupadd -g $GID -f git
31run useradd -u $UID -g $GID -d /home/git git
32# setting the password to `*` disables password-based access without locking the
33# account out of ssh: <https://unix.stackexchange.com/a/193131>
34run usermod --password '*' git
35run mkdir -p /home/git/repositories && chown -R git:git /home/git
36copy --from=builder /usr/bin/knot /usr/bin
37run mkdir /app && chown -R git:git /app
38
39healthcheck --interval=60s --timeout=30s --start-period=5s --retries=3 \
40 cmd curl -f http://localhost:5555 || exit 1
41
42entrypoint ["/init"]