sanin.dev / core
forked from tangled.org/core
this repo has no description
fork atom

docker: update to unified binary deployment

authored by hanna and committed by anirudh.fi 67887f7c 325bca2e

options
unified split
Changed files
+8 -21
docker
Dockerfile
rootfs
etc
s6-overlay
s6-rc.d
knotserver
run
ssh
sshd_config.d
tangled_sshd.conf
+6 -19
docker/Dockerfile
··· 1 FROM docker.io/golang:1.24-alpine3.21 AS build 2 3 ENV CGO_ENABLED=1 4 5 RUN apk add --no-cache gcc musl-dev 6 - 7 - WORKDIR /usr/src/app 8 - 9 - COPY go.mod go.sum ./ 10 RUN go mod download 11 12 COPY . . 13 RUN go build -v \ 14 - -o /usr/local/bin/knotserver \ 15 -ldflags='-s -w -extldflags "-static"' \ 16 - ./cmd/knotserver && \ 17 - go build -v \ 18 - -o /usr/local/bin/keyfetch \ 19 - ./cmd/keyfetch && \ 20 - go build -v \ 21 - -o /usr/local/bin/repoguard \ 22 - ./cmd/repoguard 23 24 FROM docker.io/alpine:3.21 25 ··· 36 head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \ 37 mkdir /app && mkdir /home/git/repositories 38 39 - COPY --from=build /usr/local/bin/knotserver /usr/local/bin 40 - COPY --from=build /usr/local/bin/keyfetch /usr/local/libexec/tangled-keyfetch 41 - COPY --from=build /usr/local/bin/repoguard /home/git/repoguard 42 COPY docker/rootfs/ . 43 44 - RUN chown root:root /usr/local/libexec/tangled-keyfetch && \ 45 - chmod 755 /usr/local/libexec/tangled-keyfetch 46 - 47 EXPOSE 22 48 EXPOSE 5555 49 50 - ENTRYPOINT ["/bin/sh", "-c", "chown git:git /home/git/repoguard && chown git:git /app && chown git:git /home/git/repositories && /init"]
··· 1 FROM docker.io/golang:1.24-alpine3.21 AS build 2 3 ENV CGO_ENABLED=1 4 + WORKDIR /usr/src/app 5 + COPY go.mod go.sum ./ 6 7 RUN apk add --no-cache gcc musl-dev 8 RUN go mod download 9 10 COPY . . 11 RUN go build -v \ 12 + -o /usr/local/bin/knot \ 13 -ldflags='-s -w -extldflags "-static"' \ 14 + ./cmd/knot 15 16 FROM docker.io/alpine:3.21 17 ··· 28 head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \ 29 mkdir /app && mkdir /home/git/repositories 30 31 + COPY --from=build /usr/local/bin/knot /usr/local/bin 32 COPY docker/rootfs/ . 33 34 EXPOSE 22 35 EXPOSE 5555 36 37 + ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
+1 -1
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
··· 1 #!/command/with-contenv ash 2 3 - exec s6-setuidgid git /usr/local/bin/knotserver
··· 1 #!/command/with-contenv ash 2 3 + exec s6-setuidgid git /usr/local/bin/knot server
+1 -1
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
··· 5 PasswordAuthentication no 6 7 Match User git 8 - AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch -git-dir /home/git/repositories 9 AuthorizedKeysCommandUser nobody
··· 5 PasswordAuthentication no 6 7 Match User git 8 + AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys 9 AuthorizedKeysCommandUser nobody