mirror of
https://github.com/gogs/gogs.git
synced 2026-01-13 19:02:21 +01:00
51 lines
1.3 KiB
Docker
51 lines
1.3 KiB
Docker
FROM golang:alpine3.23 AS binarybuilder
|
|
RUN apk --no-cache --no-progress add --virtual \
|
|
build-deps \
|
|
build-base \
|
|
git \
|
|
linux-pam-dev
|
|
|
|
WORKDIR /gogs.io/gogs
|
|
COPY . .
|
|
|
|
RUN ./docker/build/install-task.sh
|
|
RUN TAGS="cert pam" task build
|
|
|
|
FROM alpine:3.23
|
|
|
|
# Create git user and group with fixed UID/GID at build time for better K8s security context support.
|
|
# Using 1000:1000 as it's a common non-root UID/GID that works well with most volume permission setups.
|
|
ARG GOGS_UID=1000
|
|
ARG GOGS_GID=1000
|
|
RUN addgroup -g ${GOGS_GID} -S git && \
|
|
adduser -u ${GOGS_UID} -G git -H -D -g 'Gogs Git User' -h /data/git -s /bin/sh git
|
|
|
|
RUN apk --no-cache --no-progress add \
|
|
bash \
|
|
ca-certificates \
|
|
curl \
|
|
git \
|
|
linux-pam \
|
|
openssh-keygen
|
|
|
|
ENV GOGS_CUSTOM=/data/gogs
|
|
|
|
WORKDIR /app/gogs
|
|
COPY --from=binarybuilder /gogs.io/gogs/gogs .
|
|
COPY docker-next/start.sh .
|
|
RUN chmod +x start.sh && \
|
|
mkdir -p /data && \
|
|
ln -s /data/git /home/git && \
|
|
chown -R git:git /app/gogs /data
|
|
|
|
# Configure Docker Container
|
|
VOLUME ["/data", "/backup"]
|
|
EXPOSE 22 3000
|
|
HEALTHCHECK CMD (curl -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
|
|
|
|
# Run as non-root user by default for better K8s security context support.
|
|
USER git:git
|
|
|
|
ENTRYPOINT ["/app/gogs/start.sh"]
|
|
CMD ["/app/gogs/gogs", "web"]
|