general purpose rootless container
This commit is contained in:
parent
b0aaffb661
commit
64137dcfb7
2 changed files with 28 additions and 31 deletions
35
Dockerfile
35
Dockerfile
|
@ -1,16 +1,37 @@
|
||||||
FROM golang:1.21-alpine3.18 as builder
|
FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx
|
||||||
|
|
||||||
|
FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21-alpine3.18 as build-env
|
||||||
|
|
||||||
|
#
|
||||||
|
# Transparently cross compile for the target platform
|
||||||
|
#
|
||||||
|
COPY --from=xx / /
|
||||||
|
ARG TARGETPLATFORM
|
||||||
|
RUN apk --no-cache add clang lld
|
||||||
|
RUN xx-apk --no-cache add gcc musl-dev
|
||||||
|
RUN xx-go --wrap
|
||||||
|
|
||||||
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
||||||
RUN apk add --no-cache make git
|
RUN apk add --no-cache build-base git
|
||||||
|
|
||||||
COPY . /srv
|
COPY . /srv
|
||||||
WORKDIR /srv
|
WORKDIR /srv
|
||||||
|
|
||||||
RUN make clean && make build
|
RUN make clean && make build
|
||||||
|
|
||||||
FROM alpine:3.18
|
FROM docker.io/library/alpine:3.18
|
||||||
RUN apk add --no-cache git bash tini
|
LABEL maintainer="contact@forgejo.org"
|
||||||
|
|
||||||
COPY --from=builder /srv/forgejo-runner /bin/forgejo-runner
|
RUN apk add --no-cache git bash
|
||||||
COPY scripts/run.sh /opt/act/run.sh
|
|
||||||
|
|
||||||
ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"]
|
COPY --from=build-env /srv/forgejo-runner /bin/forgejo-runner
|
||||||
|
|
||||||
|
ENV HOME=/data
|
||||||
|
|
||||||
|
USER 1000:1000
|
||||||
|
|
||||||
|
WORKDIR /data
|
||||||
|
|
||||||
|
VOLUME ["/data"]
|
||||||
|
|
||||||
|
CMD ["/bin/forgejo-runner"]
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
FROM golang:1.21-alpine3.18 as builder
|
|
||||||
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
|
||||||
RUN apk add --no-cache make git
|
|
||||||
|
|
||||||
COPY . /opt/src/forgejo-runner
|
|
||||||
WORKDIR /opt/src/forgejo-runner
|
|
||||||
|
|
||||||
RUN make clean && make build
|
|
||||||
|
|
||||||
FROM docker:dind-rootless
|
|
||||||
USER root
|
|
||||||
RUN apk add --no-cache \
|
|
||||||
git bash supervisor
|
|
||||||
|
|
||||||
COPY --from=builder /opt/src/forgejo-runner/forgejo-runner /usr/local/bin/forgejo-runner
|
|
||||||
COPY /scripts/supervisord.conf /etc/supervisord.conf
|
|
||||||
COPY /scripts/run.sh /opt/act/run.sh
|
|
||||||
COPY /scripts/rootless.sh /opt/act/rootless.sh
|
|
||||||
|
|
||||||
RUN mkdir /data \
|
|
||||||
&& chown rootless:rootless /data
|
|
||||||
|
|
||||||
USER rootless
|
|
||||||
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
|
|
Loading…
Reference in a new issue