kdy.ch
1FROM docker.io/golang:1.24-alpine3.21 AS build
2
3ENV CGO_ENABLED=1
4ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
5WORKDIR /usr/src/app
6COPY go.mod go.sum ./
7
8RUN apk add --no-cache gcc musl-dev
9RUN go mod download
10
11COPY . .
12RUN go build -v \
13 -o /usr/local/bin/knot \
14 -ldflags='-s -w -extldflags "-static"' \
15 ./cmd/knot
16
17FROM docker.io/alpine:3.21
18
19LABEL org.opencontainers.image.title=Tangled
20LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto."
21LABEL org.opencontainers.image.vendor=Tangled.sh
22LABEL org.opencontainers.image.licenses=MIT
23LABEL org.opencontainers.image.url=https://tangled.sh
24LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core
25
26RUN apk add --no-cache shadow s6-overlay execline openssh git curl && \
27 adduser --disabled-password git && \
28 # We need to set password anyway since otherwise ssh won't work
29 head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \
30 mkdir /app && mkdir /home/git/repositories
31
32COPY --from=build /usr/local/bin/knot /usr/local/bin
33COPY docker/rootfs/ .
34RUN chmod +x /etc/s6-overlay/scripts/keys-wrapper && \
35 chown git:git /app && \
36 chown -R git:git /home/git/repositories
37
38EXPOSE 22
39EXPOSE 5555
40
41HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
42 CMD curl -f http://localhost:5555/ || exit 1
43
44ENTRYPOINT ["/init"]