veryroundbird.house / core
forked from tangled.org/core
this repo has no description
fork atom

docker: update to unified binary deployment

hanna 67887f7c 325bca2e

options
unified split
Changed files
+8 -21
docker
Dockerfile
rootfs
etc
s6-overlay
s6-rc.d
knotserver
run
ssh
sshd_config.d
tangled_sshd.conf
+6 -19
docker/Dockerfile 
···

       
1

       
1

       
 

       
FROM docker.io/golang:1.24-alpine3.21 AS build


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
ENV CGO_ENABLED=1


     

       

       
4

       
+

       
WORKDIR /usr/src/app


     

       

       
5

       
+

       
COPY go.mod go.sum ./


     

       
4

       
6

       
 

       



     

       
5

       
7

       
 

       
RUN apk add --no-cache gcc musl-dev


     

       
6

       

       
-

       



     

       
7

       

       
-

       
WORKDIR /usr/src/app


     

       
8

       

       
-

       



     

       
9

       

       
-

       
COPY go.mod go.sum ./


     

       
10

       
8

       
 

       
RUN go mod download


     

       
11

       
9

       
 

       



     

       
12

       
10

       
 

       
COPY . .


     

       
13

       
11

       
 

       
RUN go build -v \


     

       
14

       

       
-

       
    -o /usr/local/bin/knotserver \


     

       

       
12

       
+

       
    -o /usr/local/bin/knot \


     

       
15

       
13

       
 

       
    -ldflags='-s -w -extldflags "-static"' \


     

       
16

       

       
-

       
    ./cmd/knotserver && \


     

       
17

       

       
-

       
    go build -v \


     

       
18

       

       
-

       
    -o /usr/local/bin/keyfetch \


     

       
19

       

       
-

       
    ./cmd/keyfetch && \


     

       
20

       

       
-

       
    go build -v \


     

       
21

       

       
-

       
    -o /usr/local/bin/repoguard \


     

       
22

       

       
-

       
    ./cmd/repoguard


     

       

       
14

       
+

       
    ./cmd/knot


     

       
23

       
15

       
 

       



     

       
24

       
16

       
 

       
FROM docker.io/alpine:3.21


     

       
25

       
17

       
 

       



     
···

       
36

       
28

       
 

       
    head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \


     

       
37

       
29

       
 

       
    mkdir /app && mkdir /home/git/repositories


     

       
38

       
30

       
 

       



     

       
39

       

       
-

       
COPY --from=build /usr/local/bin/knotserver /usr/local/bin


     

       
40

       

       
-

       
COPY --from=build /usr/local/bin/keyfetch /usr/local/libexec/tangled-keyfetch


     

       
41

       

       
-

       
COPY --from=build /usr/local/bin/repoguard /home/git/repoguard


     

       

       
31

       
+

       
COPY --from=build /usr/local/bin/knot /usr/local/bin


     

       
42

       
32

       
 

       
COPY docker/rootfs/ .


     

       
43

       
33

       
 

       



     

       
44

       

       
-

       
RUN chown root:root /usr/local/libexec/tangled-keyfetch && \


     

       
45

       

       
-

       
    chmod 755 /usr/local/libexec/tangled-keyfetch


     

       
46

       

       
-

       



     

       
47

       
34

       
 

       
EXPOSE 22


     

       
48

       
35

       
 

       
EXPOSE 5555


     

       
49

       
36

       
 

       



     

       
50

       

       
-

       
ENTRYPOINT ["/bin/sh", "-c", "chown git:git /home/git/repoguard && chown git:git /app && chown git:git /home/git/repositories && /init"]


     

       

       
37

       
+

       
ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
+1 -1
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run 
···

       
1

       
1

       
 

       
#!/command/with-contenv ash


     

       
2

       
2

       
 

       



     

       
3

       

       
-

       
exec s6-setuidgid git /usr/local/bin/knotserver


     

       

       
3

       
+

       
exec s6-setuidgid git /usr/local/bin/knot server
+1 -1
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf 
···

       
5

       
5

       
 

       
PasswordAuthentication no


     

       
6

       
6

       
 

       



     

       
7

       
7

       
 

       
Match User git


     

       
8

       

       
-

       
  AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch -git-dir /home/git/repositories


     

       

       
8

       
+

       
  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys


     

       
9

       
9

       
 

       
  AuthorizedKeysCommandUser nobody