mirror of
https://github.com/gogs/gogs.git
synced 2025-12-14 20:29:57 +01:00
332c0895e6
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: unknwon <2946214+unknwon@users.noreply.github.com> Co-authored-by: Joe Chen <jc@unknwon.io>
49 lines
1.2 KiB
Docker
49 lines
1.2 KiB
Docker
FROM golang:alpine3.22 AS binarybuilder
|
|
RUN apk --no-cache --no-progress add --virtual \
|
|
build-deps \
|
|
build-base \
|
|
git \
|
|
linux-pam-dev
|
|
|
|
WORKDIR /gogs.io/gogs
|
|
COPY . .
|
|
|
|
RUN ./docker/build/install-task.sh
|
|
RUN TAGS="cert pam" task build
|
|
|
|
FROM alpine:3.22
|
|
|
|
# Create git user and group with fixed UID/GID at build time for better K8s security context support.
|
|
# Using 1000:1000 as it's a common non-root UID/GID that works well with most volume permission setups.
|
|
ARG GOGS_UID=1000
|
|
ARG GOGS_GID=1000
|
|
RUN addgroup -g ${GOGS_GID} -S git && \
|
|
adduser -u ${GOGS_UID} -G git -H -D -g 'Gogs Git User' -h /data/git -s /bin/sh git
|
|
|
|
RUN apk --no-cache --no-progress add \
|
|
bash \
|
|
ca-certificates \
|
|
git \
|
|
linux-pam \
|
|
openssh-keygen
|
|
|
|
ENV GOGS_CUSTOM=/data/gogs
|
|
|
|
WORKDIR /app/gogs
|
|
COPY --from=binarybuilder /gogs.io/gogs/gogs .
|
|
|
|
# Create data directories and set ownership
|
|
RUN mkdir -p /data/gogs /data/git /backup && \
|
|
chown -R git:git /app/gogs /data /backup
|
|
|
|
# Configure Docker Container
|
|
VOLUME ["/data", "/backup"]
|
|
EXPOSE 22 3000
|
|
HEALTHCHECK CMD (curl -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
|
|
|
|
# Run as non-root user by default for better K8s security context support.
|
|
USER git:git
|
|
|
|
ENTRYPOINT ["/app/gogs/gogs"]
|
|
CMD ["web"]
|