mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2026-02-13 21:00:00 +00:00
Add rootless (alpine) images (#4617)
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
This commit is contained in:
Patrick Schratz
GitHub
@@ -8,14 +8,20 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||
make build-agent
|
||||
|
||||
FROM docker.io/alpine:3.21
|
||||
RUN apk add -U --no-cache ca-certificates
|
||||
|
||||
RUN apk add -U --no-cache ca-certificates && \
|
||||
adduser -u 1000 -g 1000 woodpecker && \
|
||||
mkdir -p /etc/woodpecker && \
|
||||
chown -R woodpecker:woodpecker /etc/woodpecker
|
||||
|
||||
ENV GODEBUG=netdns=go
|
||||
# Internal setting do NOT change! Signals that woodpecker is running inside a container
|
||||
ENV WOODPECKER_IN_CONTAINER=true
|
||||
EXPOSE 3000
|
||||
|
||||
COPY --from=build /src/dist/woodpecker-agent /bin/
|
||||
RUN mkdir -p /etc/woodpecker
|
||||
|
||||
USER woodpecker
|
||||
|
||||
HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
|
||||
ENTRYPOINT ["/bin/woodpecker-agent"]
|
||||
@@ -1,12 +1,16 @@
|
||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
||||
|
||||
RUN groupadd -g 1000 woodpecker && \
|
||||
useradd -u 1000 -g 1000 woodpecker && \
|
||||
mkdir -p /etc/woodpecker && \
|
||||
chown -R woodpecker:woodpecker /etc/woodpecker
|
||||
|
||||
WORKDIR /src
|
||||
COPY . .
|
||||
ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||
--mount=type=cache,target=/go/pkg \
|
||||
make build-agent
|
||||
RUN mkdir -p /etc/woodpecker
|
||||
|
||||
FROM scratch
|
||||
ENV GODEBUG=netdns=go
|
||||
@@ -19,6 +23,10 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certifica
|
||||
# copy agent binary
|
||||
COPY --from=build /src/dist/woodpecker-agent /bin/
|
||||
COPY --from=build /etc/woodpecker /etc
|
||||
COPY --from=build /etc/passwd /etc/passwd
|
||||
COPY --from=build /etc/group /etc/group
|
||||
|
||||
USER woodpecker
|
||||
|
||||
HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
|
||||
ENTRYPOINT ["/bin/woodpecker-agent"]
|
||||
@@ -8,14 +8,18 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||
make build-cli
|
||||
|
||||
FROM docker.io/alpine:3.21
|
||||
|
||||
WORKDIR /woodpecker
|
||||
|
||||
RUN apk add -U --no-cache ca-certificates
|
||||
RUN apk add -U --no-cache ca-certificates && \
|
||||
adduser -u 1000 -g 1000 woodpecker
|
||||
|
||||
ENV GODEBUG=netdns=go
|
||||
ENV WOODPECKER_DISABLE_UPDATE_CHECK=true
|
||||
|
||||
COPY --from=build /src/dist/woodpecker-cli /bin/
|
||||
|
||||
USER woodpecker
|
||||
|
||||
HEALTHCHECK CMD ["/bin/woodpecker-cli", "ping"]
|
||||
ENTRYPOINT ["/bin/woodpecker-cli"]
|
||||
@@ -1,5 +1,8 @@
|
||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
||||
|
||||
RUN groupadd -g 1000 woodpecker && \
|
||||
useradd -u 1000 -g 1000 woodpecker
|
||||
|
||||
WORKDIR /src
|
||||
COPY . .
|
||||
ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
|
||||
@@ -17,6 +20,10 @@ ENV WOODPECKER_DISABLE_UPDATE_CHECK=true
|
||||
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||
# copy cli binary
|
||||
COPY --from=build /src/dist/woodpecker-cli /bin/
|
||||
COPY --from=build /etc/passwd /etc/passwd
|
||||
COPY --from=build /etc/group /etc/group
|
||||
|
||||
USER woodpecker
|
||||
|
||||
HEALTHCHECK CMD ["/bin/woodpecker-cli", "ping"]
|
||||
ENTRYPOINT ["/bin/woodpecker-cli"]
|
||||
@@ -1,7 +1,11 @@
|
||||
FROM docker.io/alpine:3.21
|
||||
|
||||
ARG TARGETOS TARGETARCH
|
||||
RUN apk add -U --no-cache ca-certificates
|
||||
RUN apk add -U --no-cache ca-certificates && \
|
||||
adduser -u 1000 -g 1000 woodpecker && \
|
||||
mkdir -p /var/lib/woodpecker && \
|
||||
chown -R woodpecker:woodpecker /var/lib/woodpecker
|
||||
|
||||
ENV GODEBUG=netdns=go
|
||||
# Internal setting do NOT change! Signals that woodpecker is running inside a container
|
||||
ENV WOODPECKER_IN_CONTAINER=true
|
||||
@@ -11,5 +15,7 @@ EXPOSE 8000 9000 80 443
|
||||
|
||||
COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
|
||||
|
||||
USER woodpecker
|
||||
|
||||
HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
|
||||
ENTRYPOINT ["/bin/woodpecker-server"]
|
||||
@@ -1,4 +1,9 @@
|
||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS certs
|
||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
||||
|
||||
RUN groupadd -g 1000 woodpecker && \
|
||||
useradd -u 1000 -g 1000 woodpecker && \
|
||||
mkdir -p /var/lib/woodpecker && \
|
||||
chown -R woodpecker:woodpecker /var/lib/woodpecker
|
||||
|
||||
FROM scratch
|
||||
ARG TARGETOS TARGETARCH
|
||||
@@ -10,9 +15,14 @@ ENV XDG_DATA_HOME=/var/lib/woodpecker
|
||||
EXPOSE 8000 9000 80 443
|
||||
|
||||
# copy certs from certs image
|
||||
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||
# copy server binary
|
||||
COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
|
||||
COPY --from=build /etc/passwd /etc/passwd
|
||||
COPY --from=build /etc/group /etc/group
|
||||
COPY --from=build /var/lib/woodpecker /var/lib/woodpecker
|
||||
|
||||
USER woodpecker
|
||||
|
||||
HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
|
||||
ENTRYPOINT ["/bin/woodpecker-server"]
|
||||
Reference in New Issue
Block a user