diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e57b93d1ae722..0000000000000 --- a/Dockerfile +++ /dev/null @@ -1,69 +0,0 @@ - -################################### -#Build stage -FROM golang:1.16-alpine3.13 AS build-env - -ARG GOPROXY -ENV GOPROXY ${GOPROXY:-direct} - -ARG GITEA_VERSION -ARG TAGS="sqlite sqlite_unlock_notify" -ENV TAGS "bindata timetzdata $TAGS" -ARG CGO_EXTRA_CFLAGS - -#Build deps -RUN apk --no-cache add build-base git nodejs npm - -#Setup repo -COPY . ${GOPATH}/src/code.gitea.io/gitea -WORKDIR ${GOPATH}/src/code.gitea.io/gitea - -#Checkout version if set -RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all build - -# Begin env-to-ini build -RUN go build contrib/environment-to-ini/environment-to-ini.go - -FROM alpine:3.13 -LABEL maintainer="maintainers@gitea.io" - -EXPOSE 22 3000 - -RUN apk --no-cache add \ - bash \ - ca-certificates \ - curl \ - gettext \ - git \ - linux-pam \ - openssh \ - s6 \ - sqlite \ - su-exec \ - gnupg - -RUN addgroup \ - -S -g 1000 \ - git && \ - adduser \ - -S -H -D \ - -h /data/git \ - -s /bin/bash \ - -u 1000 \ - -G git \ - git && \ - echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd - -ENV USER git -ENV GITEA_CUSTOM /data/gitea - -VOLUME ["/data"] - -ENTRYPOINT ["/usr/bin/entrypoint"] -CMD ["/bin/s6-svscan", "/etc/s6"] - -COPY docker/root / -COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea -COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini -RUN ln -s /app/gitea/gitea /usr/local/bin/gitea diff --git a/Dockerfile.rootless b/Dockerfile.rootless deleted file mode 100644 index e91720dd5f33d..0000000000000 --- a/Dockerfile.rootless +++ /dev/null @@ -1,71 +0,0 @@ - -################################### -#Build stage -FROM golang:1.16-alpine3.13 AS build-env - -ARG GOPROXY -ENV GOPROXY ${GOPROXY:-direct} - -ARG GITEA_VERSION -ARG TAGS="sqlite sqlite_unlock_notify" -ENV TAGS "bindata timetzdata $TAGS" -ARG CGO_EXTRA_CFLAGS - -#Build deps -RUN apk --no-cache add build-base git nodejs npm - -#Setup repo -COPY . ${GOPATH}/src/code.gitea.io/gitea -WORKDIR ${GOPATH}/src/code.gitea.io/gitea - -#Checkout version if set -RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all build - -# Begin env-to-ini build -RUN go build contrib/environment-to-ini/environment-to-ini.go - -FROM alpine:3.13 -LABEL maintainer="maintainers@gitea.io" - -EXPOSE 2222 3000 - -RUN apk --no-cache add \ - bash \ - ca-certificates \ - gettext \ - git \ - gnupg - -RUN addgroup \ - -S -g 1000 \ - git && \ - adduser \ - -S -H -D \ - -h /var/lib/gitea/git \ - -s /bin/bash \ - -u 1000 \ - -G git \ - git && \ - echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd - -RUN mkdir -p /var/lib/gitea /etc/gitea -RUN chown git:git /var/lib/gitea /etc/gitea - -COPY docker/rootless / -COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea -COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini - -USER git:git -ENV GITEA_WORK_DIR /var/lib/gitea -ENV GITEA_CUSTOM /var/lib/gitea/custom -ENV GITEA_TEMP /tmp/gitea -#TODO add to docs the ability to define the ini to load (usefull to test and revert a config) -ENV GITEA_APP_INI /etc/gitea/app.ini -ENV HOME "/var/lib/gitea/git" -VOLUME ["/var/lib/gitea", "/etc/gitea"] -WORKDIR /var/lib/gitea - -ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] -CMD [] - diff --git a/Makefile b/Makefile index 00bdbab2591bd..af893414ee1de 100644 --- a/Makefile +++ b/Makefile @@ -544,6 +544,7 @@ migrations.sqlite.test: $(GO_SOURCES) .PHONY: check check: test +# DNM(Krey): Experiment .PHONY: install $(TAGS_PREREQ) install: $(wildcard *.go) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000000000..6a640e5577105 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,33 @@ +# FIXME-BLOCKER(Krey): Should be adapted to use `COPY` from container to container once upstream implements it, currently using a volume that is provided to relevant containers to share the content (https://github.com/docker/compose/issues/5523#issuecomment-774392560) + +###! Universal `docker-compose.yml` file intended to be used as a reference for configuration and development. + +# DNM(Krey): Provide the database ports within a private network available to services without the need to expose ports to the system unless explicitly specified + +version: "3" + +services: + gitea-service: + container_name: gitea-service + build: + context: . + dockerfile: docker/dockerfiles/gitea.Dockerfile + ports: + - "3000:3000" + command: /srv/gitea/gitea-wrapper + depends_on: + - gitea-mysql-database + gitea-mysql-database: + container_name: gitea-mysql-database + image: mysql:5.7 + restart: always + environment: + - MYSQL_ROOT_PASSWORD=gitea + - MYSQL_USER=gitea + - MYSQL_PASSWORD=gitea + - MYSQL_DATABASE=gitea + ports: + - "3306:3306" +volumes: + mysql: + driver: local \ No newline at end of file diff --git a/docker/README.md b/docker/README.md index ef05032ee6f37..c84165d57e417 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,7 +1,7 @@ # Gitea - Docker -Dockerfile is found in root of repository. +Directory dedicated to docker-related pathnames -Docker image can be found on [docker hub](https://hub.docker.com/r/gitea/gitea) +Docker images are also available on the [docker hub](https://hub.docker.com/r/gitea/gitea) -Documentation on using docker image can be found on [Gitea Docs site](https://docs.gitea.io/en-us/install-with-docker/) +Detailed documentation on how to use provided docker images is available on [Gitea Docs site](https://docs.gitea.io/en-us/install-with-docker/) diff --git a/docker/dockerfiles/gitea.Dockerfile b/docker/dockerfiles/gitea.Dockerfile new file mode 100644 index 0000000000000..cadb42fb31a09 --- /dev/null +++ b/docker/dockerfiles/gitea.Dockerfile @@ -0,0 +1,111 @@ +###! This dockerfile builds and starts a gitea service + +FROM golang:1.15-alpine3.13 AS build-env + +ARG GOPROXY="direct" + +# DNM-INVESTIGATE(Krey): Investigate these tags and optimize their usage +ARG TAGS="sqlite sqlite_unlock_notify bindata timetzdata" + +ARG GITEA_VERSION +ARG CGO_EXTRA_CFLAGS + +ARG GITEA_BUILDER_BUILD_DEPS="build-base nodejs npm git" + +# Install build dependencies +RUN apk --no-cache add $GITEA_BUILDER_BUILD_DEPS + +# Setup repo +COPY . "$GOPATH/src/code.gitea.io/gitea" + +WORKDIR "$GOPATH/src/code.gitea.io/gitea" + +# Checkout version if set +RUN [ -z "$GITEA_VERSION" ] || { make clean-all && git checkout "${GITEA_VERSION}" ;} + +# Build the source code +RUN make clean-all build + +# DNM-CD(Krey): Implement automatic bumps of the alpine image +FROM alpine:3.13 AS gitea-service + +LABEL maintainer="maintainers@gitea.io" + +# File hierarchy +## NOTE-DUP_CODE(Krey): Changes of these values has to be updated in `docker/wrapper/gitea.sh` as well +ARG GITEA_WORKDIR="/srv/gitea" +RUN mkdir -p "$GITEA_WORKDIR" + +ARG GITEA_CUSTOMDIR="$GITEA_WORKDIR/custom" +RUN mkdir -p "$GITEA_CUSTOMDIR" + +ARG GITEA_TEMPDIR="/var/tmp/gitea" +RUN mkdir -p "$GITEA_TEMPDIR" + +ARG GITEA_CONFDIR="$GITEA_CUSTOMDIR/conf" +RUN mkdir -p "$GITEA_CONFDIR" + +ARG GITEA_SRCDIR="/go/src/code.gitea.io/gitea" +ARG GITEA_APP_INI="$GITEA_CONFDIR/app.ini" + +RUN mkdir -p "$GITEA_WORKDIR" + +ARG GITEA_EXECUTABLE="$GITEA_WORKDIR/gitea" + +# Permission +ARG GITEA_USER="gitea" +ARG GITEA_USER_ID="1000" +ARG GITEA_USER_HOME="$GITEA_WORKDIR" +ARG GITEA_USER_SHELL="/bin/nologin" +ARG GITEA_GROUP="gitea" +ARG GITEA_GROUP_ID="1000" + +# Dependencies +ARG GITEA_RUNTIME_DEPS="git" + +# Install runtime dependencies +RUN apk --no-cache add $GITEA_RUNTIME_DEPS + +# Create the gitea user +## NOTE(Krey): These are busybox commands so we have to first create group and then the user added to the group +RUN true \ + # addgroup [-g GID] [-S] [USER] GROUP + && addgroup \ + # Create a system group + -S \ + # Group id + -g "$GITEA_GROUP_ID" \ + "$GITEA_GROUP" \ + # adduser [OPTIONS] USER [GROUP] + && adduser \ + # Create System user + -S \ + # Don't Create home directory + -H \ + # Don't assign a password + -D \ + # Home directory + -h "$GITEA_USER_HOME" \ + # Login shell + -s "$GITEA_USER_SHELL" \ + # User id + -u "$GITEA_USER_ID" \ + # Group + -G "$GITEA_GROUP" \ + "$GITEA_USER" + +# Copy the compiled source code in this container for installation +COPY --from=build-env "/go/src/code.gitea.io/gitea" "$GITEA_SRCDIR" + +# Get gitea executable in the system +RUN cp "$GITEA_SRCDIR/gitea" "$GITEA_EXECUTABLE" + +ARG GITEA_WRAPPER_SCRIPT="$GITEA_WORKDIR/gitea-wrapper" +COPY docker/wrapper/gitea.sh "$GITEA_WRAPPER_SCRIPT" + +RUN chown -R "$GITEA_USER:$GITEA_GROUP" "$GITEA_USER_HOME" + +USER "$GITEA_USER" + +# FIXME(Krey): Expecting '$GITEA_EXECUTABLE/$GITEA_WRAPPER_SCRIPT' to expand here, but it is not available at the CMD scope +CMD [ "/srv/gitea/gitea", "web" ] \ No newline at end of file diff --git a/docker/manifest.rootless.tmpl b/docker/manifest.rootless.tmpl deleted file mode 100644 index aed36caa4e877..0000000000000 --- a/docker/manifest.rootless.tmpl +++ /dev/null @@ -1,19 +0,0 @@ -image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-rootless -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}}-rootless -{{/each}} -{{/if}} -manifests: - - - image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64-rootless - platform: - architecture: amd64 - os: linux - - - image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-rootless - platform: - architecture: arm64 - os: linux - variant: v8 diff --git a/docker/manifest.tmpl b/docker/manifest.tmpl deleted file mode 100644 index 9678449628a19..0000000000000 --- a/docker/manifest.tmpl +++ /dev/null @@ -1,19 +0,0 @@ -image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}} -{{/each}} -{{/if}} -manifests: - - - image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64 - platform: - architecture: amd64 - os: linux - - - image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64 - platform: - architecture: arm64 - os: linux - variant: v8 diff --git a/docker/root/etc/nsswitch.conf b/docker/root/etc/nsswitch.conf deleted file mode 100644 index 25fad995e65d0..0000000000000 --- a/docker/root/etc/nsswitch.conf +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/nsswitch.conf - -passwd: compat -group: compat -shadow: compat - -hosts: files dns -networks: files - -protocols: db files -services: db files -ethers: db files -rpc: db files - -netgroup: nis diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish deleted file mode 100755 index 06bd986563d4c..0000000000000 --- a/docker/root/etc/s6/.s6-svscan/finish +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -exit 0 diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish deleted file mode 100755 index 5d44f4174f7a0..0000000000000 --- a/docker/root/etc/s6/gitea/finish +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -s6-svscanctl -t /etc/s6/ diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run deleted file mode 100755 index b6150c10d5fa3..0000000000000 --- a/docker/root/etc/s6/gitea/run +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -[[ -f ./setup ]] && source ./setup - -pushd /app/gitea >/dev/null -exec su-exec $USER /app/gitea/gitea web -popd diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup deleted file mode 100755 index 38187b29e051f..0000000000000 --- a/docker/root/etc/s6/gitea/setup +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -if [ ! -d /data/git/.ssh ]; then - mkdir -p /data/git/.ssh - chmod 700 /data/git/.ssh -fi - -if [ ! -f /data/git/.ssh/environment ]; then - echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment - chmod 600 /data/git/.ssh/environment - -elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then - sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment - echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment -fi - -if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then - mkdir -p ${GITEA_CUSTOM}/conf - - # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and - # INSTALL_LOCK is empty - if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then - INSTALL_LOCK=true - fi - - # Substitude the environment variables in the template - APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \ - RUN_MODE=${RUN_MODE:-"prod"} \ - DOMAIN=${DOMAIN:-"localhost"} \ - SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \ - HTTP_PORT=${HTTP_PORT:-"3000"} \ - ROOT_URL=${ROOT_URL:-""} \ - DISABLE_SSH=${DISABLE_SSH:-"false"} \ - SSH_PORT=${SSH_PORT:-"22"} \ - SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \ - LFS_START_SERVER=${LFS_START_SERVER:-"false"} \ - DB_TYPE=${DB_TYPE:-"sqlite3"} \ - DB_HOST=${DB_HOST:-"localhost:3306"} \ - DB_NAME=${DB_NAME:-"gitea"} \ - DB_USER=${DB_USER:-"root"} \ - DB_PASSWD=${DB_PASSWD:-""} \ - INSTALL_LOCK=${INSTALL_LOCK:-"false"} \ - DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \ - REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \ - SECRET_KEY=${SECRET_KEY:-""} \ - envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini - - chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini -fi - -# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME -environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini - -# only chown if current owner is not already the gitea ${USER}. No recursive check to save time -if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi -if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi -if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi -chmod 0755 /data/gitea /app/gitea /data/git diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish deleted file mode 100755 index 06bd986563d4c..0000000000000 --- a/docker/root/etc/s6/openssh/finish +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -exit 0 diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run deleted file mode 100755 index a40b5b113f407..0000000000000 --- a/docker/root/etc/s6/openssh/run +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -[[ -f ./setup ]] && source ./setup - -pushd /root >/dev/null -exec su-exec root /usr/sbin/sshd -D -e 2>&1 -popd diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup deleted file mode 100755 index 2a5eb9b09f0a9..0000000000000 --- a/docker/root/etc/s6/openssh/setup +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -if [ ! -d /data/ssh ]; then - mkdir -p /data/ssh -fi - -if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then - echo "Generating /data/ssh/ssh_host_ed25519_key..." - ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null -fi - -if [ ! -f /data/ssh/ssh_host_rsa_key ]; then - echo "Generating /data/ssh/ssh_host_rsa_key..." - ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null -fi - -if [ ! -f /data/ssh/ssh_host_dsa_key ]; then - echo "Generating /data/ssh/ssh_host_dsa_key..." - ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null -fi - -if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then - echo "Generating /data/ssh/ssh_host_ecdsa_key..." - ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null -fi - -if [ -d /etc/ssh ]; then - SSH_PORT=${SSH_PORT:-"22"} \ - SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \ - envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config - - chmod 0644 /etc/ssh/sshd_config -fi - -chown root:root /data/ssh/* -chmod 0700 /data/ssh -chmod 0600 /data/ssh/* diff --git a/docker/root/etc/templates/app.ini b/docker/root/etc/templates/app.ini deleted file mode 100644 index c8a8cdc5f3883..0000000000000 --- a/docker/root/etc/templates/app.ini +++ /dev/null @@ -1,59 +0,0 @@ -APP_NAME = $APP_NAME -RUN_MODE = $RUN_MODE - -[repository] -ROOT = /data/git/repositories - -[repository.local] -LOCAL_COPY_PATH = /data/gitea/tmp/local-repo - -[repository.upload] -TEMP_PATH = /data/gitea/uploads - -[server] -APP_DATA_PATH = /data/gitea -DOMAIN = $DOMAIN -SSH_DOMAIN = $SSH_DOMAIN -HTTP_PORT = $HTTP_PORT -ROOT_URL = $ROOT_URL -DISABLE_SSH = $DISABLE_SSH -SSH_PORT = $SSH_PORT -SSH_LISTEN_PORT = $SSH_LISTEN_PORT -LFS_START_SERVER = $LFS_START_SERVER -LFS_CONTENT_PATH = /data/git/lfs - -[database] -PATH = /data/gitea/gitea.db -DB_TYPE = $DB_TYPE -HOST = $DB_HOST -NAME = $DB_NAME -USER = $DB_USER -PASSWD = $DB_PASSWD -LOG_SQL = false - -[indexer] -ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve - -[session] -PROVIDER_CONFIG = /data/gitea/sessions - -[picture] -AVATAR_UPLOAD_PATH = /data/gitea/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars - -[attachment] -PATH = /data/gitea/attachments - -[log] -MODE = console -LEVEL = info -ROUTER = console -ROOT_PATH = /data/gitea/log - -[security] -INSTALL_LOCK = $INSTALL_LOCK -SECRET_KEY = $SECRET_KEY - -[service] -DISABLE_REGISTRATION = $DISABLE_REGISTRATION -REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW diff --git a/docker/root/etc/templates/sshd_config b/docker/root/etc/templates/sshd_config deleted file mode 100644 index 26e26feb4127a..0000000000000 --- a/docker/root/etc/templates/sshd_config +++ /dev/null @@ -1,40 +0,0 @@ -Port ${SSH_LISTEN_PORT} -Protocol 2 - -AddressFamily any -ListenAddress 0.0.0.0 -ListenAddress :: - -LogLevel INFO - -HostKey /data/ssh/ssh_host_ed25519_key -HostCertificate /data/ssh/ssh_host_ed25519_cert -HostKey /data/ssh/ssh_host_rsa_key -HostCertificate /data/ssh/ssh_host_rsa_cert -HostKey /data/ssh/ssh_host_ecdsa_key -HostCertificate /data/ssh/ssh_host_ecdsa_cert -HostKey /data/ssh/ssh_host_dsa_key -HostCertificate /data/ssh/ssh_host_dsa_cert - -AuthorizedKeysFile .ssh/authorized_keys -AuthorizedPrincipalsFile .ssh/authorized_principals -TrustedUserCAKeys /data/git/.ssh/gitea-trusted-user-ca-keys.pem -CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa - -UseDNS no -AllowAgentForwarding no -AllowTcpForwarding no -PrintMotd no - -PermitUserEnvironment yes -PermitRootLogin no -ChallengeResponseAuthentication no -PasswordAuthentication no -PermitEmptyPasswords no - -AllowUsers ${USER} - -Banner none -Subsystem sftp /usr/lib/ssh/sftp-server - -AcceptEnv GIT_PROTOCOL diff --git a/docker/root/usr/bin/entrypoint b/docker/root/usr/bin/entrypoint deleted file mode 100755 index a3c03ecff379f..0000000000000 --- a/docker/root/usr/bin/entrypoint +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -if [ "${USER}" != "git" ]; then - # rename user - sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd -fi - -if [ -z "${USER_GID}" ]; then - USER_GID="`id -g ${USER}`" -fi - -if [ -z "${USER_UID}" ]; then - USER_UID="`id -u ${USER}`" -fi - -## Change GID for USER? -if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then - sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group - sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd -fi - -## Change UID for USER? -if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then - sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd -fi - -for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do - mkdir -p ${FOLDER} -done - -if [ $# -gt 0 ]; then - exec "$@" -else - exec /bin/s6-svscan /etc/s6 -fi diff --git a/docker/rootless/etc/templates/app.ini b/docker/rootless/etc/templates/app.ini deleted file mode 100644 index 92755575b989e..0000000000000 --- a/docker/rootless/etc/templates/app.ini +++ /dev/null @@ -1,55 +0,0 @@ -APP_NAME = $APP_NAME -RUN_USER = $RUN_USER -RUN_MODE = $RUN_MODE - -[repository] -ROOT = $GITEA_WORK_DIR/git/repositories - -[repository.local] -LOCAL_COPY_PATH = $GITEA_TEMP/local-repo - -[repository.upload] -TEMP_PATH = $GITEA_TEMP/uploads - -[server] -APP_DATA_PATH = $GITEA_WORK_DIR -SSH_DOMAIN = $SSH_DOMAIN -HTTP_PORT = $HTTP_PORT -ROOT_URL = $ROOT_URL -DISABLE_SSH = $DISABLE_SSH -; In rootless gitea container only internal ssh server is supported -START_SSH_SERVER = true -SSH_PORT = $SSH_PORT -SSH_LISTEN_PORT = $SSH_LISTEN_PORT -BUILTIN_SSH_SERVER_USER = $RUN_USER -LFS_START_SERVER = $LFS_START_SERVER -LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs - -[database] -PATH = $GITEA_WORK_DIR/data/gitea.db -DB_TYPE = $DB_TYPE -HOST = $DB_HOST -NAME = $DB_NAME -USER = $DB_USER -PASSWD = $DB_PASSWD - -[session] -PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions - -[picture] -AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars - -[attachment] -PATH = $GITEA_WORK_DIR/data/attachments - -[log] -ROOT_PATH = $GITEA_WORK_DIR/data/log - -[security] -INSTALL_LOCK = $INSTALL_LOCK -SECRET_KEY = $SECRET_KEY - -[service] -DISABLE_REGISTRATION = $DISABLE_REGISTRATION -REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW diff --git a/docker/rootless/usr/local/bin/docker-entrypoint.sh b/docker/rootless/usr/local/bin/docker-entrypoint.sh deleted file mode 100755 index d05777adc5645..0000000000000 --- a/docker/rootless/usr/local/bin/docker-entrypoint.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -if [ -x /usr/local/bin/docker-setup.sh ]; then - /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; } -fi - -if [ $# -gt 0 ]; then - exec "$@" -else - exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web -fi diff --git a/docker/rootless/usr/local/bin/docker-setup.sh b/docker/rootless/usr/local/bin/docker-setup.sh deleted file mode 100755 index ef86d01c9f30c..0000000000000 --- a/docker/rootless/usr/local/bin/docker-setup.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -# Prepare git folder -mkdir -p ${HOME} && chmod 0700 ${HOME} -if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi - -# Prepare custom folder -mkdir -p ${GITEA_CUSTOM} && chmod 0500 ${GITEA_CUSTOM} - -# Prepare temp folder -mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP} -if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi - -#Prepare config file -if [ ! -f ${GITEA_APP_INI} ]; then - - #Prepare config file folder - GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI}) - mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR} - if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi - - # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and - # INSTALL_LOCK is empty - if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then - INSTALL_LOCK=true - fi - - # Substitude the environment variables in the template - APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \ - RUN_MODE=${RUN_MODE:-"prod"} \ - RUN_USER=${USER:-"git"} \ - SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \ - HTTP_PORT=${HTTP_PORT:-"3000"} \ - ROOT_URL=${ROOT_URL:-""} \ - DISABLE_SSH=${DISABLE_SSH:-"false"} \ - SSH_PORT=${SSH_PORT:-"2222"} \ - SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \ - DB_TYPE=${DB_TYPE:-"sqlite3"} \ - DB_HOST=${DB_HOST:-"localhost:3306"} \ - DB_NAME=${DB_NAME:-"gitea"} \ - DB_USER=${DB_USER:-"root"} \ - DB_PASSWD=${DB_PASSWD:-""} \ - INSTALL_LOCK=${INSTALL_LOCK:-"false"} \ - DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \ - REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \ - SECRET_KEY=${SECRET_KEY:-""} \ - envsubst < /etc/templates/app.ini > ${GITEA_APP_INI} -fi - -# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME -environment-to-ini --config ${GITEA_APP_INI} diff --git a/docker/wrapper/gitea.sh b/docker/wrapper/gitea.sh new file mode 100755 index 0000000000000..44dd0c8c0de90 --- /dev/null +++ b/docker/wrapper/gitea.sh @@ -0,0 +1,109 @@ +#!/bin/sh +# Shellcheck shell=sh # Written to comply with IEEE Std 1003.1-2017 + +###! # Gitea wrapper +###! Wrapper designed to provide the required variables needed for the runtime of gitea using `app.ini' with variables for it's values + +# File hierarchy +export GITEA_WORKDIR="${GITEA_WORKDIR:-"/srv/gitea"}" +export GITEA_CUSTOMDIR="${GITEA_CUSTOMDIR:-"$GITEA_WORKDIR/custom"}" +export GITEA_TEMPDIR="${GITEA_TEMPDIR:-"/var/tmp/gitea"}" +export GITEA_CONFDIR="${GITEA_CONFDIR:-"$GITEA_CUSTOMDIR/conf"}" +export GITEA_SRCDIR="${GITEA_SRCDIR:-"/go/src/code.gitea.io/gitea"}" +export GITEA_APP_INI="${GITEA_APP_INI:-"$GITEA_CONFDIR/app.ini"}" +export GITEA_EXECUTABLE="${GITEA_EXECUTABLE:-"$GITEA_WORKDIR/gitea"}" + +cat <<-CONFIG > "$GITEA_APP_INI" + APP_NAME = ${GITEA_APP_NAME:-"Gitea: Git with a cup of tea"} + RUN_USER = ${GITEA_USER:-"gitea"} + RUN_MODE = ${GITEA_RUN_MODE:-"prod"} + + [repository] + ROOT = ${GITEA_REPO_ROOT:-"$GITEA_WORKDIR/git/repositories"} + + [repository.local] + LOCAL_COPY_PATH = ${GITEA_LOCAL_REPO_PATH:-"/var/tmp/gitea/local-repo"} + + [repository.upload] + TEMP_PATH = ${GITEA_UPLOAD_REPO_TEMP_PATH:-"/var/tmp/gitea/uploads"} + + [server] + DOMAIN = ${GITEA_SERVER_DOMAIN:-"localhost"} + APP_DATA_PATH = ${GITEA_SERVER_APP_DATA_PATH:-"$GITEA_WORKDIR"} + SSH_DOMAIN = ${GITEA_SERVER_SSH_DOMAIN:-"localhost"} + HTTP_PORT = ${GITEA_SERVER_HTTP_PORT:-"3000"} + ROOT_URL = ${GITEA_SERVER_ROOT_URL:-"http://${GITEA_SERVER_DOMAIN:-"localhost"}:${GITEA_SERVER_HTTP_PORT:-"3000"}"} + DISABLE_SSH = ${GITEA_SERVER_DISABLE_SSH:-"false"} + START_SSH_SERVER = ${GITEA_SERVER_START_SSH_SERVER:-"true"} + SSH_PORT = ${GITEA_SERVER_SSH_PORT:-"2222"} + SSH_LISTEN_PORT = ${GITEA_SERVER_SSH_LISTEN_PORT:-"2222"} + BUILTIN_SSH_SERVER_USER = ${GITEA_SERVER_BUILTIN_SSH_SERVER_USER:-"git"} + LFS_START_SERVER = ${GITEA_SERVER_LFS_START_SERVER:-"true"} + LFS_CONTENT_PATH = ${GITEA_SERVER_LFS_CONTENT_PATH:-"$GITEA_WORKDIR/git/lfs"} + # DNM-SECURITY(Krey): This has to be auto-generated + LFS_JWT_SECRET = ${GITEA_SERVER_LFS_JWT_SECRET:-"kBHxlY89K3nkoTulGbBsDk7Ow_d6QKJxiKYnMWIhrD4"} + OFFLINE_MODE = ${GITEA_SERVER_OFFLINE_MODE:-"false"} + + [database] + PATH = ${GITEA_DB_PATH:-"$GITEA_WORKDIR/data/gitea.db"} + DB_TYPE = ${GITEA_DB_TYPE:-"sqlite3"} + HOST = ${GITEA_DB_HOST:-"127.0.0.1:3306"} + NAME = ${GITEA_DB_NAME:-"gitea"} + USER = ${GITEA_DB_USER:-"gitea"} + PASSWD = ${GITEA_DB_PASSWD:-"gitea"} + SCHEMA = ${GITEA_DB_SCHEMA:-""} + SSL_MODE = ${GITEA_DB_SCHEMA:-"disable"} + CHARSET = ${GITEA_DB_CHARSET:-"utf8mb4"} + LOG_SQL = ${GITEA_DB_LOG_SQL:-"false"} + + [session] + PROVIDER_CONFIG = ${GITEA_SESSION_PROVIDER_CONFIG:-"$GITEA_WORKDIR/data/sessions"} + PROVIDER = ${GITEA_SESSION_PROVIDER:-"file"} + + [picture] + AVATAR_UPLOAD_PATH = {GITEA_PICTURE_AVATAR_UPLOAD_PATH:-"$GITEA_WORKDIR/data/avatars"} + REPOSITORY_AVATAR_UPLOAD_PATH = ${GITEA_PICTURE_REPOSITORY_AVATAR_UPLOAD_PATH:-"$GITEA_WORKDIR/data/gitea/repo-avatars"} + DISABLE_GRAVATAR = ${GITEA_PICTURE_DISABLE_GRAVATAR:-"false"} + ENABLE_FEDERATED_AVATAR = ${GITEA_PICTURE_ENABLE_FEDERATED_AVATAR:-"true"} + + [attachment] + PATH = ${GITEA_ATTACHMENT_PATH:-"$GITEA_WORKDIR/data/attachments"} + + [log] + ROOT_PATH = ${GITEA_LOG_ROOT_PATH:-"$GITEA_WORKDIR/data/log"} + MODE = ${GITEA_LOG_MODE:-"console"} + LEVEL = ${GITEA_LOG_LEVEL:-"info"} + ROUTER = ${GITEA_LOG_ROUTER:-"console"} + + [security] + INSTALL_LOCK = $GITEA_SECURITY_INSTALL_LOCK + SECRET_KEY = $GITEA_SECURITY_SECRET_KEY + INTERNAL_TOKEN = $GITEA_SECURITY_INTERNAL_TOKEN + + [service] + DISABLE_REGISTRATION = ${GITEA_SERVICE_DISABLE_REGISTRATION:-"false"} + REQUIRE_SIGNIN_VIEW = ${GITEA_SERVICE_REQUIRE_SIGNIN_VIEW:-"false"} + REGISTER_EMAIL_CONFIRM = ${GITEA_SERVICE_REGISTER_EMAIL_CONFIRM:-"false"} + ENABLE_NOTIFY_MAIL = ${GITEA_SERVICE_ENABLE_NOTIFY_MAIL:-"false"} + ALLOW_ONLY_EXTERNAL_REGISTRATION = ${GITEA_SERVICE_ALLOW_ONLY_EXTERNAL_REGISTRATION:-"false"} + ENABLE_CAPTCHA = ${GITEA_SERVICE_ENABLE_CAPTCHA:-"false"} + DEFAULT_KEEP_EMAIL_PRIVATE = ${GITEA_SERVICE_DEFAULT_KEEP_EMAIL_PRIVATE:-"false"} + DEFAULT_ALLOW_CREATE_ORGANIZATION = ${GITEA_SERVICE_DEFAULT_ALLOW_CREATE_ORGANIZATION:-"false"} + DEFAULT_ENABLE_TIMETRACKING = ${GITEA_SERVICE_DEFAULT_ENABLE_TIMETRACKING:-"false"} + NO_REPLY_ADDRESS = ${GITEA_SERVICE_NO_REPLY_ADDRESS:-""} + + [oauth2] + JWT_SECRET = ${GITEA_OAUTH2_JWT_SECRET:-"p7iYUHO-V3wNGTMGGtlXVa0OFn1avVTV6I6SAbSQh0o"} + + [mailer] + ENABLED = ${GITEA_MAILER_ENABLED:-"false"} + + [openid] + ENABLE_OPENID_SIGNIN = ${GITEA_OPENID_ENABLE_OPENID_SIGNIN:-"false"} + ENABLE_OPENID_SIGNUP = ${GITEA_OPENID_ENABLE_OPENID_SIGNUP:-"false"} +CONFIG + +# DNM(Krey) +printf '+ %s\n' "$GITEA_PREFIX $GITEA_EXECUTABLE ${GITEA_ARGS:-"--config $GITEA_APP_INI"} ${GITEA_CMD:-"web"} $GITEA_SUFFIX" + +$GITEA_PREFIX "$GITEA_EXECUTABLE" ${GITEA_ARGS:-"--config $GITEA_APP_INI"} ${GITEA_CMD:-"web"} $GITEA_SUFFIX \ No newline at end of file