forge/Vervis
1
0
Fork 0
Code Pull requests Activity
Vervis/Dockerfile
Pere Lev 66edf7fa29
Docker: Tweak UID/GID, from 991 to 981 
Former on my system happens to be used by guixbuilder, and 981 happens
to be available... :p
2024-10-20 17:10:58 +03:00

141 lines
3.8 KiB
Docker
Raw Permalink Blame History

#############################################################################
## build
#############################################################################
FROM debian:bookworm AS builder
RUN apt-get -yq update && apt-get -yq install \
libpq-dev zlib1g-dev libssl-dev libpcre3-dev libgmp-dev \
darcs git \
postgresql libpq-dev \
locales locales-all \
build-essential \
ca-certificates \
curl \
liblapack-dev \
liblzma-dev \
libyaml-dev \
netbase \
openssh-client \
pkg-config
RUN curl --proto '=https' --tlsv1.2 -sSf https://get-ghcup.haskell.org -o /install-ghcup.sh && \
BOOTSTRAP_HASKELL_MINIMAL=1 sh /install-ghcup.sh && \
rm /install-ghcup.sh
RUN locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.ghcup/bin
RUN ghcup install ghc 9.6.6
RUN ghcup install stack
RUN mkdir /build \
/build/.git \
/build/app \
/build/embed \
/build/hook-darcs \
/build/hook-git \
/build/migrations \
/build/src \
/build/static \
/build/templates \
/build/th
COPY stack.yaml vervis.cabal COPYING.AGPL3 /build/
COPY .git /build/.git
COPY app /build/app
COPY embed /build/embed
COPY hook-darcs /build/hook-darcs
COPY hook-git /build/hook-git
COPY migrations /build/migrations
COPY src /build/src
COPY static /build/static
COPY templates /build/templates
COPY th /build/th
WORKDIR /build
RUN mkdir /build/lib && \
darcs clone https://vervis.peers.community/repos/6r4Ao /build/lib/ssh
RUN stack build --flag vervis:-dev --only-dependencies
RUN ls -lh /build
RUN stack build --flag vervis:-dev
RUN mkdir -p /build/artifacts && \
cp `stack exec which vervis` /build/artifacts/ && \
cp `stack exec which vervis-post-receive` /build/artifacts/ && \
cp `stack exec which vervis-post-apply` /build/artifacts/
RUN ls -lh /build/artifacts
#############################################################################
## deployment
#############################################################################
FROM debian:bookworm
# Linux UID (user id) for the vervis user, change with [--build-arg UID=1234]
ARG UID="981"
# Linux GID (group id) for the vervis user, change with [--build-arg GID=1234]
ARG GID="981"
RUN apt-get -yq update && apt-get -yq install \
ca-certificates \
curl \
libgmp10 \
liblapack3 \
liblzma5 \
libpq5 \
libssl3 \
libyaml-0-2 \
netbase \
openssh-client \
zlib1g \
libpcre3 darcs git \
locales locales-all \
&& rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US.UTF-8
ENV \
LANG=en_US.UTF-8 \
LANGUAGE=en_US:en \
LC_ALL=en_US.UTF-8 \
TZ=Etc/UTC
RUN groupadd -g "${GID}" vervis && \
useradd -l -u "${UID}" -g vervis -m -d /app vervis
WORKDIR /app
EXPOSE 3000
EXPOSE 5022
RUN mkdir /app/static /app/log /app/config
COPY --from=builder /build/artifacts/* /app/
## The next 3 lines, which prepare the state dir and SSH key, aren't needed
## when using docker-compose, because it prepares and sets its own ./state
## volume.
##
## Probably this applies to COPYing config as well, and the VOLUME lines.
##
## But we keep these lines in case someone uses this Dockerfile without
## docker-compose.
RUN mkdir /app/state /app/state/repos /app/state/deliveries && \
ssh-keygen -t rsa -m PEM -f /app/state/ssh-host-key && \
chown vervis:vervis /app/state && \
chown vervis:vervis /app/static /app/log
COPY config /app/config
VOLUME /app/config
VOLUME /app/state
RUN ls /app
USER vervis
ENTRYPOINT /app/vervis
View git blame Copy permalink