mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-25 08:38:43 +00:00
Add rootless (alpine) images (#4617)
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
This commit is contained in:
parent
d022bf229a
commit
20323a8302
11 changed files with 105 additions and 27 deletions
|
@ -10,6 +10,8 @@
|
||||||
],
|
],
|
||||||
"words": [
|
"words": [
|
||||||
"abool",
|
"abool",
|
||||||
|
"addgroup",
|
||||||
|
"adduser",
|
||||||
"anbraten",
|
"anbraten",
|
||||||
"antfu",
|
"antfu",
|
||||||
"apimachinery",
|
"apimachinery",
|
||||||
|
|
|
@ -125,7 +125,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: woodpeckerci/woodpecker-server
|
repo: woodpeckerci/woodpecker-server
|
||||||
dockerfile: docker/Dockerfile.server.alpine.multiarch
|
dockerfile: docker/Dockerfile.server.alpine.multiarch.rootless
|
||||||
platforms: *platforms_preview
|
platforms: *platforms_preview
|
||||||
tag: pull_${CI_COMMIT_PULL_REQUEST}-alpine
|
tag: pull_${CI_COMMIT_PULL_REQUEST}-alpine
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -142,7 +142,7 @@ steps:
|
||||||
settings:
|
settings:
|
||||||
dry_run: true
|
dry_run: true
|
||||||
repo: woodpeckerci/woodpecker-server
|
repo: woodpeckerci/woodpecker-server
|
||||||
dockerfile: docker/Dockerfile.server.multiarch
|
dockerfile: docker/Dockerfile.server.multiarch.rootless
|
||||||
platforms: *platforms_preview
|
platforms: *platforms_preview
|
||||||
tag: pull_${CI_COMMIT_PULL_REQUEST}
|
tag: pull_${CI_COMMIT_PULL_REQUEST}
|
||||||
when: &when-dryrun
|
when: &when-dryrun
|
||||||
|
@ -156,7 +156,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_server
|
repo: *publish_repos_server
|
||||||
dockerfile: docker/Dockerfile.server.multiarch
|
dockerfile: docker/Dockerfile.server.multiarch.rootless
|
||||||
platforms: *platforms_server
|
platforms: *platforms_server
|
||||||
tag: [next, 'next-${CI_COMMIT_SHA:0:10}']
|
tag: [next, 'next-${CI_COMMIT_SHA:0:10}']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -171,7 +171,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_server
|
repo: *publish_repos_server
|
||||||
dockerfile: docker/Dockerfile.server.alpine.multiarch
|
dockerfile: docker/Dockerfile.server.alpine.multiarch.rootless
|
||||||
platforms: *platforms_alpine
|
platforms: *platforms_alpine
|
||||||
tag: [next-alpine, 'next-${CI_COMMIT_SHA:0:10}-alpine']
|
tag: [next-alpine, 'next-${CI_COMMIT_SHA:0:10}-alpine']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -183,7 +183,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_server
|
repo: *publish_repos_server
|
||||||
dockerfile: docker/Dockerfile.server.multiarch
|
dockerfile: docker/Dockerfile.server.multiarch.rootless
|
||||||
platforms: *platforms_server
|
platforms: *platforms_server
|
||||||
tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}']
|
tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -196,7 +196,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_server
|
repo: *publish_repos_server
|
||||||
dockerfile: docker/Dockerfile.server.alpine.multiarch
|
dockerfile: docker/Dockerfile.server.alpine.multiarch.rootless
|
||||||
platforms: *platforms_alpine
|
platforms: *platforms_alpine
|
||||||
tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
|
tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -212,7 +212,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: woodpeckerci/woodpecker-agent
|
repo: woodpeckerci/woodpecker-agent
|
||||||
dockerfile: docker/Dockerfile.agent.alpine.multiarch
|
dockerfile: docker/Dockerfile.agent.alpine.multiarch.rootless
|
||||||
platforms: *platforms_preview
|
platforms: *platforms_preview
|
||||||
tag: pull_${CI_COMMIT_PULL_REQUEST}-alpine
|
tag: pull_${CI_COMMIT_PULL_REQUEST}-alpine
|
||||||
build_args: *build_args
|
build_args: *build_args
|
||||||
|
@ -226,7 +226,7 @@ steps:
|
||||||
settings:
|
settings:
|
||||||
dry_run: true
|
dry_run: true
|
||||||
repo: woodpeckerci/woodpecker-agent
|
repo: woodpeckerci/woodpecker-agent
|
||||||
dockerfile: docker/Dockerfile.agent.multiarch
|
dockerfile: docker/Dockerfile.agent.multiarch.rootless
|
||||||
platforms: *platforms_preview
|
platforms: *platforms_preview
|
||||||
tag: pull_${CI_COMMIT_PULL_REQUEST}
|
tag: pull_${CI_COMMIT_PULL_REQUEST}
|
||||||
build_args: *build_args
|
build_args: *build_args
|
||||||
|
@ -241,7 +241,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_agent
|
repo: *publish_repos_agent
|
||||||
dockerfile: docker/Dockerfile.agent.multiarch
|
dockerfile: docker/Dockerfile.agent.multiarch.rootless
|
||||||
platforms: *platforms_release
|
platforms: *platforms_release
|
||||||
tag: [next, 'next-${CI_COMMIT_SHA:0:10}']
|
tag: [next, 'next-${CI_COMMIT_SHA:0:10}']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -260,7 +260,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_agent
|
repo: *publish_repos_agent
|
||||||
dockerfile: docker/Dockerfile.agent.alpine.multiarch
|
dockerfile: docker/Dockerfile.agent.alpine.multiarch.rootless
|
||||||
platforms: *platforms_alpine
|
platforms: *platforms_alpine
|
||||||
tag: [next-alpine, 'next-${CI_COMMIT_SHA:0:10}-alpine']
|
tag: [next-alpine, 'next-${CI_COMMIT_SHA:0:10}-alpine']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -276,7 +276,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_agent
|
repo: *publish_repos_agent
|
||||||
dockerfile: docker/Dockerfile.agent.multiarch
|
dockerfile: docker/Dockerfile.agent.multiarch.rootless
|
||||||
platforms: *platforms_release
|
platforms: *platforms_release
|
||||||
tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}', '${CI_COMMIT_TAG}']
|
tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}', '${CI_COMMIT_TAG}']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -292,7 +292,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_agent
|
repo: *publish_repos_agent
|
||||||
dockerfile: docker/Dockerfile.agent.alpine.multiarch
|
dockerfile: docker/Dockerfile.agent.alpine.multiarch.rootless
|
||||||
platforms: *platforms_alpine
|
platforms: *platforms_alpine
|
||||||
tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
|
tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -310,7 +310,7 @@ steps:
|
||||||
settings:
|
settings:
|
||||||
dry_run: true
|
dry_run: true
|
||||||
repo: woodpeckerci/woodpecker-cli
|
repo: woodpeckerci/woodpecker-cli
|
||||||
dockerfile: docker/Dockerfile.cli.multiarch
|
dockerfile: docker/Dockerfile.cli.multiarch.rootless
|
||||||
platforms: *platforms_preview
|
platforms: *platforms_preview
|
||||||
tag: pull_${CI_COMMIT_PULL_REQUEST}
|
tag: pull_${CI_COMMIT_PULL_REQUEST}
|
||||||
build_args: *build_args
|
build_args: *build_args
|
||||||
|
@ -325,7 +325,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_cli
|
repo: *publish_repos_cli
|
||||||
dockerfile: docker/Dockerfile.cli.multiarch
|
dockerfile: docker/Dockerfile.cli.multiarch.rootless
|
||||||
platforms: *platforms_release
|
platforms: *platforms_release
|
||||||
tag: [next, 'next-${CI_COMMIT_SHA:0:10}']
|
tag: [next, 'next-${CI_COMMIT_SHA:0:10}']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -341,7 +341,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_cli
|
repo: *publish_repos_cli
|
||||||
dockerfile: docker/Dockerfile.cli.alpine.multiarch
|
dockerfile: docker/Dockerfile.cli.alpine.multiarch.rootless
|
||||||
platforms: *platforms_alpine
|
platforms: *platforms_alpine
|
||||||
tag: [next-alpine, 'next-${CI_COMMIT_SHA:0:10}-alpine']
|
tag: [next-alpine, 'next-${CI_COMMIT_SHA:0:10}-alpine']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -357,7 +357,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_cli
|
repo: *publish_repos_cli
|
||||||
dockerfile: docker/Dockerfile.cli.multiarch
|
dockerfile: docker/Dockerfile.cli.multiarch.rootless
|
||||||
platforms: *platforms_release
|
platforms: *platforms_release
|
||||||
tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}', '${CI_COMMIT_TAG}']
|
tag: ['${CI_COMMIT_TAG%%.*}', '${CI_COMMIT_TAG%.*}', '${CI_COMMIT_TAG}']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
@ -373,7 +373,7 @@ steps:
|
||||||
image: *buildx_plugin
|
image: *buildx_plugin
|
||||||
settings:
|
settings:
|
||||||
repo: *publish_repos_cli
|
repo: *publish_repos_cli
|
||||||
dockerfile: docker/Dockerfile.cli.alpine.multiarch
|
dockerfile: docker/Dockerfile.cli.alpine.multiarch.rootless
|
||||||
platforms: *platforms_alpine
|
platforms: *platforms_alpine
|
||||||
tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
|
tag: ['${CI_COMMIT_TAG%%.*}-alpine', '${CI_COMMIT_TAG%.*}-alpine', '${CI_COMMIT_TAG}-alpine']
|
||||||
logins: *publish_logins
|
logins: *publish_logins
|
||||||
|
|
|
@ -8,14 +8,20 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||||
make build-agent
|
make build-agent
|
||||||
|
|
||||||
FROM docker.io/alpine:3.21
|
FROM docker.io/alpine:3.21
|
||||||
RUN apk add -U --no-cache ca-certificates
|
|
||||||
|
RUN apk add -U --no-cache ca-certificates && \
|
||||||
|
adduser -u 1000 -g 1000 woodpecker && \
|
||||||
|
mkdir -p /etc/woodpecker && \
|
||||||
|
chown -R woodpecker:woodpecker /etc/woodpecker
|
||||||
|
|
||||||
ENV GODEBUG=netdns=go
|
ENV GODEBUG=netdns=go
|
||||||
# Internal setting do NOT change! Signals that woodpecker is running inside a container
|
# Internal setting do NOT change! Signals that woodpecker is running inside a container
|
||||||
ENV WOODPECKER_IN_CONTAINER=true
|
ENV WOODPECKER_IN_CONTAINER=true
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|
||||||
COPY --from=build /src/dist/woodpecker-agent /bin/
|
COPY --from=build /src/dist/woodpecker-agent /bin/
|
||||||
RUN mkdir -p /etc/woodpecker
|
|
||||||
|
USER woodpecker
|
||||||
|
|
||||||
HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
|
HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
|
||||||
ENTRYPOINT ["/bin/woodpecker-agent"]
|
ENTRYPOINT ["/bin/woodpecker-agent"]
|
|
@ -1,12 +1,16 @@
|
||||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
||||||
|
|
||||||
|
RUN groupadd -g 1000 woodpecker && \
|
||||||
|
useradd -u 1000 -g 1000 woodpecker && \
|
||||||
|
mkdir -p /etc/woodpecker && \
|
||||||
|
chown -R woodpecker:woodpecker /etc/woodpecker
|
||||||
|
|
||||||
WORKDIR /src
|
WORKDIR /src
|
||||||
COPY . .
|
COPY . .
|
||||||
ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
|
ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
|
||||||
RUN --mount=type=cache,target=/root/.cache/go-build \
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||||
--mount=type=cache,target=/go/pkg \
|
--mount=type=cache,target=/go/pkg \
|
||||||
make build-agent
|
make build-agent
|
||||||
RUN mkdir -p /etc/woodpecker
|
|
||||||
|
|
||||||
FROM scratch
|
FROM scratch
|
||||||
ENV GODEBUG=netdns=go
|
ENV GODEBUG=netdns=go
|
||||||
|
@ -19,6 +23,10 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certifica
|
||||||
# copy agent binary
|
# copy agent binary
|
||||||
COPY --from=build /src/dist/woodpecker-agent /bin/
|
COPY --from=build /src/dist/woodpecker-agent /bin/
|
||||||
COPY --from=build /etc/woodpecker /etc
|
COPY --from=build /etc/woodpecker /etc
|
||||||
|
COPY --from=build /etc/passwd /etc/passwd
|
||||||
|
COPY --from=build /etc/group /etc/group
|
||||||
|
|
||||||
|
USER woodpecker
|
||||||
|
|
||||||
HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
|
HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
|
||||||
ENTRYPOINT ["/bin/woodpecker-agent"]
|
ENTRYPOINT ["/bin/woodpecker-agent"]
|
|
@ -8,14 +8,18 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||||
make build-cli
|
make build-cli
|
||||||
|
|
||||||
FROM docker.io/alpine:3.21
|
FROM docker.io/alpine:3.21
|
||||||
|
|
||||||
WORKDIR /woodpecker
|
WORKDIR /woodpecker
|
||||||
|
|
||||||
RUN apk add -U --no-cache ca-certificates
|
RUN apk add -U --no-cache ca-certificates && \
|
||||||
|
adduser -u 1000 -g 1000 woodpecker
|
||||||
|
|
||||||
ENV GODEBUG=netdns=go
|
ENV GODEBUG=netdns=go
|
||||||
ENV WOODPECKER_DISABLE_UPDATE_CHECK=true
|
ENV WOODPECKER_DISABLE_UPDATE_CHECK=true
|
||||||
|
|
||||||
COPY --from=build /src/dist/woodpecker-cli /bin/
|
COPY --from=build /src/dist/woodpecker-cli /bin/
|
||||||
|
|
||||||
|
USER woodpecker
|
||||||
|
|
||||||
HEALTHCHECK CMD ["/bin/woodpecker-cli", "ping"]
|
HEALTHCHECK CMD ["/bin/woodpecker-cli", "ping"]
|
||||||
ENTRYPOINT ["/bin/woodpecker-cli"]
|
ENTRYPOINT ["/bin/woodpecker-cli"]
|
|
@ -1,5 +1,8 @@
|
||||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
||||||
|
|
||||||
|
RUN groupadd -g 1000 woodpecker && \
|
||||||
|
useradd -u 1000 -g 1000 woodpecker
|
||||||
|
|
||||||
WORKDIR /src
|
WORKDIR /src
|
||||||
COPY . .
|
COPY . .
|
||||||
ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
|
ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
|
||||||
|
@ -17,6 +20,10 @@ ENV WOODPECKER_DISABLE_UPDATE_CHECK=true
|
||||||
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
# copy cli binary
|
# copy cli binary
|
||||||
COPY --from=build /src/dist/woodpecker-cli /bin/
|
COPY --from=build /src/dist/woodpecker-cli /bin/
|
||||||
|
COPY --from=build /etc/passwd /etc/passwd
|
||||||
|
COPY --from=build /etc/group /etc/group
|
||||||
|
|
||||||
|
USER woodpecker
|
||||||
|
|
||||||
HEALTHCHECK CMD ["/bin/woodpecker-cli", "ping"]
|
HEALTHCHECK CMD ["/bin/woodpecker-cli", "ping"]
|
||||||
ENTRYPOINT ["/bin/woodpecker-cli"]
|
ENTRYPOINT ["/bin/woodpecker-cli"]
|
|
@ -1,7 +1,11 @@
|
||||||
FROM docker.io/alpine:3.21
|
FROM docker.io/alpine:3.21
|
||||||
|
|
||||||
ARG TARGETOS TARGETARCH
|
ARG TARGETOS TARGETARCH
|
||||||
RUN apk add -U --no-cache ca-certificates
|
RUN apk add -U --no-cache ca-certificates && \
|
||||||
|
adduser -u 1000 -g 1000 woodpecker && \
|
||||||
|
mkdir -p /var/lib/woodpecker && \
|
||||||
|
chown -R woodpecker:woodpecker /var/lib/woodpecker
|
||||||
|
|
||||||
ENV GODEBUG=netdns=go
|
ENV GODEBUG=netdns=go
|
||||||
# Internal setting do NOT change! Signals that woodpecker is running inside a container
|
# Internal setting do NOT change! Signals that woodpecker is running inside a container
|
||||||
ENV WOODPECKER_IN_CONTAINER=true
|
ENV WOODPECKER_IN_CONTAINER=true
|
||||||
|
@ -11,5 +15,7 @@ EXPOSE 8000 9000 80 443
|
||||||
|
|
||||||
COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
|
COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
|
||||||
|
|
||||||
|
USER woodpecker
|
||||||
|
|
||||||
HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
|
HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
|
||||||
ENTRYPOINT ["/bin/woodpecker-server"]
|
ENTRYPOINT ["/bin/woodpecker-server"]
|
|
@ -1,4 +1,9 @@
|
||||||
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS certs
|
FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
|
||||||
|
|
||||||
|
RUN groupadd -g 1000 woodpecker && \
|
||||||
|
useradd -u 1000 -g 1000 woodpecker && \
|
||||||
|
mkdir -p /var/lib/woodpecker && \
|
||||||
|
chown -R woodpecker:woodpecker /var/lib/woodpecker
|
||||||
|
|
||||||
FROM scratch
|
FROM scratch
|
||||||
ARG TARGETOS TARGETARCH
|
ARG TARGETOS TARGETARCH
|
||||||
|
@ -10,9 +15,14 @@ ENV XDG_DATA_HOME=/var/lib/woodpecker
|
||||||
EXPOSE 8000 9000 80 443
|
EXPOSE 8000 9000 80 443
|
||||||
|
|
||||||
# copy certs from certs image
|
# copy certs from certs image
|
||||||
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
# copy server binary
|
# copy server binary
|
||||||
COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
|
COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
|
||||||
|
COPY --from=build /etc/passwd /etc/passwd
|
||||||
|
COPY --from=build /etc/group /etc/group
|
||||||
|
COPY --from=build /var/lib/woodpecker /var/lib/woodpecker
|
||||||
|
|
||||||
|
USER woodpecker
|
||||||
|
|
||||||
HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
|
HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
|
||||||
ENTRYPOINT ["/bin/woodpecker-server"]
|
ENTRYPOINT ["/bin/woodpecker-server"]
|
30
docs/docs/30-administration/04-image-variants.md
Normal file
30
docs/docs/30-administration/04-image-variants.md
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Image variants
|
||||||
|
|
||||||
|
:::info
|
||||||
|
The `latest` tag has been deprecated as of v3.0 and will be completely removed in the future.
|
||||||
|
This was done to prevent accidental major version upgrades.
|
||||||
|
:::
|
||||||
|
|
||||||
|
- `vX.Y.Z`: SemVer tags for specific releases, no entrypoint shell (scratch image)
|
||||||
|
- `vX.Y`
|
||||||
|
- `vX`
|
||||||
|
- `vX.Y.Z-alpine`: SemVer tags for specific releases, based on Alpine, rootless (as of v3.0).
|
||||||
|
- `vX.Y-alpine`
|
||||||
|
- `vX-alpine`
|
||||||
|
- `next`: Built from the `main` branch
|
||||||
|
- `pull_<PR_ID>`: Images built from Pull Request branches.
|
||||||
|
|
||||||
|
## Image registries
|
||||||
|
|
||||||
|
Images are pushed to DockerHub and Quay.
|
||||||
|
|
||||||
|
[woodpecker-server (DockerHub)](https://hub.docker.com/repository/docker/woodpeckerci/woodpecker-server)
|
||||||
|
[woodpecker-server (Quay)](https://quay.io/repository/woodpeckerci/woodpecker-server)
|
||||||
|
|
||||||
|
[woodpecker-agent (DockerHub)](https://hub.docker.com/repository/docker/woodpeckerci/woodpecker-agent)
|
||||||
|
[woodpecker-agent (Quay)](https://quay.io/repository/woodpeckerci/woodpecker-agent)
|
||||||
|
|
||||||
|
[woodpecker-cli (DockerHub)](https://hub.docker.com/repository/docker/woodpeckerci/woodpecker-cli)
|
||||||
|
[woodpecker-cli (Quay)](https://quay.io/repository/woodpeckerci/woodpecker-cli)
|
||||||
|
|
||||||
|
[woodpecker-autoscaler (DockerHub)](https://hub.docker.com/repository/docker/woodpeckerci/autoscaler)
|
|
@ -40,7 +40,7 @@ export PLATFORMS='linux|amd64'
|
||||||
make cross-compile-server
|
make cross-compile-server
|
||||||
|
|
||||||
### build the image
|
### build the image
|
||||||
docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.server.multiarch --push .
|
docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.server.multiarch.rootless --push .
|
||||||
```
|
```
|
||||||
|
|
||||||
:::info
|
:::info
|
||||||
|
@ -55,7 +55,7 @@ You can try to use the `build-server` rule instead, however this one fails for s
|
||||||
make build-agent
|
make build-agent
|
||||||
|
|
||||||
### build the image
|
### build the image
|
||||||
docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.agent.multiarch --push .
|
docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.agent.multiarch.rootless --push .
|
||||||
```
|
```
|
||||||
|
|
||||||
### CLI
|
### CLI
|
||||||
|
@ -65,5 +65,5 @@ docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Docker
|
||||||
make build-cli
|
make build-cli
|
||||||
|
|
||||||
### build the image
|
### build the image
|
||||||
docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.cli.multiarch --push .
|
docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.cli.multiarch.rootless --push .
|
||||||
```
|
```
|
||||||
|
|
|
@ -174,6 +174,11 @@ The following restructuring was done to achieve a more consistent grouping:
|
||||||
|
|
||||||
- Webhook signatures now use the `rfc9421` protocol
|
- Webhook signatures now use the `rfc9421` protocol
|
||||||
|
|
||||||
|
#### Rootless images
|
||||||
|
|
||||||
|
All Woodpecker images now use a non-privileged user (`woodpecker`) by default.
|
||||||
|
If you have volume mounts attached to containers, you might need to update the ownership of these directories from `root` to `woodpecker`.
|
||||||
|
|
||||||
## User migrations
|
## User migrations
|
||||||
|
|
||||||
- `gated` has been replaced by `require-approval`
|
- `gated` has been replaced by `require-approval`
|
||||||
|
|
Loading…
Reference in a new issue