From a5a3936d050e93e13652473d1225c485197ac855 Mon Sep 17 00:00:00 2001
From: pat-s <patrick.schratz@gmail.com>
Date: Tue, 24 Dec 2024 17:10:23 +0100
Subject: [PATCH] add rootless alpine images

---
 ...Dockerfile.agent.alpine.multiarch.rootless | 26 +++++++++++++++++++
 ...ockerfile.server.alpine.multiarch.rootless | 18 +++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 docker/Dockerfile.agent.alpine.multiarch.rootless
 create mode 100644 docker/Dockerfile.server.alpine.multiarch.rootless

diff --git a/docker/Dockerfile.agent.alpine.multiarch.rootless b/docker/Dockerfile.agent.alpine.multiarch.rootless
new file mode 100644
index 000000000..5cfeef073
--- /dev/null
+++ b/docker/Dockerfile.agent.alpine.multiarch.rootless
@@ -0,0 +1,26 @@
+FROM --platform=$BUILDPLATFORM docker.io/golang:1.23 AS build
+
+WORKDIR /src
+COPY . .
+ARG TARGETOS TARGETARCH CI_COMMIT_SHA CI_COMMIT_TAG CI_COMMIT_BRANCH
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    make build-agent
+
+FROM docker.io/alpine:3.21
+RUN apk add -U --no-cache ca-certificates
+ENV GODEBUG=netdns=go
+# Internal setting do NOT change! Signals that woodpecker is running inside a container
+ENV WOODPECKER_IN_CONTAINER=true
+EXPOSE 3000
+
+COPY --from=build /src/dist/woodpecker-agent /bin/
+RUN mkdir -p /etc/woodpecker
+
+RUN addgroup -S woodpecker && adduser -S woodpecker -G woodpecker
+RUN mkdir -p /var/lib/woodpecker && chown -R woodpecker:woodpecker /etc/woodpecker
+
+USER woodpecker
+
+HEALTHCHECK CMD ["/bin/woodpecker-agent", "ping"]
+ENTRYPOINT ["/bin/woodpecker-agent"]
diff --git a/docker/Dockerfile.server.alpine.multiarch.rootless b/docker/Dockerfile.server.alpine.multiarch.rootless
new file mode 100644
index 000000000..3f1a3c662
--- /dev/null
+++ b/docker/Dockerfile.server.alpine.multiarch.rootless
@@ -0,0 +1,18 @@
+FROM docker.io/alpine:3.21
+
+ARG TARGETOS TARGETARCH
+RUN apk add -U --no-cache ca-certificates
+ENV GODEBUG=netdns=go
+# Internal setting do NOT change! Signals that woodpecker is running inside a container
+ENV WOODPECKER_IN_CONTAINER=true
+ENV XDG_CACHE_HOME=/var/lib/woodpecker
+ENV XDG_DATA_HOME=/var/lib/woodpecker
+EXPOSE 8000 9000 80 443
+
+COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
+
+RUN addgroup -S woodpecker && adduser -S woodpecker -G woodpecker
+RUN mkdir -p /var/lib/woodpecker && chown -R woodpecker:woodpecker /var/lib/woodpecker
+
+HEALTHCHECK CMD ["/bin/woodpecker-server", "ping"]
+ENTRYPOINT ["/bin/woodpecker-server"]