-
Notifications
You must be signed in to change notification settings - Fork 0
/
Containerfile
96 lines (73 loc) · 3.58 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
FROM docker.io/debian:stable-slim as build
ARG WOODPECKER_AGENT_VERSION="${WOODPECKER_AGENT_VERSION:-2.7.1}"
ARG WOODPECKER_PLUGIN_GIT="${WOODPECKER_PLUGIN_GIT:-2.5.2}"
# Set time zone
ENV TZ="UTC"
RUN ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime && \
echo ${TZ} > /etc/timezone
# Install packages required in build stage
RUN apt update && \
apt install -y --no-install-recommends \
ca-certificates \
curl \
tar
# Create directories for upstream source files
RUN install --directory --owner=root --group=root --mode=0755 /usr/local/src/woodpecker-agent && \
install --directory --owner=root --group=root --mode=0755 /usr/local/src/plugin-git
# Download woodpecker-agent archive
RUN curl --proto '=https' --tlsv1.2 \
--location https://github.com/woodpecker-ci/woodpecker/releases/download/v${WOODPECKER_AGENT_VERSION}/woodpecker-agent_linux_amd64.tar.gz \
--output /usr/local/src/woodpecker-agent/woodpecker-agent_linux_amd64.tar.gz
# Download woodpecker-agent checksum
RUN curl --proto '=https' --tlsv1.2 \
--location https://github.com/woodpecker-ci/woodpecker/releases/download/v${WOODPECKER_AGENT_VERSION}/checksums.txt \
--output /usr/local/src/woodpecker-agent/checksums.txt
# Verify woodpecker-agent checksum
WORKDIR /usr/local/src/woodpecker-agent
RUN sha256sum --ignore-missing --check checksums.txt
# Unarchive woodpecker-agent tarball
RUN tar --extract --gzip --file=/usr/local/src/woodpecker-agent/woodpecker-agent_linux_amd64.tar.gz --directory=/usr/local/src/woodpecker-agent
# Ensure woodpecker-agent is executable
RUN chmod 0755 /usr/local/src/woodpecker-agent/woodpecker-agent
# Download plugin-git archive
RUN curl --proto '=https' --tlsv1.2 \
--location https://github.com/woodpecker-ci/plugin-git/releases/download/${WOODPECKER_PLUGIN_GIT}/linux-amd64_plugin-git \
--output /usr/local/src/plugin-git/linux-amd64_plugin-git
# Download plugin-git checksum
RUN curl --proto '=https' --tlsv1.2 \
--location https://github.com/woodpecker-ci/plugin-git/releases/download/${WOODPECKER_PLUGIN_GIT}/checksums.txt \
--output /usr/local/src/plugin-git/checksums.txt
# Verify plugin-git checksum
WORKDIR /usr/local/src/plugin-git
RUN sha256sum --ignore-missing --check checksums.txt
# Ensure plugin-git is executable
RUN chmod 0755 /usr/local/src/plugin-git/linux-amd64_plugin-git
#---------------------------------------------------------------------
FROM docker.io/debian:stable-slim as main
# Set time zone
ENV TZ="UTC"
RUN ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime && \
echo ${TZ} > /etc/timezone
# Install packages required in main stage
RUN apt update && \
apt install -y --no-install-recommends \
ca-certificates \
curl \
git \
git-lfs \
procps
# Copy binary from build stage
COPY --from=build --chown=root:root /usr/local/src/woodpecker-agent/woodpecker-agent /usr/local/bin/woodpecker-agent
COPY --from=build --chown=root:root /usr/local/src/plugin-git/linux-amd64_plugin-git /usr/local/bin/plugin-git
# Create woodpecker group and user
RUN groupadd --gid 10000 woodpecker && \
useradd --comment 'woodpecker' --create-home --gid 10000 --password '!' --shell '/bin/bash' --uid 10000 woodpecker
# Create directories for variable data
RUN install --directory --owner=root --group=root --mode=0755 /var/local/woodpecker-agent && \
install --directory --owner=woodpecker --group=woodpecker --mode=0750 /var/local/woodpecker-agent/tmp
# Copy cmd.sh
COPY --chown=root:root cmd.sh /
RUN chmod 0755 /cmd.sh
USER woodpecker
STOPSIGNAL SIGINT
CMD ["/bin/bash", "/cmd.sh"]