-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
113 lines (78 loc) · 2.97 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
ARG alpine_version=3.20.3
FROM alpine:${alpine_version} as base
RUN apk update && apk upgrade
#
# git-gau build stage
#
FROM base as gitgau-build
RUN apk add --no-cache make
RUN mkdir /src /dist
ARG gitgau_ref=v1.4.0
ENV gitgau_ref ${gitgau_ref}
ADD "https://codeload.github.com/znerol/git-gau/tar.gz/${gitgau_ref}" /src/git-gau-src.tar.gz
RUN tar -o -C /src -xf /src/git-gau-src.tar.gz
RUN make -C /src/git-gau-* prefix=/dist install-bin
#
# certhub build stage
#
FROM base as certhub-build
RUN apk add --no-cache make
RUN mkdir /src /dist
ARG certhub_ref=v1.3.0
ENV certhub_ref ${certhub_ref}
ADD "https://codeload.github.com/certhub/certhub/tar.gz/${certhub_ref}" /src/certhub-src.tar.gz
RUN tar -o -C /src -xf /src/certhub-src.tar.gz
RUN make -C /src/certhub-* prefix=/dist install-bin
#
# certbot build stage
#
FROM base as certbot-build
RUN apk add --no-cache ca-certificates poetry python3 py3-cffi py3-cryptography py3-filelock py3-openssl py3-pip py3-requests py3-requests-file py3-requests-toolbelt py3-yaml py3-lxml
RUN mkdir /src /dist
ARG certbot_ref=v2.11.0
ENV certbot_ref ${certbot_ref}
ADD "https://codeload.github.com/certbot/certbot/tar.gz/${certbot_ref}" /src/certbot-src.tar.gz
RUN tar -o -C /src -xf /src/certbot-src.tar.gz
ARG lexicon_ref=v3.18.0
ENV lexicon_ref ${lexicon_ref}
ADD "https://codeload.github.com/AnalogJ/lexicon/tar.gz/${lexicon_ref}" /src/lexicon-src.tar.gz
RUN tar -o -C /src -xf /src/lexicon-src.tar.gz
RUN (cd /src/lexicon-* && poetry build)
ENV PIP_DISABLE_PIP_VERSION_CHECK 1
RUN pip3 install --prefix=/dist /src/certbot-*/acme/ /src/certbot-*/certbot/ /src/lexicon-*/dist/dns_lexicon-*-py3-none-any.whl
#
# docs stage
#
FROM base as docs-build
RUN mkdir /dist /dist-etc
ARG build_log_url
ENV build_log_url ${build_log_url}
ARG build_log_label
ENV build_log_label ${build_log_label}
COPY . /src
RUN if [ -n "${build_log_url}" ] && [ -n "${build_log_label}" ]; then \
sed -i "s|.*Build Status.*$|Build Log: [${build_log_label}](${build_log_url})|g" /src/README.md; \
fi
RUN install -m 0644 -D /src/README.md /dist-etc/motd && \
install -m 0755 -D /src/docker-entry.d/00-motd /dist/lib/git-gau/docker-entry.d/00-motd
#
# runtime image stage
#
FROM base
RUN apk add --no-cache ca-certificates curl git openssh-client openssl python3 py3-cffi py3-cryptography py3-filelock py3-openssl py3-pip py3-requests py3-requests-file py3-requests-toolbelt py3-yaml py3-lxml tini tzdata
COPY --from=gitgau-build /dist /usr
COPY --from=certhub-build /dist /usr
COPY --from=certbot-build /dist /usr
COPY --from=docs-build /dist /usr
COPY --from=docs-build /dist-etc /etc
RUN addgroup -S certhub && adduser -S certhub -G certhub && \
mkdir -p /etc/letsencrypt /var/log/letsencrypt /var/lib/letsencrypt && \
chown certhub.certhub /etc/letsencrypt /var/log/letsencrypt /var/lib/letsencrypt
USER certhub
ENTRYPOINT [ \
"/sbin/tini", \
"--", \
"/usr/bin/ssh-agent", \
"/usr/lib/git-gau/docker-entry", \
"/usr/lib/git-gau/docker-entry.d" \
]