blob: 3f2f33a7dcc26476e797e0215cd0c46591e04142 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
FROM debian:stable-slim AS build_stage
ARG CGIT_VERSION="master"
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
git \
liblua5.1-dev \
zlib1g-dev \
libssl-dev \
gettext \
python3 \
python3-docutils \
python3-markdown \
python3-pygments \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt
RUN git clone https://git.zx2c4.com/cgit
WORKDIR /opt/cgit
RUN git checkout ${CGIT_VERSION} \
&& git submodule init \
&& git submodule update
COPY cgit.conf .
RUN make -j7 && make install
FROM debian:stable-slim AS wwwgit
RUN apt-get update && apt-get install -y --no-install-recommends \
nginx-light \
fcgiwrap \
git \
gettext-base \
python3 \
python3-docutils \
python3-markdown \
python3-pygments \
tini \
curl \
openssh-server \
locales \
highlight \
&& rm -rf /var/lib/apt/lists/*
# Generate locale to fix git locale warnings
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
COPY --from=build_stage /var/www/html/cgit /var/www/html/cgit
# Ensure filters are executable and use correct interpreters
RUN chmod +x /var/www/html/cgit/filters/* 2>/dev/null || true && \
sed -i 's|#!/usr/bin/env python$|#!/usr/bin/env python3|g' /var/www/html/cgit/filters/*.py 2>/dev/null || true && \
sed -i 's|#!/usr/bin/python$|#!/usr/bin/python3|g' /var/www/html/cgit/filters/*.py 2>/dev/null || true
RUN mkdir -p /var/lib/git/repositories
RUN useradd -m -d /var/lib/git/repositories -s /usr/bin/git-shell code
# Set default branch to main for the code user
RUN git config --system init.defaultBranch main
# Store git-shell-commands in a persistent location (will be copied to home on startup)
RUN mkdir -p /usr/local/share/git-shell-commands
COPY init-repo /usr/local/share/git-shell-commands/init-repo
COPY delete-repo /usr/local/share/git-shell-commands/delete-repo
COPY help /usr/local/share/git-shell-commands/help
COPY list /usr/local/share/git-shell-commands/list
COPY no-interactive-login /usr/local/share/git-shell-commands/no-interactive-login
RUN chmod +x /usr/local/share/git-shell-commands/*
RUN mkdir -p /run/sshd \
&& mkdir -p /etc/ssh/sshd_config.d
COPY sshd_code_user.conf /etc/ssh/sshd_config.d/code_user.conf
RUN chown -R www-data:www-data /var/www/html/cgit \
&& chown -R code:code /var/lib/git/repositories \
&& chmod 755 /var/lib/git \
&& chmod 755 /var/lib/git/repositories
RUN rm /etc/nginx/sites-enabled/default
COPY cgit.nginx.conf /etc/nginx/sites-available/cgit.conf
RUN ln -s /etc/nginx/sites-available/cgit.conf /etc/nginx/sites-enabled/cgit.conf
COPY cgitrc /var/www/html/cgit/cgitrc
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
RUN mkdir /run/sock
RUN chown -R www-data:www-data /run/sock
COPY static /var/www/html/cgit/static
EXPOSE 80 22
HEALTHCHECK CMD ["curl", "http://localhost:80"]
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]
|
