Skip to content

Commit

Permalink
dockerfile: bring up to Beeper standards
Browse files Browse the repository at this point in the history 
Signed-off-by: Sumner Evans <[email protected]>
  • Loading branch information
@sumnerevans
sumnerevans committed Feb 8, 2023
1 parent 30fda1d commit aabd195
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 8 deletions.
23 changes: 15 additions & 8 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,21 @@
FROM docker.io/golang:alpine as builder
FROM golang:1-alpine3.16 AS builder

This comment has been minimized.

Sign in to view

Copy link
@jcgruenhage

jcgruenhage Feb 20, 2023

Contributor

Removing the docker.io/ prefix means this is less portable than before. If you're on podman for example and don't have docker.io configured as the default registry, then this doesn't build anymore

RUN apk add --no-cache olm-dev gcc musl-dev libstdc++-dev
RUN apk add --no-cache git ca-certificates build-base su-exec olm-dev

COPY . /app
WORKDIR /app
COPY . /build
WORKDIR /build
RUN go build -o /usr/bin/standupbot

RUN go build
FROM alpine:3.16

FROM docker.io/alpine
ENV UID=1337 \
GID=1337

This comment has been minimized.

Sign in to view

Copy link
@jcgruenhage

jcgruenhage Feb 20, 2023

Contributor

I think I recognize a lot of this: https://github.com/mautrix/telegram/pull/136/files#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557R3-R4

I wouldn't do it like this anymore. Whatever people use to run a container probably has an option to pass something to docker run, meaning that using the --user parameter of docker run allows to avoid running as root without any of these env vars, su-exec or the docker script.

RUN apk add --no-cache olm libstdc++ tzdata
RUN apk add --no-cache su-exec ca-certificates olm bash

This comment has been minimized.

Sign in to view

Copy link
@jcgruenhage

jcgruenhage Feb 20, 2023

Contributor

You've dropped tzdata here, and you're not installing anything else that would pull it in, reintroducing the problem I ran in to at https://matrix.to/#/!YXGZcYnjSZHPYsPJZP:sumnerevans.com/$oPcq3i2cZUMErgLSYF5vyLbIIV8DOYM-areuHzW6TLQ?via=nevarro.space&via=beeper.com&via=matrix.org.

Aside of that, you're also installing bash, but it's not used in the container as it is right now. Is that just installed for when you want to exec into the container for debugging?

COPY --from=builder /app/standupbot /usr/local/bin/standupbot
COPY --from=builder /usr/bin/standupbot /usr/bin/standupbot
COPY --from=builder /build/config.sample.json /opt/standupbot/config.sample.json
COPY --from=builder /build/docker-run.sh /docker-run.sh
VOLUME /data

CMD ["/docker-run.sh"]
22 changes: 22 additions & 0 deletions docker-run.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/sh

if [[ -z "$GID" ]]; then
GID="$UID"
fi

# Define functions.
function fixperms {
chown -R $UID:$GID /data /opt/standupbot
}

if [[ ! -f /data/config.json ]]; then
cp /opt/standupbot/config.sample.json /data/config.json
echo "Didn't find a config file."
echo "Copied default config file to /data/config.json"
echo "Modify that config file to your liking."
exit
fi

cd /data
fixperms
exec su-exec $UID:$GID /usr/bin/standupbot

0 comments on commit aabd195

Please sign in to comment.