From 062c5f45d00eab5ec45123201f9b61a9ff074b42 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 26 Jun 2025 17:30:34 -0700 Subject: [PATCH 01/21] Add mount cache for docker building --- Dockerfile | 17 +++++++++++++++-- Dockerfile.rootless | 17 +++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 78a556497a6c0..5837ccbd6e7b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,12 @@ ARG TAGS="sqlite sqlite_unlock_notify" ENV TAGS="bindata timetzdata $TAGS" ARG CGO_EXTRA_CFLAGS +ARG GOCACHE +ENV GOCACHE=${GOCACHE:-/root/.cache/go-build} + +ARG GOMODCACHE +ENV GOMODCACHE=${GOMODCACHE:-/go/pkg/mod} + # Build deps RUN apk --no-cache add \ build-base \ @@ -24,10 +30,17 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea # Checkout version if set RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all build + && make clean-all + +RUN --mount=type=cache,target=/root/.npm \ + --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=cache,target="/root/.cache/go-build" \ + make build # Begin env-to-ini build -RUN go build contrib/environment-to-ini/environment-to-ini.go +RUN --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=cache,target="/root/.cache/go-build" \ + go build contrib/environment-to-ini/environment-to-ini.go # Copy local files COPY docker/root /tmp/local diff --git a/Dockerfile.rootless b/Dockerfile.rootless index e83c1af33b90d..be8c4653f1b54 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -9,6 +9,12 @@ ARG TAGS="sqlite sqlite_unlock_notify" ENV TAGS="bindata timetzdata $TAGS" ARG CGO_EXTRA_CFLAGS +ARG GOCACHE +ENV GOCACHE=${GOCACHE:-/root/.cache/go-build} + +ARG GOMODCACHE +ENV GOMODCACHE=${GOMODCACHE:-/go/pkg/mod} + #Build deps RUN apk --no-cache add \ build-base \ @@ -24,10 +30,17 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea # Checkout version if set RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all build + && make clean-all + +RUN --mount=type=cache,target=/root/.npm \ + --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=cache,target="/root/.cache/go-build" \ + make build # Begin env-to-ini build -RUN go build contrib/environment-to-ini/environment-to-ini.go +RUN --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=cache,target="/root/.cache/go-build" \ + go build contrib/environment-to-ini/environment-to-ini.go # Copy local files COPY docker/rootless /tmp/local From 48c432ddbcd993d5cb489b98e50d54bef8c9b9fe Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sun, 29 Jun 2025 22:02:10 -0700 Subject: [PATCH 02/21] experiment --- .github/workflows/pull-docker-dryrun.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index f74277de671bf..abbf3fa33f5f3 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -21,6 +21,8 @@ jobs: with: push: false tags: gitea/gitea:linux-amd64 + cache-from: type=registry,ref=gitea/gitea:buildcache-pr-amd64 + cache-to: type=registry,ref=gitea/gitea:buildcache-pr-amd64,mode=max rootless: if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true' @@ -33,3 +35,5 @@ jobs: push: false file: Dockerfile.rootless tags: gitea/gitea:linux-amd64 + cache-from: type=registry,ref=gitea/gitea:buildcache-pr-amd64-rootless + cache-to: type=registry,ref=gitea/gitea:buildcache-pr-amd64-rootless,mode=max From afba5ffe0a5d820ddb308fb774d03a0a3ed14797 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 30 Jun 2025 16:41:45 -0700 Subject: [PATCH 03/21] update all cache --- .github/workflows/pull-docker-dryrun.yml | 27 +++++++++++++++++++---- .github/workflows/release-nightly.yml | 4 ++++ .github/workflows/release-tag-rc.yml | 2 ++ .github/workflows/release-tag-version.yml | 2 ++ 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index abbf3fa33f5f3..205fa4e87d664 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -16,24 +16,43 @@ jobs: needs: files-changed runs-on: ubuntu-latest steps: + - name: Get cleaned branch name + id: clean_name + run: | + # if main then say nightly otherwise cleanup name + if [ "${{ github.base_ref }}" = "refs/heads/main" ]; then + echo "branch=nightly" >> "$GITHUB_OUTPUT" + exit 0 + fi + REF_NAME=$(echo "${{ github.base_ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') + echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT" - uses: docker/setup-buildx-action@v3 - uses: docker/build-push-action@v5 with: push: false tags: gitea/gitea:linux-amd64 - cache-from: type=registry,ref=gitea/gitea:buildcache-pr-amd64 - cache-to: type=registry,ref=gitea/gitea:buildcache-pr-amd64,mode=max + platforms: linux/amd64,linux/arm64,linux/riscv64 + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} rootless: if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true' needs: files-changed runs-on: ubuntu-latest steps: + - name: Get cleaned branch name + id: clean_name + run: | + # if main then say nightly otherwise cleanup name + if [ "${{ github.base_ref }}" = "refs/heads/main" ]; then + echo "branch=nightly" >> "$GITHUB_OUTPUT" + exit 0 + fi + REF_NAME=$(echo "${{ github.base_ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') + echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT" - uses: docker/setup-buildx-action@v3 - uses: docker/build-push-action@v5 with: push: false file: Dockerfile.rootless tags: gitea/gitea:linux-amd64 - cache-from: type=registry,ref=gitea/gitea:buildcache-pr-amd64-rootless - cache-to: type=registry,ref=gitea/gitea:buildcache-pr-amd64-rootless,mode=max + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 3d652e4ad8bcc..f3dcb5c673235 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -98,6 +98,8 @@ jobs: tags: |- gitea/gitea:${{ steps.clean_name.outputs.branch }} ghcr.io/go-gitea/gitea:${{ steps.clean_name.outputs.branch }} + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} + cache-to: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }},mode=max nightly-docker-rootless: runs-on: namespace-profile-gitea-release-docker permissions: @@ -141,3 +143,5 @@ jobs: tags: |- gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless ghcr.io/go-gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless + cache-to: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless,mode=max diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index f4776a9ed8ca7..a5228335d6574 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -107,6 +107,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} docker-rootless: runs-on: namespace-profile-gitea-release-docker permissions: @@ -151,3 +152,4 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index ad0820f31fea4..0a30ba40eaab5 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -115,6 +115,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} docker-rootless: runs-on: namespace-profile-gitea-release-docker steps: @@ -162,3 +163,4 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless From b9bc1b87c06a58af5ca0aea9550573d762717813 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 30 Jun 2025 16:43:52 -0700 Subject: [PATCH 04/21] improvements --- .github/workflows/release-tag-rc.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index a5228335d6574..bcd7b37ed3429 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -99,6 +99,12 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get cleaned branch name + id: clean_name + run: | + REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') + echo "Cleaned name is ${REF_NAME}" + echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - name: build rootful docker image uses: docker/build-push-action@v5 with: @@ -143,6 +149,12 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get cleaned branch name + id: clean_name + run: | + REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') + echo "Cleaned name is ${REF_NAME}" + echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - name: build rootless docker image uses: docker/build-push-action@v5 with: From efb558acb0a8dc0bb95deb3aa6dfda1b53a1fa85 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 30 Jun 2025 16:44:49 -0700 Subject: [PATCH 05/21] improvements --- .github/workflows/release-tag-version.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index 0a30ba40eaab5..f3e41df8eb722 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -107,6 +107,12 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get cleaned branch name + id: clean_name + run: | + REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') + echo "Cleaned name is ${REF_NAME}" + echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - name: build rootful docker image uses: docker/build-push-action@v5 with: @@ -154,6 +160,12 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get cleaned branch name + id: clean_name + run: | + REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') + echo "Cleaned name is ${REF_NAME}" + echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - name: build rootless docker image uses: docker/build-push-action@v5 with: From 4b70dd9998463e41afbea4cddc191fcb56e9e03b Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Mon, 29 Sep 2025 18:32:39 +0200 Subject: [PATCH 06/21] add mount cache during builds correct permissions on copied files --- Dockerfile | 51 ++++++++++------------------- Dockerfile.rootless | 45 +++++++++---------------- docker/root/usr/local/bin/gitea | 0 docker/rootless/usr/local/bin/gitea | 0 4 files changed, 32 insertions(+), 64 deletions(-) mode change 100644 => 100755 docker/root/usr/local/bin/gitea mode change 100644 => 100755 docker/rootless/usr/local/bin/gitea diff --git a/Dockerfile b/Dockerfile index 5837ccbd6e7b0..60102591f6e40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,46 +20,30 @@ RUN apk --no-cache add \ build-base \ git \ nodejs \ - npm \ - && npm install -g pnpm@10 \ - && rm -rf /var/cache/apk/* + pnpm # Setup repo COPY . ${GOPATH}/src/code.gitea.io/gitea WORKDIR ${GOPATH}/src/code.gitea.io/gitea # Checkout version if set -RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all - -RUN --mount=type=cache,target=/root/.npm \ - --mount=type=cache,target=/go/pkg/mod/ \ - --mount=type=cache,target="/root/.cache/go-build" \ - make build +RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ + --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target="/root/.cache/go-build" \ + if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ + && make clean-all build # Begin env-to-ini build -RUN --mount=type=cache,target=/go/pkg/mod/ \ - --mount=type=cache,target="/root/.cache/go-build" \ - go build contrib/environment-to-ini/environment-to-ini.go - -# Copy local files -COPY docker/root /tmp/local - -# Set permissions -RUN chmod 755 /tmp/local/usr/bin/entrypoint \ - /tmp/local/usr/local/bin/gitea \ - /tmp/local/etc/s6/gitea/* \ - /tmp/local/etc/s6/openssh/* \ - /tmp/local/etc/s6/.s6-svscan/* \ - /go/src/code.gitea.io/gitea/gitea \ - /go/src/code.gitea.io/gitea/environment-to-ini - -FROM docker.io/library/alpine:3.22 +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target="/root/.cache/go-build" \ + go build contrib/environment-to-ini/environment-to-ini.go + +FROM docker.io/library/alpine:3.22 AS gitea LABEL maintainer="maintainers@gitea.io" EXPOSE 22 3000 -RUN apk --no-cache add \ +RUN apk add --no-cache \ bash \ ca-certificates \ curl \ @@ -70,8 +54,7 @@ RUN apk --no-cache add \ s6 \ sqlite \ su-exec \ - gnupg \ - && rm -rf /var/cache/apk/* + gnupg RUN addgroup \ -S -g 1000 \ @@ -85,6 +68,10 @@ RUN addgroup \ git && \ echo "git:*" | chpasswd -e +COPY docker/root / +COPY --chmod=755 --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea +COPY --chmod=755 --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini + ENV USER=git ENV GITEA_CUSTOM=/data/gitea @@ -92,7 +79,3 @@ VOLUME ["/data"] ENTRYPOINT ["/usr/bin/entrypoint"] CMD ["/usr/bin/s6-svscan", "/etc/s6"] - -COPY --from=build-env /tmp/local / -COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea -COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini diff --git a/Dockerfile.rootless b/Dockerfile.rootless index be8c4653f1b54..cb3bfe362c836 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -15,44 +15,30 @@ ENV GOCACHE=${GOCACHE:-/root/.cache/go-build} ARG GOMODCACHE ENV GOMODCACHE=${GOMODCACHE:-/go/pkg/mod} -#Build deps +# Build deps RUN apk --no-cache add \ build-base \ git \ nodejs \ - npm \ - && npm install -g pnpm@10 \ - && rm -rf /var/cache/apk/* + pnpm # Setup repo COPY . ${GOPATH}/src/code.gitea.io/gitea WORKDIR ${GOPATH}/src/code.gitea.io/gitea # Checkout version if set -RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all - -RUN --mount=type=cache,target=/root/.npm \ - --mount=type=cache,target=/go/pkg/mod/ \ - --mount=type=cache,target="/root/.cache/go-build" \ - make build +RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ + --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target="/root/.cache/go-build" \ + if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ + && make clean-all build # Begin env-to-ini build -RUN --mount=type=cache,target=/go/pkg/mod/ \ - --mount=type=cache,target="/root/.cache/go-build" \ - go build contrib/environment-to-ini/environment-to-ini.go - -# Copy local files -COPY docker/rootless /tmp/local - -# Set permissions -RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \ - /tmp/local/usr/local/bin/docker-setup.sh \ - /tmp/local/usr/local/bin/gitea \ - /go/src/code.gitea.io/gitea/gitea \ - /go/src/code.gitea.io/gitea/environment-to-ini +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target="/root/.cache/go-build" \ + go build contrib/environment-to-ini/environment-to-ini.go -FROM docker.io/library/alpine:3.22 +FROM docker.io/library/alpine:3.22 AS gitea-rootless LABEL maintainer="maintainers@gitea.io" EXPOSE 2222 3000 @@ -65,8 +51,7 @@ RUN apk --no-cache add \ git \ curl \ gnupg \ - openssh-keygen \ - && rm -rf /var/cache/apk/* + openssh-keygen RUN addgroup \ -S -g 1000 \ @@ -82,9 +67,9 @@ RUN addgroup \ RUN mkdir -p /var/lib/gitea /etc/gitea RUN chown git:git /var/lib/gitea /etc/gitea -COPY --from=build-env /tmp/local / -COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea -COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini +COPY docker/rootless / +COPY --from=build-env --chmod=755 --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea +COPY --from=build-env --chmod=755 --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini # git:git USER 1000:1000 diff --git a/docker/root/usr/local/bin/gitea b/docker/root/usr/local/bin/gitea old mode 100644 new mode 100755 diff --git a/docker/rootless/usr/local/bin/gitea b/docker/rootless/usr/local/bin/gitea old mode 100644 new mode 100755 From b4fc88b936147d74a3be75c51b97e1712bc5893e Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sun, 5 Oct 2025 17:09:00 +0200 Subject: [PATCH 07/21] trim down build stage Avoid copying .git directory into the container --- Dockerfile | 26 +++++++++++++++----------- Dockerfile.rootless | 26 +++++++++++++++----------- 2 files changed, 30 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index 60102591f6e40..92e07d30d9947 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,13 @@ # Build stage FROM docker.io/library/golang:1.25-alpine3.22 AS build-env -ARG GOPROXY -ENV GOPROXY=${GOPROXY:-direct} +ARG GOPROXY=direct ARG GITEA_VERSION ARG TAGS="sqlite sqlite_unlock_notify" ENV TAGS="bindata timetzdata $TAGS" ARG CGO_EXTRA_CFLAGS -ARG GOCACHE -ENV GOCACHE=${GOCACHE:-/root/.cache/go-build} - -ARG GOMODCACHE -ENV GOMODCACHE=${GOMODCACHE:-/go/pkg/mod} - # Build deps RUN apk --no-cache add \ build-base \ @@ -22,16 +15,28 @@ RUN apk --no-cache add \ nodejs \ pnpm +WORKDIR ${GOPATH}/src/code.gitea.io/gitea + +# Fetch go dependencies +COPY go.mod go.sum ./ +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download + +# Fetch pnpm dependencies +COPY package.json pnpm-lock.yaml ./ +RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ + pnpm install --frozen-lockfile --prod + # Setup repo COPY . ${GOPATH}/src/code.gitea.io/gitea -WORKDIR ${GOPATH}/src/code.gitea.io/gitea # Checkout version if set RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ + --mount=type=bind,source=".git",target="${GOPATH}/src/code.gitea.io/gitea/.git" \ if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all build + && make build # Begin env-to-ini build RUN --mount=type=cache,target=/go/pkg/mod \ @@ -39,7 +44,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ go build contrib/environment-to-ini/environment-to-ini.go FROM docker.io/library/alpine:3.22 AS gitea -LABEL maintainer="maintainers@gitea.io" EXPOSE 22 3000 diff --git a/Dockerfile.rootless b/Dockerfile.rootless index cb3bfe362c836..9b53d6c0b3a6b 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -1,20 +1,13 @@ # Build stage FROM docker.io/library/golang:1.25-alpine3.22 AS build-env -ARG GOPROXY -ENV GOPROXY=${GOPROXY:-direct} +ARG GOPROXY=direct ARG GITEA_VERSION ARG TAGS="sqlite sqlite_unlock_notify" ENV TAGS="bindata timetzdata $TAGS" ARG CGO_EXTRA_CFLAGS -ARG GOCACHE -ENV GOCACHE=${GOCACHE:-/root/.cache/go-build} - -ARG GOMODCACHE -ENV GOMODCACHE=${GOMODCACHE:-/go/pkg/mod} - # Build deps RUN apk --no-cache add \ build-base \ @@ -22,16 +15,28 @@ RUN apk --no-cache add \ nodejs \ pnpm +WORKDIR ${GOPATH}/src/code.gitea.io/gitea + +# Fetch go dependencies +COPY go.mod go.sum ./ +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download + +# Fetch pnpm dependencies +COPY package.json pnpm-lock.yaml ./ +RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ + pnpm install --frozen-lockfile --prod + # Setup repo COPY . ${GOPATH}/src/code.gitea.io/gitea -WORKDIR ${GOPATH}/src/code.gitea.io/gitea # Checkout version if set RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ + --mount=type=bind,source=".git",target="${GOPATH}/src/code.gitea.io/gitea/.git" \ if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make clean-all build + && make build # Begin env-to-ini build RUN --mount=type=cache,target=/go/pkg/mod \ @@ -39,7 +44,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \ go build contrib/environment-to-ini/environment-to-ini.go FROM docker.io/library/alpine:3.22 AS gitea-rootless -LABEL maintainer="maintainers@gitea.io" EXPOSE 2222 3000 From da539d8f720fa0a47c5a46941d6ee7b84939934a Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sun, 5 Oct 2025 17:42:10 +0200 Subject: [PATCH 08/21] unify container builds instead of running two jobs compiling the same code, run one and reuse layers --- .github/workflows/release-nightly.yml | 76 +++++++++-------------- .github/workflows/release-tag-rc.yml | 66 +++++--------------- .github/workflows/release-tag-version.yml | 64 +++++-------------- 3 files changed, 63 insertions(+), 143 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index f3dcb5c673235..4e20392702494 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -56,7 +56,7 @@ jobs: - name: upload binaries to s3 run: | aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress - nightly-docker-rootful: + nightly-container: runs-on: namespace-profile-gitea-release-docker permissions: packages: write # to publish to ghcr.io @@ -76,6 +76,29 @@ jobs: run: | REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT" + - uses: docker/metadata-action@v5 + id: meta + with: + images: |- + gitea/gitea + ghcr.io/go-gitea/gitea + tags: | + type=raw,value=${{ steps.clean_name.outputs.branch }} + annotations: | + org.opencontainers.image.authors="maintainers@gitea.io" + - uses: docker/metadata-action@v5 + id: meta_rootless + with: + images: |- + gitea/gitea + ghcr.io/go-gitea/gitea + # each tag below will have the suffix of -rootless + flavor: | + suffix=-rootless + tags: | + type=raw,value=${{ steps.clean_name.outputs.branch }} + annotations: | + org.opencontainers.image.authors="maintainers@gitea.io" - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -87,61 +110,20 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: fetch go modules - run: make vendor - name: build rootful docker image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64,linux/riscv64 push: true - tags: |- - gitea/gitea:${{ steps.clean_name.outputs.branch }} - ghcr.io/go-gitea/gitea:${{ steps.clean_name.outputs.branch }} - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} - cache-to: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }},mode=max - nightly-docker-rootless: - runs-on: namespace-profile-gitea-release-docker - permissions: - packages: write # to publish to ghcr.io - steps: - - uses: actions/checkout@v4 - # fetch all commits instead of only the last as some branches are long lived and could have many between versions - # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - - run: git fetch --unshallow --quiet --tags --force - - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - check-latest: true - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - name: Get cleaned branch name - id: clean_name - run: | - REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') - echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT" - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR using PAT - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: fetch go modules - run: make vendor + tags: ${{ steps.meta_rootless.outputs.tags }} + annotations: ${{ steps.meta_rootless.outputs.annotations }} - name: build rootless docker image uses: docker/build-push-action@v5 with: context: . - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64,linux/arm64,linux/riscv64 push: true file: Dockerfile.rootless - tags: |- - gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless - ghcr.io/go-gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless - cache-to: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless,mode=max + tags: ${{ steps.meta_rootless.outputs.tags }} + annotations: ${{ steps.meta_rootless.outputs.annotations }} diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index bcd7b37ed3429..98a2950e3b863 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -66,7 +66,7 @@ jobs: gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/* env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} - docker-rootful: + container: runs-on: namespace-profile-gitea-release-docker permissions: packages: write # to publish to ghcr.io @@ -88,45 +88,10 @@ jobs: # 1.2.3-rc0 tags: | type=semver,pattern={{version}} - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR using PAT - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Get cleaned branch name - id: clean_name - run: | - REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') - echo "Cleaned name is ${REF_NAME}" - echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - - name: build rootful docker image - uses: docker/build-push-action@v5 - with: - context: . - platforms: linux/amd64,linux/arm64,linux/riscv64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} - docker-rootless: - runs-on: namespace-profile-gitea-release-docker - permissions: - packages: write # to publish to ghcr.io - steps: - - uses: actions/checkout@v4 - # fetch all commits instead of only the last as some branches are long lived and could have many between versions - # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - - run: git fetch --unshallow --quiet --tags --force - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 + annotations: | + org.opencontainers.image.authors="maintainers@gitea.io" - uses: docker/metadata-action@v5 - id: meta + id: meta_rootless with: images: |- gitea/gitea @@ -138,6 +103,8 @@ jobs: # 1.2.3-rc0 tags: | type=semver,pattern={{version}} + annotations: | + org.opencontainers.image.authors="maintainers@gitea.io" - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -149,19 +116,20 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Get cleaned branch name - id: clean_name - run: | - REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') - echo "Cleaned name is ${REF_NAME}" - echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - - name: build rootless docker image + - name: build rootful container image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64,linux/riscv64 push: true - file: Dockerfile.rootless tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless + annotations: ${{ steps.meta.outputs.annotations }} + - name: build rootless container image + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64,linux/riscv64 + push: true + file: Dockerfile.rootless + tags: ${{ steps.meta_rootless.outputs.tags }} + annotations: ${{ steps.meta_rootless.outputs.annotations }} diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index f3e41df8eb722..58c95458ea776 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -70,7 +70,7 @@ jobs: gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/* env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} - docker-rootful: + container: runs-on: namespace-profile-gitea-release-docker permissions: packages: write # to publish to ghcr.io @@ -96,43 +96,10 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR using PAT - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Get cleaned branch name - id: clean_name - run: | - REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') - echo "Cleaned name is ${REF_NAME}" - echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - - name: build rootful docker image - uses: docker/build-push-action@v5 - with: - context: . - platforms: linux/amd64,linux/arm64,linux/riscv64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} - docker-rootless: - runs-on: namespace-profile-gitea-release-docker - steps: - - uses: actions/checkout@v4 - # fetch all commits instead of only the last as some branches are long lived and could have many between versions - # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - - run: git fetch --unshallow --quiet --tags --force - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 + annotations: | + org.opencontainers.image.authors="maintainers@gitea.io" - uses: docker/metadata-action@v5 - id: meta + id: meta_rootless with: images: |- gitea/gitea @@ -149,6 +116,8 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} + annotations: | + org.opencontainers.image.authors="maintainers@gitea.io" - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -160,19 +129,20 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Get cleaned branch name - id: clean_name - run: | - REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//') - echo "Cleaned name is ${REF_NAME}" - echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - - name: build rootless docker image + - name: build rootful container image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64,linux/riscv64 push: true - file: Dockerfile.rootless tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless + annotations: ${{ steps.meta.outputs.annotations }} + - name: build rootless container image + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64,linux/riscv64 + push: true + file: Dockerfile.rootless + tags: ${{ steps.meta_rootless.outputs.tags }} + annotations: ${{ steps.meta_rootless.outputs.annotations }} From 24215386777d59d65d641ceef52c198e2875e253 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 11 Oct 2025 13:51:10 +0200 Subject: [PATCH 09/21] add cache-to and from directives --- .github/workflows/release-nightly.yml | 8 ++++---- .github/workflows/release-tag-rc.yml | 2 ++ .github/workflows/release-tag-version.yml | 2 ++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 4e20392702494..e6a2017068827 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -65,10 +65,6 @@ jobs: # fetch all commits instead of only the last as some branches are long lived and could have many between versions # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - run: git fetch --unshallow --quiet --tags --force - - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - check-latest: true - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - name: Get cleaned branch name @@ -118,6 +114,8 @@ jobs: push: true tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} + cache-to: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache,mode=max + cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache - name: build rootless docker image uses: docker/build-push-action@v5 with: @@ -127,3 +125,5 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} + cache-to: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache,mode=max + cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index 98a2950e3b863..73551628b15c6 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -124,6 +124,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} annotations: ${{ steps.meta.outputs.annotations }} + cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache - name: build rootless container image uses: docker/build-push-action@v5 with: @@ -133,3 +134,4 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} + cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index 58c95458ea776..eb16867150e3d 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -137,6 +137,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} annotations: ${{ steps.meta.outputs.annotations }} + cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache - name: build rootless container image uses: docker/build-push-action@v5 with: @@ -146,3 +147,4 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} + cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache From 2f9e04745d30e076fe61bf3cde878ca8bc12702f Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 11 Oct 2025 13:56:26 +0200 Subject: [PATCH 10/21] avoid copying all files to trim down the build stage --- Dockerfile | 29 ++++++++++++++++++++++++----- Dockerfile.rootless | 29 ++++++++++++++++++++++++----- 2 files changed, 48 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 92e07d30d9947..d069f8a4dab39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,8 @@ RUN apk --no-cache add \ WORKDIR ${GOPATH}/src/code.gitea.io/gitea +COPY Makefile . + # Fetch go dependencies COPY go.mod go.sum ./ RUN --mount=type=cache,target=/go/pkg/mod \ @@ -27,16 +29,33 @@ COPY package.json pnpm-lock.yaml ./ RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ pnpm install --frozen-lockfile --prod -# Setup repo -COPY . ${GOPATH}/src/code.gitea.io/gitea +COPY ./webpack.config.ts tailwind.config.ts ./ +COPY ./assets ./assets +COPY ./public ./public +COPY ./web_src ./web_src + +RUN make frontend + +# Copy source files +COPY ./build ./build +COPY ./cmd ./cmd +COPY ./models ./models +COPY ./modules ./modules +COPY ./options ./options +COPY ./routers ./routers +COPY ./services ./services +COPY ./templates ./templates +COPY ./build.go . +COPY ./main.go . +COPY contrib/environment-to-ini/environment-to-ini.go contrib/environment-to-ini/environment-to-ini.go +COPY ./custom ./custom # Checkout version if set -RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ - --mount=type=cache,target=/go/pkg/mod \ +RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ --mount=type=bind,source=".git",target="${GOPATH}/src/code.gitea.io/gitea/.git" \ if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make build + && make backend # Begin env-to-ini build RUN --mount=type=cache,target=/go/pkg/mod \ diff --git a/Dockerfile.rootless b/Dockerfile.rootless index 9b53d6c0b3a6b..637c529abda90 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -17,6 +17,8 @@ RUN apk --no-cache add \ WORKDIR ${GOPATH}/src/code.gitea.io/gitea +COPY Makefile . + # Fetch go dependencies COPY go.mod go.sum ./ RUN --mount=type=cache,target=/go/pkg/mod \ @@ -27,16 +29,33 @@ COPY package.json pnpm-lock.yaml ./ RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ pnpm install --frozen-lockfile --prod -# Setup repo -COPY . ${GOPATH}/src/code.gitea.io/gitea +COPY ./webpack.config.ts tailwind.config.ts ./ +COPY ./assets ./assets +COPY ./public ./public +COPY ./web_src ./web_src + +RUN make frontend + +# Copy source files +COPY ./build ./build +COPY ./cmd ./cmd +COPY ./models ./models +COPY ./modules ./modules +COPY ./options ./options +COPY ./routers ./routers +COPY ./services ./services +COPY ./templates ./templates +COPY ./build.go . +COPY ./main.go . +COPY contrib/environment-to-ini/environment-to-ini.go contrib/environment-to-ini/environment-to-ini.go +COPY ./custom ./custom # Checkout version if set -RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ - --mount=type=cache,target=/go/pkg/mod \ +RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ --mount=type=bind,source=".git",target="${GOPATH}/src/code.gitea.io/gitea/.git" \ if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make build + && make backend # Begin env-to-ini build RUN --mount=type=cache,target=/go/pkg/mod \ From db78470cae79b666672f3f0823caec07cb5f69fa Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 18 Oct 2025 16:34:54 +0200 Subject: [PATCH 11/21] drop remote cache fully --- .github/workflows/pull-docker-dryrun.yml | 39 ++++------------------- .github/workflows/release-nightly.yml | 4 --- .github/workflows/release-tag-rc.yml | 2 -- .github/workflows/release-tag-version.yml | 2 -- 4 files changed, 6 insertions(+), 41 deletions(-) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index 205fa4e87d664..7c7227bae1012 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -11,48 +11,21 @@ jobs: files-changed: uses: ./.github/workflows/files-changed.yml - regular: + contianer: if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true' needs: files-changed runs-on: ubuntu-latest steps: - - name: Get cleaned branch name - id: clean_name - run: | - # if main then say nightly otherwise cleanup name - if [ "${{ github.base_ref }}" = "refs/heads/main" ]; then - echo "branch=nightly" >> "$GITHUB_OUTPUT" - exit 0 - fi - REF_NAME=$(echo "${{ github.base_ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') - echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT" - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v5 + - name: Build regular variant + uses: docker/build-push-action@v5 with: push: false tags: gitea/gitea:linux-amd64 platforms: linux/amd64,linux/arm64,linux/riscv64 - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }} - - rootless: - if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true' - needs: files-changed - runs-on: ubuntu-latest - steps: - - name: Get cleaned branch name - id: clean_name - run: | - # if main then say nightly otherwise cleanup name - if [ "${{ github.base_ref }}" = "refs/heads/main" ]; then - echo "branch=nightly" >> "$GITHUB_OUTPUT" - exit 0 - fi - REF_NAME=$(echo "${{ github.base_ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') - echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT" - - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v5 + - name: Build rootless variant + uses: docker/build-push-action@v5 with: push: false file: Dockerfile.rootless - tags: gitea/gitea:linux-amd64 - cache-from: type=registry,ref=gitea/gitea:buildcache-${{ steps.clean_name.outputs.branch }}-rootless + tags: gitea/gitea:linux-amd64,linux/arm64,linux/riscv64 diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index e6a2017068827..2a9344c2b707b 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -114,8 +114,6 @@ jobs: push: true tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} - cache-to: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache,mode=max - cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache - name: build rootless docker image uses: docker/build-push-action@v5 with: @@ -125,5 +123,3 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} - cache-to: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache,mode=max - cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index 73551628b15c6..98a2950e3b863 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -124,7 +124,6 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} annotations: ${{ steps.meta.outputs.annotations }} - cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache - name: build rootless container image uses: docker/build-push-action@v5 with: @@ -134,4 +133,3 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} - cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index eb16867150e3d..58c95458ea776 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -137,7 +137,6 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} annotations: ${{ steps.meta.outputs.annotations }} - cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache - name: build rootless container image uses: docker/build-push-action@v5 with: @@ -147,4 +146,3 @@ jobs: file: Dockerfile.rootless tags: ${{ steps.meta_rootless.outputs.tags }} annotations: ${{ steps.meta_rootless.outputs.annotations }} - cache-from: type=registry,ref=ghcr.io/thefox0x7/gitea-buildcache From 1c08d25c0397cb10a57c65c769908e38c06346b2 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 18 Oct 2025 16:47:54 +0200 Subject: [PATCH 12/21] rename jobs --- .github/workflows/pull-docker-dryrun.yml | 2 +- .github/workflows/release-tag-rc.yml | 2 +- .github/workflows/release-tag-version.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index 7c7227bae1012..5206455741886 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -11,7 +11,7 @@ jobs: files-changed: uses: ./.github/workflows/files-changed.yml - contianer: + container: if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true' needs: files-changed runs-on: ubuntu-latest diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index 9f69495325edb..e0311abf77965 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -66,7 +66,7 @@ jobs: gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/* env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} - docker-rootful: + container: runs-on: namespace-profile-gitea-release-docker permissions: packages: write # to publish to ghcr.io diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index 42d48b38ae75f..f851a59243af0 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -70,7 +70,7 @@ jobs: gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/* env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} - docker-rootful: + container: runs-on: namespace-profile-gitea-release-docker permissions: packages: write # to publish to ghcr.io From c8abefbfcac644e1a5e81981b1ecce9a3c3f1ab5 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 18 Oct 2025 18:42:55 +0200 Subject: [PATCH 13/21] unify naming --- .github/workflows/pull-docker-dryrun.yml | 4 ++-- .github/workflows/release-nightly.yml | 6 +++--- .github/workflows/release-tag-rc.yml | 2 +- .github/workflows/release-tag-version.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index 5206455741886..13f9b6aa2195e 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -17,13 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - uses: docker/setup-buildx-action@v3 - - name: Build regular variant + - name: Build regular container image uses: docker/build-push-action@v5 with: push: false tags: gitea/gitea:linux-amd64 platforms: linux/amd64,linux/arm64,linux/riscv64 - - name: Build rootless variant + - name: Build rootless container image uses: docker/build-push-action@v5 with: push: false diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index fa35b1c83aa93..ada4c18d337b9 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -106,14 +106,14 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: build rootful docker image + - name: build regular docker image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64,linux/riscv64 push: true - tags: ${{ steps.meta_rootless.outputs.tags }} - annotations: ${{ steps.meta_rootless.outputs.annotations }} + tags: ${{ steps.meta.outputs.tags }} + annotations: ${{ steps.meta.outputs.annotations }} - name: build rootless docker image uses: docker/build-push-action@v5 with: diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index e0311abf77965..5797947be557c 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -116,7 +116,7 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: build rootful container image + - name: build regular container image uses: docker/build-push-action@v5 with: context: . diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index f851a59243af0..2d1dea0865277 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -129,7 +129,7 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: build rootful container image + - name: build regular container image uses: docker/build-push-action@v5 with: context: . From 37cf5db22971c62193c09e001e45f02baaff971f Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 18 Oct 2025 19:28:41 +0200 Subject: [PATCH 14/21] add checkout so .git is avalible for bind drop platforms from dryrun --- .github/workflows/pull-docker-dryrun.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index 13f9b6aa2195e..7da7e904d16fc 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -16,16 +16,16 @@ jobs: needs: files-changed runs-on: ubuntu-latest steps: + - uses: actions/checkout@v5 - uses: docker/setup-buildx-action@v3 - name: Build regular container image uses: docker/build-push-action@v5 with: push: false tags: gitea/gitea:linux-amd64 - platforms: linux/amd64,linux/arm64,linux/riscv64 - name: Build rootless container image uses: docker/build-push-action@v5 with: push: false file: Dockerfile.rootless - tags: gitea/gitea:linux-amd64,linux/arm64,linux/riscv64 + tags: gitea/gitea:linux-amd64 From fe925c16a92e7483739ff3fe6df1b07932e603d3 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 18 Oct 2025 19:29:54 +0200 Subject: [PATCH 15/21] fix bad merge choice --- .github/workflows/release-tag-rc.yml | 2 +- .github/workflows/release-tag-version.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml index 5797947be557c..35558933e0b86 100644 --- a/.github/workflows/release-tag-rc.yml +++ b/.github/workflows/release-tag-rc.yml @@ -71,7 +71,7 @@ jobs: permissions: packages: write # to publish to ghcr.io steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # fetch all commits instead of only the last as some branches are long lived and could have many between versions # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - run: git fetch --unshallow --quiet --tags --force diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml index 2d1dea0865277..56426d3bc3311 100644 --- a/.github/workflows/release-tag-version.yml +++ b/.github/workflows/release-tag-version.yml @@ -75,7 +75,7 @@ jobs: permissions: packages: write # to publish to ghcr.io steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # fetch all commits instead of only the last as some branches are long lived and could have many between versions # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - run: git fetch --unshallow --quiet --tags --force From 1218db2867d393a5ebb456452366ef05d765cda4 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 18 Oct 2025 19:36:15 +0200 Subject: [PATCH 16/21] bypass dockers git context --- .github/workflows/pull-docker-dryrun.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml index 7da7e904d16fc..9c9dd2ffe6bcc 100644 --- a/.github/workflows/pull-docker-dryrun.yml +++ b/.github/workflows/pull-docker-dryrun.yml @@ -21,11 +21,13 @@ jobs: - name: Build regular container image uses: docker/build-push-action@v5 with: + context: . push: false tags: gitea/gitea:linux-amd64 - name: Build rootless container image uses: docker/build-push-action@v5 with: + context: . push: false file: Dockerfile.rootless tags: gitea/gitea:linux-amd64 From 1aa245f372dc4a70e1d17d2c6234e97dc951fbf7 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Thu, 23 Oct 2025 20:39:10 +0200 Subject: [PATCH 17/21] exclude git from container build It's not required and grows over time. Also exclude containerfiles from the copy so changes in them won't trigger layer invalidation if it's not needed --- .dockerignore | 3 ++- Dockerfile | 40 +++++----------------------------------- Dockerfile.rootless | 40 +++++----------------------------------- 3 files changed, 12 insertions(+), 71 deletions(-) diff --git a/.dockerignore b/.dockerignore index 8e0d6b36665af..16a13794bfc20 100644 --- a/.dockerignore +++ b/.dockerignore @@ -74,7 +74,8 @@ cpu.out /VERSION /.air /.go-licenses - +Dockerfile +Dockerfile.rootless # Files and folders that were previously generated /public/assets/img/webpack diff --git a/Dockerfile b/Dockerfile index d069f8a4dab39..a8415e8a18674 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:1 # Build stage FROM docker.io/library/golang:1.25-alpine3.22 AS build-env @@ -16,46 +17,15 @@ RUN apk --no-cache add \ pnpm WORKDIR ${GOPATH}/src/code.gitea.io/gitea - -COPY Makefile . - -# Fetch go dependencies -COPY go.mod go.sum ./ -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download - -# Fetch pnpm dependencies -COPY package.json pnpm-lock.yaml ./ -RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ - pnpm install --frozen-lockfile --prod - -COPY ./webpack.config.ts tailwind.config.ts ./ -COPY ./assets ./assets -COPY ./public ./public -COPY ./web_src ./web_src - -RUN make frontend - -# Copy source files -COPY ./build ./build -COPY ./cmd ./cmd -COPY ./models ./models -COPY ./modules ./modules -COPY ./options ./options -COPY ./routers ./routers -COPY ./services ./services -COPY ./templates ./templates -COPY ./build.go . -COPY ./main.go . -COPY contrib/environment-to-ini/environment-to-ini.go contrib/environment-to-ini/environment-to-ini.go -COPY ./custom ./custom +COPY --exclude=.git/ . . # Checkout version if set RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ - --mount=type=bind,source=".git",target="${GOPATH}/src/code.gitea.io/gitea/.git" \ + --mount=type=cache,target=/root/.local/share/pnpm/store \ + --mount=type=bind,source=".git/",target=".git/" \ if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make backend + && make # Begin env-to-ini build RUN --mount=type=cache,target=/go/pkg/mod \ diff --git a/Dockerfile.rootless b/Dockerfile.rootless index 637c529abda90..2360c0741ee86 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:1 # Build stage FROM docker.io/library/golang:1.25-alpine3.22 AS build-env @@ -16,46 +17,15 @@ RUN apk --no-cache add \ pnpm WORKDIR ${GOPATH}/src/code.gitea.io/gitea - -COPY Makefile . - -# Fetch go dependencies -COPY go.mod go.sum ./ -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download - -# Fetch pnpm dependencies -COPY package.json pnpm-lock.yaml ./ -RUN --mount=type=cache,target=/root/.local/share/pnpm/store \ - pnpm install --frozen-lockfile --prod - -COPY ./webpack.config.ts tailwind.config.ts ./ -COPY ./assets ./assets -COPY ./public ./public -COPY ./web_src ./web_src - -RUN make frontend - -# Copy source files -COPY ./build ./build -COPY ./cmd ./cmd -COPY ./models ./models -COPY ./modules ./modules -COPY ./options ./options -COPY ./routers ./routers -COPY ./services ./services -COPY ./templates ./templates -COPY ./build.go . -COPY ./main.go . -COPY contrib/environment-to-ini/environment-to-ini.go contrib/environment-to-ini/environment-to-ini.go -COPY ./custom ./custom +COPY --exclude=.git/ . . # Checkout version if set RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ - --mount=type=bind,source=".git",target="${GOPATH}/src/code.gitea.io/gitea/.git" \ + --mount=type=cache,target=/root/.local/share/pnpm/store \ + --mount=type=bind,source=".git/",target=".git/" \ if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make backend + && make # Begin env-to-ini build RUN --mount=type=cache,target=/go/pkg/mod \ From 449d2b4c7e7197d1ecafc928c2fcf494fa2a71c8 Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Wed, 29 Oct 2025 19:06:48 +0100 Subject: [PATCH 18/21] remove checkout from container --- Dockerfile | 5 ++--- Dockerfile.rootless | 6 ++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index d093aed46f592..31959d42c22a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,13 +19,12 @@ RUN apk --no-cache add \ WORKDIR ${GOPATH}/src/code.gitea.io/gitea COPY --exclude=.git/ . . -# Checkout version if set +# Build gitea, .git mount is required for version data RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ --mount=type=cache,target=/root/.local/share/pnpm/store \ --mount=type=bind,source=".git/",target=".git/" \ - if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make + make FROM docker.io/library/alpine:3.22 AS gitea diff --git a/Dockerfile.rootless b/Dockerfile.rootless index 4b806c776c280..ec9a91d611278 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -19,14 +19,12 @@ RUN apk --no-cache add \ WORKDIR ${GOPATH}/src/code.gitea.io/gitea COPY --exclude=.git/ . . -# Checkout version if set +# Build gitea, .git mount is required for version data RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target="/root/.cache/go-build" \ --mount=type=cache,target=/root/.local/share/pnpm/store \ --mount=type=bind,source=".git/",target=".git/" \ - if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \ - && make - + make FROM docker.io/library/alpine:3.22 AS gitea-rootless From 1d5345d029dde42e0508c3ad5a6279e1bfe9827d Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Wed, 29 Oct 2025 23:08:39 +0100 Subject: [PATCH 19/21] restore chmod for windows based builds --- .dockerignore | 1 + Dockerfile | 12 +++++++++++- Dockerfile.rootless | 8 +++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.dockerignore b/.dockerignore index 16a13794bfc20..944b62eb98b8a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -76,6 +76,7 @@ cpu.out /.go-licenses Dockerfile Dockerfile.rootless + # Files and folders that were previously generated /public/assets/img/webpack diff --git a/Dockerfile b/Dockerfile index 31959d42c22a5..774084ba82423 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,6 +26,16 @@ RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=bind,source=".git/",target=".git/" \ make +COPY docker/root /tmp/local + +# Set permissions for builds that made under windows which strips the executable bit from file +RUN chmod 755 /tmp/local/usr/bin/entrypoint \ + /tmp/local/usr/local/bin/* \ + /tmp/local/etc/s6/gitea/* \ + /tmp/local/etc/s6/openssh/* \ + /tmp/local/etc/s6/.s6-svscan/* \ + /go/src/code.gitea.io/gitea/gitea + FROM docker.io/library/alpine:3.22 AS gitea EXPOSE 22 3000 @@ -55,7 +65,7 @@ RUN addgroup \ git && \ echo "git:*" | chpasswd -e -COPY docker/root / +COPY --from=build-env /tmp/local / COPY --chmod=755 --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea ENV USER=git diff --git a/Dockerfile.rootless b/Dockerfile.rootless index ec9a91d611278..d709d99b59ef3 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -26,6 +26,12 @@ RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=bind,source=".git/",target=".git/" \ make +COPY docker/rootless /tmp/local + +# Set permissions for builds that made under windows which strips the executable bit from file +RUN chmod 755 /tmp/local/usr/local/bin/* \ + /go/src/code.gitea.io/gitea/gitea + FROM docker.io/library/alpine:3.22 AS gitea-rootless EXPOSE 2222 3000 @@ -54,7 +60,7 @@ RUN addgroup \ RUN mkdir -p /var/lib/gitea /etc/gitea RUN chown git:git /var/lib/gitea /etc/gitea -COPY docker/rootless / +COPY --from=build-env /tmp/local / COPY --from=build-env --chmod=755 --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea # git:git From 525ffc268cc29882c2dcd8faa18105f0c3d2fa9e Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Fri, 31 Oct 2025 18:44:47 +0100 Subject: [PATCH 20/21] add COPY comment --- .dockerignore | 4 ++-- Dockerfile | 7 +++++-- Dockerfile.rootless | 3 ++- docker/root/usr/local/bin/gitea | 0 docker/rootless/usr/local/bin/gitea | 0 5 files changed, 9 insertions(+), 5 deletions(-) mode change 100755 => 100644 docker/root/usr/local/bin/gitea mode change 100755 => 100644 docker/rootless/usr/local/bin/gitea diff --git a/.dockerignore b/.dockerignore index 944b62eb98b8a..d1fc75290d04c 100644 --- a/.dockerignore +++ b/.dockerignore @@ -74,8 +74,8 @@ cpu.out /VERSION /.air /.go-licenses -Dockerfile -Dockerfile.rootless +/Dockerfile +/Dockerfile.rootless # Files and folders that were previously generated /public/assets/img/webpack diff --git a/Dockerfile b/Dockerfile index 774084ba82423..7cee0f32d3ee4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,9 @@ RUN apk --no-cache add \ pnpm WORKDIR ${GOPATH}/src/code.gitea.io/gitea +# Use COPY but not "mount" because some directories like "node_modules" contain platform-depended contents and these directories need to be ignored. +# ".git" directory will be mounted later separately for getting version data. +# TODO: in the future, maybe we can pre-build the frontend assets on one platform and share them for different platforms, the benefit is that it won't be affected by webpack plugin compatibility problems, then the working directory can be fully mounted and the COPY is not needed. COPY --exclude=.git/ . . # Build gitea, .git mount is required for version data @@ -40,7 +43,7 @@ FROM docker.io/library/alpine:3.22 AS gitea EXPOSE 22 3000 -RUN apk add --no-cache \ +RUN apk --no-cache add \ bash \ ca-certificates \ curl \ @@ -66,7 +69,7 @@ RUN addgroup \ echo "git:*" | chpasswd -e COPY --from=build-env /tmp/local / -COPY --chmod=755 --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea +COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea ENV USER=git ENV GITEA_CUSTOM=/data/gitea diff --git a/Dockerfile.rootless b/Dockerfile.rootless index d709d99b59ef3..8a6fa587e9d2d 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -17,6 +17,7 @@ RUN apk --no-cache add \ pnpm WORKDIR ${GOPATH}/src/code.gitea.io/gitea +# See the comments in Dockerfile COPY --exclude=.git/ . . # Build gitea, .git mount is required for version data @@ -61,7 +62,7 @@ RUN mkdir -p /var/lib/gitea /etc/gitea RUN chown git:git /var/lib/gitea /etc/gitea COPY --from=build-env /tmp/local / -COPY --from=build-env --chmod=755 --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea +COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea # git:git USER 1000:1000 diff --git a/docker/root/usr/local/bin/gitea b/docker/root/usr/local/bin/gitea old mode 100755 new mode 100644 diff --git a/docker/rootless/usr/local/bin/gitea b/docker/rootless/usr/local/bin/gitea old mode 100755 new mode 100644 From a9261ff88dcaf9aba03315a62ed099a7ddd67cfc Mon Sep 17 00:00:00 2001 From: TheFox0x7 Date: Sat, 1 Nov 2025 11:05:13 +0100 Subject: [PATCH 21/21] ignore python's venv --- .dockerignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.dockerignore b/.dockerignore index d1fc75290d04c..c88fb144fe506 100644 --- a/.dockerignore +++ b/.dockerignore @@ -76,6 +76,7 @@ cpu.out /.go-licenses /Dockerfile /Dockerfile.rootless +/.venv # Files and folders that were previously generated /public/assets/img/webpack