From d126c5736aba3a500fc62ce77c37f84641de2173 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Thu, 8 Oct 2020 21:43:13 +0200 Subject: [PATCH] Docker: add Debian based image --- .github/workflows/docker.yml | 26 +++++++++++-- Dockerfile | 21 ++++------ Dockerfile.alpine | 75 ++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 17 deletions(-) create mode 100644 Dockerfile.alpine diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9d1cf6a0..94089634 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,7 +2,7 @@ name: Docker on: schedule: - - cron: '0 4 * * *' # everyday at 4 am UTC + - cron: '0 4 * * *' # everyday at 4:00 AM UTC push: branches: - master @@ -13,7 +13,12 @@ on: jobs: build: name: Build - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: + - ubuntu-latest + docker_pkg: [debian, alpine] steps: - name: Checkout uses: actions/checkout@v2 @@ -31,6 +36,7 @@ jobs: run: | DOCKER_IMAGE=ghcr.io/drakkan/sftpgo VERSION=noop + DOCKERFILE=Dockerfile if [ "${{ github.event_name }}" = "schedule" ]; then VERSION=nightly elif [[ $GITHUB_REF == refs/tags/* ]]; then @@ -43,14 +49,25 @@ jobs: elif [[ $GITHUB_REF == refs/pull/* ]]; then VERSION=pr-${{ github.event.number }} fi + if [[ $DOCKER_PKG == alpine ]]; then + VERSION="$VERSION-alpine" + DOCKERFILE=Dockerfile.alpine + fi TAGS="${DOCKER_IMAGE}:${VERSION}" if [[ $GITHUB_REF == refs/tags/* ]]; then - TAGS="$TAGS,${DOCKER_IMAGE}:latest" + if [[ $DOCKER_PKG == debian ]]; then + TAGS="$TAGS,${DOCKER_IMAGE}:latest" + else + TAGS="$TAGS,${DOCKER_IMAGE}:alpine" + fi fi + echo ::set-output name=dockerfile::${DOCKERFILE} echo ::set-output name=version::${VERSION} echo ::set-output name=tags::${TAGS} echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') echo ::set-output name=sha::${GITHUB_SHA::8} + env: + DOCKER_PKG: ${{ matrix.docker_pkg }} - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -69,11 +86,12 @@ jobs: - name: Build and push uses: docker/build-push-action@v2 with: + file: ./${{ steps.info.outputs.dockerfile }} + platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.info.outputs.tags }} build-args: | COMMIT_SHA=${{ steps.info.outputs.sha }} - platforms: linux/amd64,linux/arm64 labels: | org.opencontainers.image.title=${{ fromJson(steps.repo.outputs.result).name }} org.opencontainers.image.description=Fully featured and highly configurable SFTP server with optional FTP/S and WebDAV support diff --git a/Dockerfile b/Dockerfile index 60972371..eff72cc9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,7 @@ -FROM golang:1.15-alpine AS builder +FROM golang:1.15 as builder ENV GOFLAGS="-mod=readonly" -RUN apk add --update --no-cache bash ca-certificates curl git gcc g++ - RUN mkdir -p /workspace WORKDIR /workspace @@ -25,24 +23,21 @@ RUN set -xe && \ export COMMIT_SHA=${COMMIT_SHA:-$(git describe --always --dirty)} && \ go build $(if [ -n "${FEATURES}" ]; then echo "-tags ${FEATURES}"; fi) -ldflags "-s -w -X github.com/drakkan/sftpgo/version.commit=${COMMIT_SHA} -X github.com/drakkan/sftpgo/version.date=`date -u +%FT%TZ`" -v -o sftpgo +FROM debian:buster-slim -FROM alpine:3.12 - -RUN apk add --update --no-cache ca-certificates tzdata bash mailcap +RUN apt-get update && apt-get install --no-install-recommends -y ca-certificates mime-support && apt-get clean SHELL ["/bin/bash", "-c"] -# set up nsswitch.conf for Go's "netgo" implementation -# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-424546457 -RUN test ! -e /etc/nsswitch.conf && echo 'hosts: files dns' > /etc/nsswitch.conf - RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo -RUN addgroup -g 1000 -S sftpgo -RUN adduser -u 1000 -h /var/lib/sftpgo -s /sbin/nologin -G sftpgo -S -D -H sftpgo +RUN groupadd --system -g 1000 sftpgo +RUN useradd --system --gid sftpgo --no-create-home \ + --home-dir /var/lib/sftpgo --shell /usr/sbin/nologin \ + --comment "SFTPGo user" --uid 1000 sftpgo # Install some optional packages used by SFTPGo features -RUN apk add --update --no-cache rsync git +RUN apt-get update && apt-get install --no-install-recommends -y git rsync && apt-get clean # Override some configuration details ENV SFTPGO_CONFIG_DIR=/etc/sftpgo diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 00000000..60972371 --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,75 @@ +FROM golang:1.15-alpine AS builder + +ENV GOFLAGS="-mod=readonly" + +RUN apk add --update --no-cache bash ca-certificates curl git gcc g++ + +RUN mkdir -p /workspace +WORKDIR /workspace + +ARG GOPROXY + +COPY go.mod go.sum ./ +RUN go mod download + +ARG COMMIT_SHA + +# This ARG allows to disable some optional features and it might be useful if you build the image yourself. +# For example you can disable S3 and GCS support like this: +# --build-arg FEATURES=nos3,nogcs +ARG FEATURES + +COPY . . + +RUN set -xe && \ + export COMMIT_SHA=${COMMIT_SHA:-$(git describe --always --dirty)} && \ + go build $(if [ -n "${FEATURES}" ]; then echo "-tags ${FEATURES}"; fi) -ldflags "-s -w -X github.com/drakkan/sftpgo/version.commit=${COMMIT_SHA} -X github.com/drakkan/sftpgo/version.date=`date -u +%FT%TZ`" -v -o sftpgo + + +FROM alpine:3.12 + +RUN apk add --update --no-cache ca-certificates tzdata bash mailcap + +SHELL ["/bin/bash", "-c"] + +# set up nsswitch.conf for Go's "netgo" implementation +# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-424546457 +RUN test ! -e /etc/nsswitch.conf && echo 'hosts: files dns' > /etc/nsswitch.conf + +RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo + +RUN addgroup -g 1000 -S sftpgo +RUN adduser -u 1000 -h /var/lib/sftpgo -s /sbin/nologin -G sftpgo -S -D -H sftpgo + +# Install some optional packages used by SFTPGo features +RUN apk add --update --no-cache rsync git + +# Override some configuration details +ENV SFTPGO_CONFIG_DIR=/etc/sftpgo +ENV SFTPGO_LOG_FILE_PATH="" +ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates +ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static + +# Sane defaults, but users should still be able to override this from env vars +ENV SFTPGO_DATA_PROVIDER__USERS_BASE_DIR=/var/lib/sftpgo/users +ENV SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials +ENV SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups +ENV SFTPGO_SFTPD__HOST_KEYS=/var/lib/sftpgo/host_keys/id_rsa,/var/lib/sftpgo/host_keys/id_ecdsa +ENV SFTPGO_HTTPD__BIND_ADDRESS="" + +COPY --from=builder /workspace/sftpgo.json /etc/sftpgo/sftpgo.json +COPY --from=builder /workspace/templates /usr/share/sftpgo/templates +COPY --from=builder /workspace/static /usr/share/sftpgo/static +COPY --from=builder /workspace/sftpgo /usr/local/bin/ + +RUN sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" /etc/sftpgo/sftpgo.json + +RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && \ + chmod 640 /etc/sftpgo/sftpgo.json && \ + chmod 750 /etc/sftpgo /var/lib/sftpgo + +USER sftpgo + +VOLUME /var/lib/sftpgo + +CMD sftpgo serve