* specify user in rootless container numerically
With kubernetes' PodSecurityPolicy set to runAsNonRoot it will not allow starting the container. The error message is
```
Error: container has runAsNonRoot and image has non-numeric user (git), cannot verify user is non-root
```
The `USER` directive has to be numerical for that to work.
* mention the name of the uid/gid
Co-authored-by: 6543 <6543@obermui.de>
* Add environment-to-app.ini routine
* Call environment-to-ini in docker setup scripts
* Automatically convert section vars to lower case to match documentation
* Remove git patch instructions
* Add env variable documentation to Install Docker
* When building rootless docker image move chown&chmod to build stage
Fixes#13577
* Fix command newlines
* Move chown to COPY command
* Seems to be working also without chmod
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* docker: rootless image
* improve docs + remove check for write perm on custom
* add more info on ssh passtrough
* Add comment for internal ssh server in container config
* Dockerfile: Support socat use cases
In some contexts it is necessary to provide access to Gitea via TCP ports and unix sockets.
Gitea (`gitea web`) can be configured to listen for connections via unix-socket or TCP port, but not both.
When Gitea is installed to the host this limitation can be worked around by installing socat on the host.
When running Gitea from a container this limitation cannot be workaround.
Add socat to Gitea container.
* Removed version
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* go1.15
* update makefile xgo version
* fix vet issue
* update docs to version of go in use
* add TODO for asyncpreemptoff
Co-authored-by: Lauris BH <lauris@nix.lv>
* Create docker/manifest/base.yml
serve as base for build docker image for most platform (386,amd64,arm,arm64)
* Add make task docker-multi-arch-push-manifest
To update references of a multi-arch image on docker registry.
* Use SED_INPLACE generic sed command
* Delete Dockerfile.aarch64
Delete Dockerfile.rpi
* Use gitea/gitea-base as base
and replace deprecated MAINTAINER by LABEL (https://docs.docker.com/engine/reference/builder/#maintainer-deprecated)
* Fix rebase
* Use sapk/gitea-base as base
* Split makefile for docker
* Fix version to v3.6
Could use in later version edge of alpine official library that support multi-arch for armhf.
* Remove sapk/gitea-base and use directly new official alpine multi-arch
* Add `gettext` dependencies as we need `envsubst` command;
* Modified s6's gitea setup script, instead of `cp` the template if no
`app.ini` exist, it will substitude the envvars and generate the new
`app.ini`;
* Make `/docker/etc/templates/app.ini` a template contains environment
variables;
Signed-off-by: Tao Wang <twang2218@gmail.com>
* Make sure generated password is random
Use /dev/urandom to get a 32 char password
* Make sure generated password is random
Use /dev/urandom to generate 32 char password
* Make sure generated password is random
1. Use `apk -U --no-cache add` instead of `apk update` + `apk add` +
manually cache clean up.
2. Separate package installation and user, group setup, the combination
to reduce a docker image layer didn't bring benefits here, only makes
Dockerfiles more complex.
* Added stupid docker task to makefile
* Dropped unknown option PrintLastLog from docker ssh config
* OpenSSH should log to docker stdout
* Set random pw for docker git user, otherwise it is locked
* Stop using templates and public within docker