-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
42 lines (31 loc) · 1.08 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
FROM rust:1.78-alpine3.19 as builder
ENV RUSTBACKTRACE 1
RUN \
apk update && \
apk upgrade && \
apk add --no-cache perl musl-dev make
WORKDIR /build
COPY . .
RUN \
cargo build --target=$(uname -m)-unknown-linux-musl --release && \
mv "./target/$(uname -m)-unknown-linux-musl/release/gib" /usr/bin/gib
FROM alpine:3.19
RUN \
apk update && \
apk upgrade && \
apk add --no-cache bash sed shadow setpriv git && \
rm /var/cache/apk/* && \
# Preferred shell on pipelines:
chsh -s $(which bash) && \
# Required so we can ensure that gib and bash runs with correct Linux privilege as the mounted repository:
chmod +s $(which setpriv)
# Avoid Git security since end user is explicity mounting repository:
RUN \
echo '[safe]' > /etc/gitconfig && \
echo ' directory = *' /etc/gitconfig
# Convience factor, let entrypoint script be an alias for gib to avoid privilege issues:
COPY --from=builder /usr/bin/gib /usr/bin/real-gib
COPY --from=builder /build/.docker/gib-entrypoint.sh /usr/bin/gib
WORKDIR /app
ENTRYPOINT ["gib"]
CMD [ "--help" ]